def test_should_sign_in_when_password_reset_is_successful_for_email_auth(
app_, client, mock_get_user,
mock_get_user_by_email_request_password_reset, mock_login,
mock_send_verify_code, mock_reset_failed_login_count,
mock_update_user_password):
user = mock_get_user_by_email_request_password_reset.return_value
user['auth_type'] = 'email_auth'
data = json.dumps({
'email': user['email_address'],
'created_at': str(datetime.utcnow())
})
token = generate_token(data, app_.config['SECRET_KEY'],
app_.config['DANGEROUS_SALT'])
response = client.post(url_for_endpoint_with_token('.new_password',
token=token),
data={'new_password': '******'})
assert response.status_code == 302
assert response.location == url_for('.show_accounts_or_dashboard',
_external=True)
assert mock_get_user_by_email_request_password_reset.called
assert mock_reset_failed_login_count.called
# the log-in flow makes a couple of calls
mock_get_user.assert_called_once_with(user['id'])
mock_update_user_password.assert_called_once_with(user['id'],
'a-new_password')
assert not mock_send_verify_code.called
def test_two_factor_email_link_used_when_user_already_logged_in(
logged_in_client, valid_token):
response = logged_in_client.get(
url_for_endpoint_with_token('main.two_factor_email',
token=valid_token))
assert response.status_code == 302
assert response.location == url_for('main.show_accounts_or_dashboard',
_external=True)
def test_should_return_404_when_email_address_does_not_exist(
app_,
client,
mock_get_user_by_email_not_found,
):
data = json.dumps({'email': '*****@*****.**', 'created_at': str(datetime.utcnow())})
token = generate_token(data, app_.config['SECRET_KEY'], app_.config['DANGEROUS_SALT'])
response = client.get(url_for_endpoint_with_token('.new_password', token=token))
assert response.status_code == 404
def test_should_redirect_to_forgot_password_with_flash_message_when_token_is_expired(
app_, client, mock_login, mocker):
mocker.patch('app.main.views.new_password.check_token',
side_effect=SignatureExpired('expired'))
token = generate_token('*****@*****.**', app_.config['SECRET_KEY'],
app_.config['DANGEROUS_SALT'])
response = client.get(
url_for_endpoint_with_token('.new_password', token=token))
assert response.status_code == 302
assert response.location == url_for('.forgot_password', _external=True)
def test_valid_two_factor_email_link_logs_in_user(
client, valid_token, mock_get_user, mock_get_services_with_one_service,
mocker, mock_create_event, mock_get_security_keys,
mock_get_login_events):
mocker.patch('app.user_api_client.check_verify_code',
return_value=(True, ''))
response = client.get(
url_for_endpoint_with_token('main.two_factor_email',
token=valid_token), )
assert response.status_code == 302
assert response.location == url_for('main.show_accounts_or_dashboard',
_external=True)
def test_two_factor_email_link_is_already_used(client, valid_token, mocker,
mock_send_verify_code):
mocker.patch('app.user_api_client.check_verify_code',
return_value=(False, 'Code has expired'))
response = client.get(url_for_endpoint_with_token('main.two_factor_email',
token=valid_token),
follow_redirects=True)
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
assert response.status_code == 200
assert page.h1.text.strip() == 'The link has expired'
mock_send_verify_code.assert_not_called
def test_should_redirect_to_forgot_password_with_flash_message_when_token_is_expired(
app_, client, mock_login, mocker):
mocker.patch(
"app.main.views.new_password.check_token",
side_effect=SignatureExpired("expired"),
)
token = generate_token("*****@*****.**", app_.config["SECRET_KEY"],
app_.config["DANGEROUS_SALT"])
response = client.get(
url_for_endpoint_with_token(".new_password", token=token))
assert response.status_code == 302
assert response.location == url_for(".forgot_password", _external=True)
def test_should_redirect_to_user_profile_when_user_confirms_email_link(
app_,
logged_in_client,
api_user_active,
mock_update_user_attribute,
):
token = generate_token(payload=json.dumps({'user_id': api_user_active['id'], 'email': '*****@*****.**'}),
secret=app_.config['SECRET_KEY'], salt=app_.config['DANGEROUS_SALT'])
response = logged_in_client.get(url_for_endpoint_with_token('main.user_profile_email_confirm',
token=token))
assert response.status_code == 302
assert response.location == url_for('main.user_profile', _external=True)
def test_two_factor_email_link_has_expired(app_, valid_token, client,
mock_send_verify_code, fake_uuid):
with set_config(app_, 'EMAIL_2FA_EXPIRY_SECONDS', -1):
response = client.get(
url_for_endpoint_with_token('main.two_factor_email',
token=valid_token),
follow_redirects=True,
)
assert response.status_code == 200
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
assert page.h1.text.strip() == 'The link has expired'
mock_send_verify_code.assert_not_called
def test_should_render_new_password_template(
app_,
client,
api_user_active,
mock_login,
mock_send_verify_code,
mock_get_user_by_email_request_password_reset,
):
data = json.dumps({'email': api_user_active['email_address'], 'created_at': str(datetime.utcnow())})
token = generate_token(data, app_.config['SECRET_KEY'],
app_.config['DANGEROUS_SALT'])
response = client.get(url_for_endpoint_with_token('.new_password', token=token))
assert response.status_code == 200
assert 'You can now create a new password for your account.' in response.get_data(as_text=True)
def test_should_redirect_index_if_user_has_already_changed_password(
app_,
client,
mock_get_user_by_email_user_changed_password,
mock_login,
mock_send_verify_code,
mock_reset_failed_login_count
):
user = mock_get_user_by_email_user_changed_password.return_value
