def test_func__reset_password__ok__nominal_case(self):
uapi = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
current_user = uapi.get_one_by_email('*****@*****.**')
uapi.reset_password_notification(current_user, do_save=True)
transaction.commit()
# Send mail async from redis queue
redis = get_redis_connection(self.app_config)
queue = get_rq_queue(
redis,
'mail_sender',
)
worker = SimpleWorker([queue], connection=queue.connection)
worker.work(burst=True)
# check mail received
response = requests.get('http://127.0.0.1:8025/api/v1/messages')
response = response.json()
headers = response[0]['Content']['Headers']
assert headers['From'][
0] == 'Tracim Notifications <test_user_from+0@localhost>' # nopep8
assert headers['To'][0] == 'Global manager <*****@*****.**>'
assert headers['Subject'][0] == '[TRACIM] Reset Password Request'
def test_func__reset_password__ok__nominal_case(self):
uapi = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
current_user = uapi.get_one_by_email('*****@*****.**')
uapi.reset_password_notification(current_user, do_save=True)
transaction.commit()
# Send mail async from redis queue
redis = get_redis_connection(
self.app_config
)
queue = get_rq_queue(
redis,
'mail_sender',
)
worker = SimpleWorker([queue], connection=queue.connection)
worker.work(burst=True)
# check mail received
response = self.get_mailhog_mails()
headers = response[0]['Content']['Headers']
assert headers['From'][0] == 'Tracim Notifications <test_user_from+0@localhost>' # nopep8
assert headers['To'][0] == 'Global manager <*****@*****.**>'
assert headers['Subject'][0] == '[TRACIM] A password reset has been requested'
def reset_password_request(self,
context,
request: TracimRequest,
hapic_data=None):
"""
Send a request to reset password. This will result in a new email sent to the user
with a token to be used for password reset operation.
"""
app_config = request.registry.settings["CFG"] # type: CFG
uapi = UserApi(None, session=request.dbsession, config=app_config)
user = uapi.get_one_by_email(hapic_data.body.email)
uapi.reset_password_notification(user, do_save=True)
return
def reset_password_request(self, context, request: TracimRequest, hapic_data=None): # nopep8
"""
Send a request to reset password. This will result in a new email sent to the user
with a token to be used for password reset operation.
"""
app_config = request.registry.settings['CFG']
uapi = UserApi(
None,
session=request.dbsession,
config=app_config,
)
user = uapi.get_one_by_email(hapic_data.body.email)
uapi.reset_password_notification(user, do_save=True)
return
def test_func__reset_password__ok__nominal_case(self):
uapi = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
current_user = uapi.get_one_by_email('*****@*****.**')
uapi.reset_password_notification(current_user, do_save=True)
transaction.commit()
# check mail received
response = self.get_mailhog_mails()
headers = response[0]['Content']['Headers']
assert headers['From'][0] == 'Tracim Notifications <test_user_from+0@localhost>' # nopep8
assert headers['To'][0] == 'Global manager <*****@*****.**>'
assert headers['Subject'][0] == '[TRACIM] A password reset has been requested'
def test_api__reset_password_reset__err_400__password_does_not_match(self):
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User) \
.filter(User.email == '*****@*****.**') \
.one()
uapi = UserApi(
current_user=admin,
session=dbsession,
config=self.app_config,
)
reset_password_token = uapi.reset_password_notification(admin, do_save=True) # nopep8
transaction.commit()
params = {
'email': '*****@*****.**',
'reset_password_token': reset_password_token,
'new_password': '******',
'new_password2': 'anotherpassword',
}
res = self.testapp.post_json(
'/api/v2/auth/password/reset/modify',
status=400,
params=params,
)
assert isinstance(res.json, dict)
assert 'code' in res.json.keys()
assert res.json_body['code'] == error.PASSWORD_DO_NOT_MATCH
def test_api__reset_password_reset__err_400__expired_token(self):
