def test_func__reset_password__ok__nominal_case(self): uapi = UserApi( current_user=None, session=self.session, config=self.app_config, ) current_user = uapi.get_one_by_email('*****@*****.**') uapi.reset_password_notification(current_user, do_save=True) transaction.commit() # Send mail async from redis queue redis = get_redis_connection(self.app_config) queue = get_rq_queue( redis, 'mail_sender', ) worker = SimpleWorker([queue], connection=queue.connection) worker.work(burst=True) # check mail received response = requests.get('http://127.0.0.1:8025/api/v1/messages') response = response.json() headers = response[0]['Content']['Headers'] assert headers['From'][ 0] == 'Tracim Notifications <test_user_from+0@localhost>' # nopep8 assert headers['To'][0] == 'Global manager <*****@*****.**>' assert headers['Subject'][0] == '[TRACIM] Reset Password Request'
def test_func__reset_password__ok__nominal_case(self): uapi = UserApi( current_user=None, session=self.session, config=self.app_config, ) current_user = uapi.get_one_by_email('*****@*****.**') uapi.reset_password_notification(current_user, do_save=True) transaction.commit() # Send mail async from redis queue redis = get_redis_connection( self.app_config ) queue = get_rq_queue( redis, 'mail_sender', ) worker = SimpleWorker([queue], connection=queue.connection) worker.work(burst=True) # check mail received response = self.get_mailhog_mails() headers = response[0]['Content']['Headers'] assert headers['From'][0] == 'Tracim Notifications <test_user_from+0@localhost>' # nopep8 assert headers['To'][0] == 'Global manager <*****@*****.**>' assert headers['Subject'][0] == '[TRACIM] A password reset has been requested'
def reset_password_request(self, context, request: TracimRequest, hapic_data=None): """ Send a request to reset password. This will result in a new email sent to the user with a token to be used for password reset operation. """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi(None, session=request.dbsession, config=app_config) user = uapi.get_one_by_email(hapic_data.body.email) uapi.reset_password_notification(user, do_save=True) return
def reset_password_request(self, context, request: TracimRequest, hapic_data=None): # nopep8 """ Send a request to reset password. This will result in a new email sent to the user with a token to be used for password reset operation. """ app_config = request.registry.settings['CFG'] uapi = UserApi( None, session=request.dbsession, config=app_config, ) user = uapi.get_one_by_email(hapic_data.body.email) uapi.reset_password_notification(user, do_save=True) return
def test_func__reset_password__ok__nominal_case(self): uapi = UserApi( current_user=None, session=self.session, config=self.app_config, ) current_user = uapi.get_one_by_email('*****@*****.**') uapi.reset_password_notification(current_user, do_save=True) transaction.commit() # check mail received response = self.get_mailhog_mails() headers = response[0]['Content']['Headers'] assert headers['From'][0] == 'Tracim Notifications <test_user_from+0@localhost>' # nopep8 assert headers['To'][0] == 'Global manager <*****@*****.**>' assert headers['Subject'][0] == '[TRACIM] A password reset has been requested'
def test_api__reset_password_reset__err_400__password_does_not_match(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) reset_password_token = uapi.reset_password_notification(admin, do_save=True) # nopep8 transaction.commit() params = { 'email': '*****@*****.**', 'reset_password_token': reset_password_token, 'new_password': '******', 'new_password2': 'anotherpassword', } res = self.testapp.post_json( '/api/v2/auth/password/reset/modify', status=400, params=params, ) assert isinstance(res.json, dict) assert 'code' in res.json.keys() assert res.json_body['code'] == error.PASSWORD_DO_NOT_MATCH
def test_api__reset_password_reset__err_400__expired_token(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) with freeze_time("1999-12-31 23:59:59"): reset_password_token = uapi.reset_password_notification( admin, do_save=True ) params = { 'email': '*****@*****.**', 'reset_password_token': reset_password_token, 'new_password': '******', 'new_password2': 'mynewpassword', } transaction.commit() with freeze_time("2000-01-01 00:00:05"): res = self.testapp.post_json( '/api/v2/auth/password/reset/modify', status=400, params=params, ) assert isinstance(res.json, dict) assert 'code' in res.json.keys() assert res.json_body['code'] == error.EXPIRED_RESET_PASSWORD_TOKEN # nopep8
def test_api__reset_password_reset__ok_204__nominal_case(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) reset_password_token = uapi.reset_password_notification(admin, do_save=True) # nopep8 transaction.commit() params = { 'email': '*****@*****.**', 'reset_password_token': reset_password_token, 'new_password': '******', 'new_password2': 'mynewpassword', } self.testapp.post_json( '/api/v2/auth/password/reset/modify', status=204, params=params, ) # check if password is correctly setted self.testapp.authorization = ( 'Basic', ( '*****@*****.**', 'mynewpassword' ) ) self.testapp.get( '/api/v2/auth/whoami', status=200, )
