def test_user_cannot_change_password_with_wrong_old_password(
self, mock_object):
mock_object.return_value = {}
self.user.is_active = True
self.user.save()
# this should perform login
login_response = client.post(self.login_url, data=self.data)
token = login_response.data['token']
data = {
"old_password": faker.password(),
"new_password": faker.password(),
}
# this should perform change password
change_password_response = client.post(
self.change_password_url,
json.dumps(data),
**{
'HTTP_AUTHORIZATION': f'JWT {token}',
'content_type': 'application/json'
},
)
self.assertEqual(change_password_response.status_code, 400)
self.assertEqual(change_password_response.data['errors'][0]['message'],
'Old password is invalid.')
def setUp(self):
self.test_password = faker.password()
self.token = PasswordResetTokenFactory()
self.user = self.token.user
self.user.set_password(self.test_password)
self.user.save()
self.initial_secret_key = self.user.secret_key
self.password = faker.password()
def test_user_cannot_change_password_with_invalid_token(self, mock_object):
mock_object.return_value = {}
self.user.is_active = True
self.user.save()
# this should perform login
login_response = client.post(self.login_url, data=self.data)
token = login_response.data['token']
self.user.rotate_secret_key()
data = {
'old_password': self.test_password,
'new_password': faker.password(),
}
# this should perform change password
change_password_response = client.post(
self.change_password_url,
json.dumps(data),
**{
'HTTP_AUTHORIZATION': f'JWT {token}',
'content_type': 'application/json'
},
)
self.assertEqual(change_password_response.status_code, 401)
self.assertEqual(change_password_response.data['errors'][0]['code'],
'authentication_failed')
def test_inactive_user_cannot_change_password(self, mock_object):
mock_object.return_value = {}
self.user.is_active = True
self.user.save()
# this should perform login
login_response = client.post(self.login_url, data=self.data)
token = login_response.data['token']
self.user.is_active = False
self.user.save()
data = {
'old_password': self.test_password,
'new_password': faker.password(),
}
# this should perform change password
change_password_response = client.post(
self.change_password_url,
json.dumps(data),
**{
'HTTP_AUTHORIZATION': f'JWT {token}',
'content_type': 'application/json'
},
)
self.assertEqual(change_password_response.status_code, 401)
self.assertEqual(change_password_response.data['errors'][0]['message'],
'User account is disabled.')
def test_active_user_can_change_password_with_valid_token(
self, mock1, mock2):
mock1.return_value = {}
self.user.is_active = True
self.user.save()
# this should perform login
login_response = client.post(self.login_url, data=self.data)
token = login_response.data['token']
data = {
"old_password": self.test_password,
"new_password": faker.password(),
}
# this should perform change password
change_password_response = client.post(
self.change_password_url,
json.dumps(data),
**{
'HTTP_AUTHORIZATION': f'JWT {token}',
'content_type': 'application/json'
},
)
self.assertTrue(mock2.called)
self.assertEqual(change_password_response.status_code, 202)
def setUp(self):
self.test_password = faker.password()
self.test_email = faker.email()
self.user = BaseUserFactory(email=self.test_email)
self.user.set_password(self.test_password)
self.user.is_active = True
self.user.save()
self.login_url = reverse('api:auth:login')
def test_user_cannot_login_with_wrong_password(self):
password = faker.password()
data = {
'email': self.user.email,
'password': password,
}
response = client.post(self.login_url, data=data)
self.assertEqual(response.status_code, 400)
def setUp(self):
self.password_reset_token = PasswordResetTokenFactory()
self.user = self.password_reset_token.user
self.user.is_active = True
self.user.save()
self.url = reverse('api:auth:forgot-password-set')
self.password = faker.password()
self.data = {
'token': str(self.password_reset_token.token),
'password': self.password,
}
def setUp(self):
self.test_email = faker.email()
self.test_password = faker.password()
self.user = BaseUserFactory(email=self.test_email)
self.user.set_password(self.test_password)
self.user.save()
self.login_url = reverse('api:auth:login')
self.logout_url = reverse('api:auth:logout')
self.change_password_url = reverse('api:auth:change-password')
self.data = {
'email': self.test_email,
'password': self.test_password,
}
def setUp(self):
self.test_email = faker.email()
self.test_password = faker.password()
self.user = BaseUserFactory(email=self.test_email)
self.user.set_password(self.test_password)
self.user.is_active = True
self.user.save()
self.login_url = reverse('api:auth:login')
self.user_detail_url = reverse('api:auth:user-detail')
self.data = {
'email': self.test_email,
'password': self.test_password,
}
def test_creating_single_teacher_works(self):
count = Teacher.objects.count()
email, password = faker.email(), faker.password()
Teacher.objects.create(email=email, password=password)
self.assertEqual(count + 1, Teacher.objects.count())
teacher = Teacher.objects.first()
self.assertEqual(email, teacher.email)
self.assertTrue(teacher.user.check_password(password))
self.assertIsNotNone(teacher.user.downcast(Teacher))
def test_creating_single_student_works(self):
count = Student.objects.count()
email, password = faker.email(), faker.password()
Student.objects.create(email=email, password=password)
self.assertEqual(count + 1, Student.objects.count())
student = Student.objects.first()
self.assertEqual(email, student.email)
self.assertTrue(student.user.check_password(password))
self.assertIsNotNone(student.user.downcast(Student))
def test_user_can_decode_only_own_tokens(self):
response1 = self.post(self.login_url, data=self.data)
user = BaseUserFactory()
user.is_active = True
user.passwd = faker.password()
user.set_password(user.passwd)
user.save()
data = {
'email': user.email,
'password': user.passwd,
}
response2 = self.post(self.login_url, data=data)
token_user1 = response1.data['token']
token_user2 = response2.data['token']
self.assertNotEqual(token_user1, token_user2)
self.assertNotEqual(self.user.secret_key, user.secret_key)
with self.assertRaises(InvalidSignatureError):
jwt.decode(token_user1, key=str(user.secret_key))
with self.assertRaises(InvalidSignatureError):
jwt.decode(token_user2, key=str(self.user.secret_key))
self.assertEqual(
self.user.email,
jwt.decode(token_user1, key=str(self.user.secret_key))['email']
)
self.assertEqual(
user.email,
jwt.decode(token_user2, key=str(user.secret_key))['email']
)
def setUp(self):
self.email = faker.email()
self.test_password = faker.password()
class BaseUserFactory(factory.DjangoModelFactory):
class Meta:
model = BaseUser
email = factory.Sequence(lambda n: '{}{}'.format(n, faker.email()))
password = faker.password()