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User) \
.filter(User.email == '*****@*****.**') \
.one()
uapi = UserApi(
current_user=admin,
session=dbsession,
config=self.app_config,
)
with freeze_time("1999-12-31 23:59:59"):
reset_password_token = uapi.reset_password_notification(
admin,
do_save=True
)
params = {
'email': '*****@*****.**',
'reset_password_token': reset_password_token,
'new_password': '******',
'new_password2': 'mynewpassword',
}
transaction.commit()
with freeze_time("2000-01-01 00:00:05"):
res = self.testapp.post_json(
'/api/v2/auth/password/reset/modify',
status=400,
params=params,
)
assert isinstance(res.json, dict)
assert 'code' in res.json.keys()
assert res.json_body['code'] == error.EXPIRED_RESET_PASSWORD_TOKEN # nopep8
def test_api__reset_password_reset__ok_204__nominal_case(self):
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User) \
.filter(User.email == '*****@*****.**') \
.one()
uapi = UserApi(
current_user=admin,
session=dbsession,
config=self.app_config,
)
reset_password_token = uapi.reset_password_notification(admin, do_save=True) # nopep8
transaction.commit()
params = {
'email': '*****@*****.**',
'reset_password_token': reset_password_token,
'new_password': '******',
'new_password2': 'mynewpassword',
}
self.testapp.post_json(
'/api/v2/auth/password/reset/modify',
status=204,
params=params,
)
# check if password is correctly setted
self.testapp.authorization = (
'Basic',
(
'*****@*****.**',
'mynewpassword'
)
)
self.testapp.get(
'/api/v2/auth/whoami',
status=200,
)
def test_api__reset_password_reset__err_400__expired_token(self):
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User).filter(
User.email == "*****@*****.**").one()
uapi = UserApi(current_user=admin,
session=dbsession,
config=self.app_config)
with freeze_time("1999-12-31 23:59:59"):
reset_password_token = uapi.reset_password_notification(
admin, do_save=True)
params = {
"email": "*****@*****.**",
"reset_password_token": reset_password_token,
"new_password": "******",
"new_password2": "mynewpassword",
}
transaction.commit()
with freeze_time("2000-01-01 00:00:05"):
res = self.testapp.post_json("/api/v2/auth/password/reset/modify",
status=400,
params=params)
assert isinstance(res.json, dict)
assert "code" in res.json.keys()
assert res.json_body[
"code"] == ErrorCode.EXPIRED_RESET_PASSWORD_TOKEN
def test_func__reset_password__ok__nominal_case(self):
uapi = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
current_user = uapi.get_one_by_email('*****@*****.**')
uapi.reset_password_notification(current_user, do_save=True)
transaction.commit()
# check mail received
response = self.get_mailhog_mails()
headers = response[0]['Content']['Headers']
assert headers['From'][
0] == 'Tracim Notifications <test_user_from+0@localhost>' # nopep8
assert headers['To'][0] == 'Global manager <*****@*****.**>'
assert headers['Subject'][
0] == '[TRACIM] A password reset has been requested'
def test_api__reset_password_check_token__ok_204__unknown_auth(self):
# create new user without auth (default is unknown)
self.testapp.authorization = (
'Basic',
(
'*****@*****.**',
'*****@*****.**'
)
)
params = {
'email': '*****@*****.**',
'password': '******',
'profile': 'users',
'timezone': 'Europe/Paris',
'lang': 'fr',
'public_name': 'test user',
'email_notification': False,
}
res = self.testapp.post_json(
'/api/v2/users',
status=200,
params=params,
)
res = res.json_body
assert res['user_id']
user_id = res['user_id']
# make a check of token
self.testapp.authorization = None
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User) \
.filter(User.email == '*****@*****.**') \
.one()
uapi = UserApi(
current_user=admin,
session=dbsession,
config=self.app_config,
)
user = uapi.get_one_by_email('*****@*****.**')
reset_password_token = uapi.reset_password_notification(user, do_save=True) # nopep8
transaction.commit()
params = {
'email': '*****@*****.**',
'reset_password_token': reset_password_token
