def test_confirm(self):
"""Test confirmation of a password reset that should succeed"""
# create a confirmation record
email = '*****@*****.**'
p = Person(email_address=email)
self.dbsession.save(p)
c = PasswordResetConfirmation(email_address=email)
# set the timestamp to just under 24 hours ago
c.timestamp = datetime.datetime.now() - datetime.timedelta(23, 59, 59)
self.dbsession.save(c)
self.dbsession.flush()
pid = p.id
cid = c.id
resp = self.app.get(url_for(controller='person',
action='reset_password',
url_hash=c.url_hash))
# showing the email on the page
resp.mustcontain(email)
f = resp.form
f['password'] = '******'
f['password_confirm'] = 'test'
resp = f.submit()
# check for success
resp.mustcontain("Your password has been updated")
self.dbsession.clear()
# conf rec should be gone
c = self.dbsession.get(PasswordResetConfirmation, cid)
self.assertEqual(None, c)
# password should be set to 'test'
p_hash = md5.new('test').hexdigest()
p = self.dbsession.get(Person, pid)
self.assertEqual(p_hash, p.password_hash)
self.dbsession.delete(p)
self.dbsession.flush()
def test_confirm_old_url_hash(self):
"""Test that old url_hashes are caught"""
email = '*****@*****.**'
stamp = datetime.datetime.now() - datetime.timedelta(24, 0, 1)
c = PasswordResetConfirmation(email_address=email)
c.timestamp = stamp
self.dbsession.save(c)
self.dbsession.flush()
cid = c.id
resp = self.app.get(url_for(controller='person',
action='reset_password',
url_hash=c.url_hash))
# check for warning
resp.mustcontain("This password recovery session has expired")
self.dbsession.clear()
c = self.dbsession.get(PasswordResetConfirmation, cid)
# record shouldn't exist anymore
self.assertEqual(None, c)
