def test_user_cannot_change_password_with_wrong_old_password(
self, mock_object):
mock_object.return_value = {}
self._user.is_active = True
self._user.save()
# this should perform login
res_login = self.client.post(self._url_login, data=self._data)
token = res_login.data['token']
data = {
"old_password": faker.password(),
"new_password": faker.password(),
}
# this should perform change password
self.client.credentials(HTTP_AUTHORIZATION='{0:s} {1:s}'.format(
api_settings.JWT_AUTH_HEADER_PREFIX, token))
change_password_response = self.client.post(
self._url_change_password,
data=data,
)
self.assertEqual(change_password_response.status_code, 400)
def test_user_login_wrong_password(self):
data = {
'username': self._username,
'password': faker.password()
}
res = self.client.post(self._url_login, data=data)
self.assertEqual(res.status_code, status.HTTP_400_BAD_REQUEST)
def test_active_user_can_change_password_with_valid_token(
self, mock1, mock2):
mock1.return_value = {}
self._user.is_active = True
self._user.save()
# this should perform login
login_response = self.client.post(self._url_login, data=self._data)
token = login_response.data['token']
data = {
"old_password": self._password,
"new_password": faker.password(),
}
# this should perform change password
self.client.credentials(HTTP_AUTHORIZATION='{0:s} {1:s}'.format(
api_settings.JWT_AUTH_HEADER_PREFIX, token))
change_password_response = self.client.post(
self._url_change_password,
data=data,
)
self.assertTrue(mock2.called)
self.assertEqual(change_password_response.status_code, 202)
def setUp(self):
self._password = faker.password()
self._user = BaseUserFactory()
self._user.set_password(self._password)
self._user.is_active = True
self._user.save()
self._init_secret_key = self._user.secret_key
def setUp(self):
self._username = faker.user_name()
self._password = faker.password()
self._user = BaseUserFactory(username=self._username)
self._user.set_password(self._password)
self._user.is_active = True
self._user.save()
self._url_login = reverse('api:auth:login')
def test_user_cannot_change_password_if_account_is_inactive(self):
self._user.is_active = False
self._user.save()
with self.assertRaises(ValidationError):
change_user_password(user=self._user,
old_password=self._password,
new_password=faker.password())
def setUp(self):
self._username = faker.user_name()
self._password = faker.password()
self._user = BaseUserFactory(username=self._username)
self._user.set_password(self._password)
self._user.is_active = True
self._user.save()
self._url_login = reverse('api:auth:login')
self._url_logout = reverse('api:auth:logout')
self._url_change_password = reverse('api:auth:change-password')
self._data = {'username': self._username, 'password': self._password}
def setUp(self):
self._username = faker.user_name()
self._password = faker.password()
self._user = BaseUserFactory(username=self._username)
self._user.set_password(self._password)
self._user.is_active = True
self._user.save()
self._init_secret_key = self._user.secret_key
self._url_login = reverse('api:auth:login')
self._url_logout = reverse('api:auth:logout')
self._url_user_detail_url = reverse('api:auth:user-detail')
self._data = {'username': self._username, 'password': self._password}
def test_user_can_change_password_with_valid_old_and_new_password_when_active(
self):
new_password = faker.password()
change_user_password(
user=self._user,
old_password=self._password,
new_password=new_password,
)
self._user.refresh_from_db()
self.assertNotEqual(self._init_secret_key, self._user.secret_key)
self.assertTrue(self._user.check_password(new_password))
def test_user_can_decode_only_own_tokens(self):
response1 = self.client.post(self._url_login, data=self._data)
user = BaseUserFactory()
user.is_active = True
password = faker.password()
user.set_password(password)
user.save()
data = {
'username': user.username,
'password': password,
}
response2 = self.client.post(self._url_login, data=data)
token_user1 = response1.data['token']
token_user2 = response2.data['token']
self.assertNotEqual(token_user1, token_user2)
self.assertNotEqual(self._user.secret_key, user.secret_key)
with self.assertRaises(InvalidSignatureError):
jwt.decode(token_user1, key=str(user.secret_key))
with self.assertRaises(InvalidSignatureError):
jwt.decode(token_user2, key=str(self._user.secret_key))
self.assertEqual(
self._user.username,
jwt.decode(token_user1,
key=str(self._user.secret_key))['username'])
self.assertEqual(
user.username,
jwt.decode(token_user2, key=str(user.secret_key))['username'])
def test_user_cannot_change_password_with_empty_old_password(self):
with self.assertRaises(ValidationError):
change_user_password(user=self._user,
old_password='',
new_password=faker.password())
def setUp(self):
self._username = faker.user_name()
self._password = faker.password()