data = json.dumps({'email': user['email_address'], 'created_at': str(datetime.utcnow())})
token = generate_token(data, app_.config['SECRET_KEY'], app_.config['DANGEROUS_SALT'])
response = client.post(url_for_endpoint_with_token('.new_password', token=token),
data={'new_password': '******'})
assert response.status_code == 302
assert response.location == url_for('.index', _external=True)
mock_get_user_by_email_user_changed_password.assert_called_once_with(user['email_address'])
def test_should_redirect_to_two_factor_when_password_reset_is_successful(
app_, client, mock_get_user_by_email_request_password_reset,
mock_login, mock_send_verify_code, mock_reset_failed_login_count):
user = mock_get_user_by_email_request_password_reset.return_value
data = json.dumps({
'email': user.email_address,
'created_at': str(datetime.utcnow())
})
token = generate_token(data, app_.config['SECRET_KEY'],
app_.config['DANGEROUS_SALT'])
response = client.post(url_for_endpoint_with_token('.new_password',
token=token),
data={'new_password': '******'})
assert response.status_code == 302
assert response.location == url_for('.two_factor', _external=True)
mock_get_user_by_email_request_password_reset.assert_called_once_with(
user.email_address)
def test_two_factor_email_link_is_already_used(client, valid_token, mocker,
mock_send_verify_code,
redirect_url):
mocker.patch('app.user_api_client.check_verify_code',
return_value=(False, 'Code has expired'))
response = client.post(url_for_endpoint_with_token('main.two_factor_email',
token=valid_token,
next=redirect_url),
follow_redirects=True)
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
assert response.status_code == 200
assert page.h1.text.strip() == 'The link has expired'
assert page.select_one('a:contains("Sign in again")')['href'] == url_for(
'main.sign_in', next=redirect_url)
assert mock_send_verify_code.called is False
def test_two_factor_email_link_has_expired(app_, valid_token, client,
mock_send_verify_code, fake_uuid,
redirect_url):
with set_config(app_, 'EMAIL_2FA_EXPIRY_SECONDS', -1):
response = client.post(
url_for_endpoint_with_token('main.two_factor_email',
token=valid_token,
next=redirect_url),
follow_redirects=True,
)
assert response.status_code == 200
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
assert page.h1.text.strip() == 'The link has expired'
assert page.select_one('a:contains("Sign in again")')['href'] == url_for(
'main.sign_in', next=redirect_url)
assert mock_send_verify_code.called is False
def test_should_render_new_password_template(
app_,
client,
api_user_active,
mock_login,
mock_send_verify_code,
mock_get_user_by_email_request_password_reset,
):
data = json.dumps({
"email": api_user_active["email_address"],
"created_at": str(datetime.utcnow()),
})
token = generate_token(data, app_.config["SECRET_KEY"],
app_.config["DANGEROUS_SALT"])
response = client.get(
url_for_endpoint_with_token(".new_password", token=token))
assert response.status_code == 200
assert "You can now create a new password for your account." in response.get_data(
as_text=True)
def test_should_redirect_to_user_profile_when_user_confirms_email_link(
app_,
logged_in_client,
api_user_active,
mock_update_user_attribute,
):
token = generate_token(
payload=json.dumps({
"user_id": api_user_active["id"],
"email": "*****@*****.**"
}),
secret=app_.config["SECRET_KEY"],
salt=app_.config["DANGEROUS_SALT"],
)
response = logged_in_client.get(
url_for_endpoint_with_token("main.user_profile_email_confirm",
token=token))
assert response.status_code == 302
assert response.location == url_for("main.user_profile", _external=True)
def test_should_redirect_index_if_user_has_already_changed_password(
app_,
client,
mock_get_user_by_email_user_changed_password,
mock_login,
mock_send_verify_code,
mock_reset_failed_login_count,
):
user = mock_get_user_by_email_user_changed_password.return_value
data = json.dumps({
"email": user["email_address"],
"created_at": str(datetime.utcnow())
})
token = generate_token(data, app_.config["SECRET_KEY"],
app_.config["DANGEROUS_SALT"])
response = client.post(
url_for_endpoint_with_token(".new_password", token=token),
data={"new_password": "******"},
)
assert response.status_code == 302
assert response.location == url_for(".index", _external=True)
mock_get_user_by_email_user_changed_password.assert_called_once_with(
user["email_address"])
def test_should_sign_in_when_password_reset_is_successful_for_email_auth(
app_,
client,
mock_get_user,
mock_get_user_by_email_request_password_reset,
mock_login,
mock_send_verify_code,
mock_reset_failed_login_count,
mock_update_user_password,
mock_get_login_events,
):
user = mock_get_user_by_email_request_password_reset.return_value
user["auth_type"] = "email_auth"
data = json.dumps({
"email": user["email_address"],
"created_at": str(datetime.utcnow())
})
token = generate_token(data, app_.config["SECRET_KEY"],
app_.config["DANGEROUS_SALT"])
response = client.post(
url_for_endpoint_with_token(".new_password", token=token),
data={"new_password": "******"},
)
assert response.status_code == 302
assert response.location == url_for(".show_accounts_or_dashboard",
_external=True)
assert mock_get_user_by_email_request_password_reset.called
assert mock_reset_failed_login_count.called
# the log-in flow makes a couple of calls
mock_get_user.assert_called_once_with(user["id"])
mock_update_user_password.assert_called_once_with(user["id"],
"a-new_password")
assert not mock_send_verify_code.called
def test_two_factor_email_link_used_when_user_already_logged_in(
logged_in_client, valid_token, mock_get_login_events_with_data):
response = logged_in_client.get(
url_for_endpoint_with_token('main.two_factor_email',
token=valid_token))
assert response.status_code == 200
