Ejemplo n.º 1
0
    def test_password_reset_already_reset(self):
        user = add_user('justatest3', '*****@*****.**', 'password')
        token = user.encode_password_token()

        user = set_user_token_hash(user, token)

        with self.client:
            response = self.client.put(
                '/v1/auth/password',
                data=json.dumps(dict(token=token, password='******')),
                content_type='application/json',
                headers=[('Accept', 'application/json')])
            data = json.loads(response.data.decode())
            self.assertEqual(data['status'], 'success')
            self.assertEqual(data['message'], 'Successfully reset password.')
            self.assertEqual(response.status_code, 200)

        user_password_before = user.password

        with self.client:
            response = self.client.put(
                '/v1/auth/password',
                data=json.dumps(dict(token=token, password='******')),
                content_type='application/json',
                headers=[('Accept', 'application/json')])
            data = json.loads(response.data.decode())
            self.assertEqual(data['status'], 'error')
            self.assertEqual(data['message'],
                             'Invalid reset. Please try again.')
            self.assertEqual(response.status_code, 404)
            #  check db password has not changed
            self.assertEqual(user_password_before, user.password)
    def test_auth_password_reset(self):
        """Ensure password reset works"""
        user = add_user()
        password = user.password
        token = user.encode_password_token().decode()
        set_user_token_hash(user, token)

        new_password = self.data_generator.password()

        with self.client:
            response = self.client.put(
                f'/{self.version}/auth/password_reset',
                data=json.dumps(dict(
                    token=token,
                    password=new_password
                )),
                content_type='application/json',
                headers=[('Accept', 'application/json')]
            )
            data = json.loads(response.data.decode())
            self.assertEqual(data['message'], 'Successfully reset password.')
            self.assertEqual(response.status_code, 200)
            #  check db password have really changed
            self.assertNotEqual(password, user.password)
Ejemplo n.º 3
0
    def test_password_reset_expired(self):
        user = add_user('justatest3', '*****@*****.**', 'password')
        token = user.encode_password_token()
        user = set_user_token_hash(user, token)
        user_password_before = user.password
        time.sleep(3)

        with self.client:
            response = self.client.put(
                '/v1/auth/password',
                data=json.dumps(dict(token=token, password='******')),
                content_type='application/json',
                headers=[('Accept', 'application/json')])
            data = json.loads(response.data.decode())
            self.assertEqual(data['status'], 'error')
            self.assertEqual(
                data['message'],
                'Password recovery token expired. Please try again.')
            self.assertEqual(response.status_code, 400)
            #  check db password has not changed
            self.assertEqual(user_password_before, user.password)
    def test_auth_password_reset_token_used(self):
        """Ensure password reset with already used token does not work"""
        user = add_user()
        token = user.encode_password_token().decode()

        user = set_user_token_hash(user, token)

        with self.client:
            response = self.client.put(
                f'/{self.version}/auth/password_reset',
                data=json.dumps(dict(
                    token=token,
                    password=self.data_generator.password()
                )),
                content_type='application/json',
                headers=[('Accept', 'application/json')]
            )
            data = json.loads(response.data.decode())
            self.assertEqual(data['message'], 'Successfully reset password.')
            self.assertEqual(response.status_code, 200)

        user_password_before = user.password

        with self.client:
            response = self.client.put(
                f'/{self.version}/auth/password_reset',
                data=json.dumps(dict(
                    token=token,
                    password=self.data_generator.password()
                )),
                content_type='application/json',
                headers=[('Accept', 'application/json')]
            )
            data = json.loads(response.data.decode())
            self.assertEqual(data['message'], 'Invalid password reset token. Please try again.')
            self.assertEqual(response.status_code, 400)
            #  check db password has not changed
            self.assertEqual(user_password_before, user.password)