def test_decode_password_reset_token_ok_for_good_token(
self, email_app, data_api_client, password_reset_token):
with email_app.app_context():
token = generate_token(password_reset_token, "Key", 'PassSalt')
assert decode_password_reset_token(
token, data_api_client) == password_reset_token
data_api_client.get_user.assert_called_once_with(123)
def test_decode_password_reset_token_invalid_if_password_changed_since_token_was_generated(
self, generation_time, expected_result, email_app, data_api_client,
password_reset_token):
with freeze_time(generation_time):
token = generate_token(password_reset_token, "Key", 'PassSalt')
with freeze_time('2016-01-01T13:00:00.30Z'):
with email_app.app_context():
if expected_result == 'ok':
assert decode_password_reset_token(
token, data_api_client) == password_reset_token
else:
assert decode_password_reset_token(token,
data_api_client) == {
'error':
'token_invalid'
}
def test_decode_password_reset_token_is_only_valid_within_a_day_of_token_creation(
self, decode_time, expected_result, email_app, data_api_client,
password_reset_token):
with email_app.app_context():
with freeze_time('2016-01-02 03:04:05'):
token = generate_token(password_reset_token, "Key", 'PassSalt')
with freeze_time(decode_time):
if expected_result == 'ok':
assert decode_password_reset_token(
token, data_api_client) == password_reset_token
else:
assert decode_password_reset_token(token,
data_api_client) == {
'error':
'token_invalid'
}
def test_decode_password_reset_token_does_not_work_if_bad_token(
self, email_app, data_api_client, password_reset_token):
token = generate_token(password_reset_token, "Key", 'PassSalt')[1:]
with email_app.app_context():
assert decode_password_reset_token(token, data_api_client) == {
'error': 'token_invalid'
}
def test_decode_password_reset_token_does_not_work_if_token_expired(
email_app, data_api_client, password_reset_token):
with freeze_time('2015-01-02 03:04:05'):
# Token was generated a year before current time
token = generate_token(password_reset_token, 'Secret', 'PassSalt')
with freeze_time('2016-01-02 03:04:05'):
with email_app.app_context():
assert decode_password_reset_token(token, data_api_client) == {
'error': 'token_invalid'
}
def test_decode_password_reset_token_does_not_work_if_password_changed_later_than_token(
email_app, data_api_client, password_reset_token):
with freeze_time('2016-01-01T11:00:00.30Z'):
# Token was generated an hour earlier than password was changed
token = generate_token(password_reset_token, 'Secret', 'PassSalt')
with freeze_time('2016-01-01T13:00:00.30Z'):
# Token is two hours old; password was changed an hour ago
with email_app.app_context():
assert decode_password_reset_token(token, data_api_client) == {
'error': 'token_invalid'
}
def test_decode_password_reset_token_user_inactive(self, email_app,
data_api_client,
password_reset_token):
with freeze_time('2016-01-01T12:00:00.30Z'):
token = generate_token(password_reset_token, "Key", 'PassSalt')
data_api_client.get_user.return_value["users"]["active"] = False
with freeze_time('2016-01-01T13:00:00.30Z'):
with email_app.app_context():
assert decode_password_reset_token(token, data_api_client) == {
'error': 'user_inactive'
}