}
self.testapp.post_json(
'/api/v2/auth/password/reset/token/check',
status=204,
params=params,
)
def test_api__reset_password_check_token__ok_204__nominal_case(self):
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User).filter(
User.email == "*****@*****.**").one()
uapi = UserApi(current_user=admin,
session=dbsession,
config=self.app_config)
reset_password_token = uapi.reset_password_notification(admin,
do_save=True)
transaction.commit()
params = {
"email": "*****@*****.**",
"reset_password_token": reset_password_token
}
self.testapp.post_json("/api/v2/auth/password/reset/token/check",
status=204,
params=params)
def test_api__reset_password_reset__ok_204__unknown_auth(self):
# create new user without auth (default is unknown)
self.testapp.authorization = ("Basic", ("*****@*****.**",
"*****@*****.**"))
params = {
"email": "*****@*****.**",
"password": "******",
"profile": "users",
"timezone": "Europe/Paris",
"lang": "fr",
"public_name": "test user",
"email_notification": False,
}
res = self.testapp.post_json("/api/v2/users",
status=200,
params=params)
res = res.json_body
assert res["user_id"]
# make a check of token
self.testapp.authorization = None
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User).filter(
User.email == "*****@*****.**").one()
uapi = UserApi(current_user=admin,
session=dbsession,
config=self.app_config)
user = uapi.get_one_by_email("*****@*****.**")
reset_password_token = uapi.reset_password_notification(user,
do_save=True)
transaction.commit()
params = {
"email": "*****@*****.**",
"reset_password_token": reset_password_token,
"new_password": "******",
"new_password2": "mynewpassword",
}
self.testapp.post_json("/api/v2/auth/password/reset/modify",
status=204,
params=params)
# check if password is correctly setted
self.testapp.authorization = ("Basic", ("*****@*****.**",
"mynewpassword"))
self.testapp.get("/api/v2/auth/whoami", status=200)
def test_api__reset_password_check_token__ok_204__nominal_case(self):
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User) \
.filter(User.email == '*****@*****.**') \
.one()
uapi = UserApi(
current_user=admin,
session=dbsession,
config=self.app_config,
)
reset_password_token = uapi.reset_password_notification(admin, do_save=True) # nopep8
transaction.commit()
params = {
'email': '*****@*****.**',
'reset_password_token': reset_password_token
}
self.testapp.post_json(
'/api/v2/auth/password/reset/token/check',
status=204,
params=params,
)
def test_api__reset_password_reset__err_400__password_does_not_match(self):
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User).filter(
User.email == "*****@*****.**").one()
uapi = UserApi(current_user=admin,
session=dbsession,
config=self.app_config)
reset_password_token = uapi.reset_password_notification(admin,
do_save=True)
transaction.commit()
params = {
"email": "*****@*****.**",
"reset_password_token": reset_password_token,
"new_password": "******",
"new_password2": "anotherpassword",
}
res = self.testapp.post_json("/api/v2/auth/password/reset/modify",
status=400,
params=params)
assert isinstance(res.json, dict)
assert "code" in res.json.keys()
assert res.json_body["code"] == ErrorCode.PASSWORD_DO_NOT_MATCH
def test_api__reset_password_reset__ok_204__nominal_case(self):
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User).filter(
User.email == "*****@*****.**").one()
uapi = UserApi(current_user=admin,
session=dbsession,
config=self.app_config)
reset_password_token = uapi.reset_password_notification(admin,
do_save=True)
transaction.commit()
params = {
"email": "*****@*****.**",
"reset_password_token": reset_password_token,
"new_password": "******",
"new_password2": "mynewpassword",
}
self.testapp.post_json("/api/v2/auth/password/reset/modify",
status=204,
params=params)
# check if password is correctly setted
self.testapp.authorization = ("Basic", ("*****@*****.**",
"mynewpassword"))
self.testapp.get("/api/v2/auth/whoami", status=200)
