def test_password_enforce_pass(self): pec = dict(password_enforce_min_length=20) self.assertFalse(password_enforce_format('the_long_enough_password', password_enforce_constants=pec)) pec = dict(password_enforce_special_chars=True) self.assertFalse(password_enforce_format('special_char_!', password_enforce_constants=pec)) pec = dict(password_enforce_chars_and_digits=True) self.assertFalse(password_enforce_format('chars_and_digits3', password_enforce_constants=pec)) pec = dict(password_enforce_upper_and_lower_case=True) self.assertFalse(password_enforce_format('has_Upper_char', password_enforce_constants=pec)) pec = dict(password_enforce_upper_and_lower_case=True) self.assertFalse(password_enforce_format('HAS_lOWER_CHAR', password_enforce_constants=pec))
def post(self, request): user = getattr(request, 'user', None) new_password = request.data.get('new_password', '') old_password = request.data.get('old_password', '') pass_check = password_enforce_format(new_password) if not old_password: return Response( dict(status="error", error_code="old_password_required", message="You have to provide the old password in order to set a new one.")) if not new_password: return Response( dict(status="error", error_code="new_password_required", message="You have to provide the new password.")) if pass_check: return Response( dict(status="error", error_code="invalid_password_format", message=pass_check)) if not user.check_password(old_password): return Response( dict(status="error", error_code="old_password_mismatch", message="The provided old password does not match your current password")) user.set_password(new_password) user.save() return Response(dict(status="success", message="Password has been successfully reset"))
def post(self, request, token=None): user = check_token(token) password = request.data.get('new_password', '') if not password: return Response( dict(status="error", error_code="new_password_required", message="You haven't provided a new password.")) # if we have a valid user if user: # check if the submitted password complies with the password_enforce_format pass_check = password_enforce_format(password) if pass_check: user.set_password(password) user.save() return Response( dict(status="error", error_code="invalid_password_format", message=pass_check)) else: package = dict( caller='jwt_auth', notification_type='RESET_PASSWORD_CONFIRMATION', recipients=[user.email, ], context=dict( username=user.username, password=password ) ) notify = Notification(**package) notify.send() return Response(dict(status="success", message="Password has been successfully reset")) else: return Response( dict(status="error", error_code="invalid_token", message="The token you provided is invalid or has expired."))
def test_password_enforce_fail(self): # to avoid huge variable names pec stands for "password_enforce_conditions" pec = dict(password_enforce_min_length=10) self.assertEqual(password_enforce_format('too-short', password_enforce_constants=pec), "Password too short. Minimum required length is: 10") pec = dict(password_enforce_special_chars=True) self.assertEqual(password_enforce_format('too-short', password_enforce_constants=pec), "Password should contain at least one special character. (!@_?=+^&*$)") pec = dict(password_enforce_chars_and_digits=True) self.assertEqual(password_enforce_format('__________', password_enforce_constants=pec), "Password should contain at least one digit and one character.") pec = dict(password_enforce_upper_and_lower_case=True) self.assertEqual(password_enforce_format('no_upper_chars', password_enforce_constants=pec), "Password should contain at least one uppercase character.") pec = dict(password_enforce_upper_and_lower_case=True) self.assertEqual(password_enforce_format('NO_LOWER_CHARS', password_enforce_constants=pec), "Password should contain at least one lowercase character.")