def test_api__reset_password_reset__err_400__expired_token(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter( User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) with freeze_time("1999-12-31 23:59:59"): reset_password_token = uapi.reset_password_notification( admin, do_save=True) params = { "email": "*****@*****.**", "reset_password_token": reset_password_token, "new_password": "******", "new_password2": "mynewpassword", } transaction.commit() with freeze_time("2000-01-01 00:00:05"): res = self.testapp.post_json("/api/v2/auth/password/reset/modify", status=400, params=params) assert isinstance(res.json, dict) assert "code" in res.json.keys() assert res.json_body[ "code"] == ErrorCode.EXPIRED_RESET_PASSWORD_TOKEN
def test_func__reset_password__ok__nominal_case(self): uapi = UserApi( current_user=None, session=self.session, config=self.app_config, ) current_user = uapi.get_one_by_email('*****@*****.**') uapi.reset_password_notification(current_user, do_save=True) transaction.commit() # check mail received response = self.get_mailhog_mails() headers = response[0]['Content']['Headers'] assert headers['From'][ 0] == 'Tracim Notifications <test_user_from+0@localhost>' # nopep8 assert headers['To'][0] == 'Global manager <*****@*****.**>' assert headers['Subject'][ 0] == '[TRACIM] A password reset has been requested'
def test_api__reset_password_check_token__ok_204__unknown_auth(self): # create new user without auth (default is unknown) self.testapp.authorization = ( 'Basic', ( '*****@*****.**', '*****@*****.**' ) ) params = { 'email': '*****@*****.**', 'password': '******', 'profile': 'users', 'timezone': 'Europe/Paris', 'lang': 'fr', 'public_name': 'test user', 'email_notification': False, } res = self.testapp.post_json( '/api/v2/users', status=200, params=params, ) res = res.json_body assert res['user_id'] user_id = res['user_id'] # make a check of token self.testapp.authorization = None dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) user = uapi.get_one_by_email('*****@*****.**') reset_password_token = uapi.reset_password_notification(user, do_save=True) # nopep8 transaction.commit() params = { 'email': '*****@*****.**', 'reset_password_token': reset_password_token } self.testapp.post_json( '/api/v2/auth/password/reset/token/check', status=204, params=params, )
def test_api__reset_password_check_token__ok_204__nominal_case(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter( User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) reset_password_token = uapi.reset_password_notification(admin, do_save=True) transaction.commit() params = { "email": "*****@*****.**", "reset_password_token": reset_password_token } self.testapp.post_json("/api/v2/auth/password/reset/token/check", status=204, params=params)
def test_api__reset_password_reset__ok_204__unknown_auth(self): # create new user without auth (default is unknown) self.testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**")) params = { "email": "*****@*****.**", "password": "******", "profile": "users", "timezone": "Europe/Paris", "lang": "fr", "public_name": "test user", "email_notification": False, } res = self.testapp.post_json("/api/v2/users", status=200, params=params) res = res.json_body assert res["user_id"] # make a check of token self.testapp.authorization = None dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter( User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) user = uapi.get_one_by_email("*****@*****.**") reset_password_token = uapi.reset_password_notification(user, do_save=True) transaction.commit() params = { "email": "*****@*****.**", "reset_password_token": reset_password_token, "new_password": "******", "new_password2": "mynewpassword", } self.testapp.post_json("/api/v2/auth/password/reset/modify", status=204, params=params) # check if password is correctly setted self.testapp.authorization = ("Basic", ("*****@*****.**", "mynewpassword")) self.testapp.get("/api/v2/auth/whoami", status=200)
def test_api__reset_password_check_token__ok_204__nominal_case(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) reset_password_token = uapi.reset_password_notification(admin, do_save=True) # nopep8 transaction.commit() params = { 'email': '*****@*****.**', 'reset_password_token': reset_password_token } self.testapp.post_json( '/api/v2/auth/password/reset/token/check', status=204, params=params, )
def test_api__reset_password_reset__err_400__password_does_not_match(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter( User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) reset_password_token = uapi.reset_password_notification(admin, do_save=True) transaction.commit() params = { "email": "*****@*****.**", "reset_password_token": reset_password_token, "new_password": "******", "new_password2": "anotherpassword", } res = self.testapp.post_json("/api/v2/auth/password/reset/modify", status=400, params=params) assert isinstance(res.json, dict) assert "code" in res.json.keys() assert res.json_body["code"] == ErrorCode.PASSWORD_DO_NOT_MATCH
def test_api__reset_password_reset__ok_204__nominal_case(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter( User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) reset_password_token = uapi.reset_password_notification(admin, do_save=True) transaction.commit() params = { "email": "*****@*****.**", "reset_password_token": reset_password_token, "new_password": "******", "new_password2": "mynewpassword", } self.testapp.post_json("/api/v2/auth/password/reset/modify", status=204, params=params) # check if password is correctly setted self.testapp.authorization = ("Basic", ("*****@*****.**", "mynewpassword")) self.testapp.get("/api/v2/auth/whoami", status=200)