def test_password_reset(self):
"""
Test User.password_reset_initiate
Test User.password_reset_complete
Test views.view_password_reset POST
"""
# initiate request
request = self.factory.post("/reset-password",
data={"email": self.user_a.email})
request._dont_enforce_csrf_checks = True
resp = views.view_password_reset(request)
# check that password-reset instance was created
pr = models.UserPasswordReset.objects.get(user=self.user_a)
self.assertIsNotNone(pr.token)
self.assertEqual(pr.is_valid(), True)
# re-initiate internally so we can get the token
token, hashed = self.user_a.password_reset_initiate()
pr = self.user_a.password_reset
# password reset request
pwd = "abcdefghjikl"
request = self.factory.post(
"/reset-password",
data={
"target": self.user_a.id,
"token": token,
"password": pwd,
"password_v": pwd,
},
)
request._dont_enforce_csrf_checks = True
resp = views.view_password_reset(request)
self.assertEqual(json.loads(resp.content)["status"], "ok")
with pytest.raises(models.UserPasswordReset.DoesNotExist):
models.UserPasswordReset.objects.get(user=self.user_a)
# initiate another request so we can test failures
token, hashed = self.user_a.password_reset_initiate()
# failure test: invalid token
request = self.factory.post(
"/reset-password",
data={
"target": self.user_a.id,
"token": "wrong",
"password": pwd,
"password_v": pwd,
},
)
request._dont_enforce_csrf_checks = True
resp = views.view_password_reset(request)
self.assertEqual(resp.status_code, 400)
# failure test: invalid password(s): length
request = self.factory.post(
"/reset-password",
data={
"target": self.user_a.id,
"token": token,
"password": "******",
"password_v": "a",
},
)
request._dont_enforce_csrf_checks = True
resp = views.view_password_reset(request)
self.assertEqual(resp.status_code, 400)
# failure test: invalid password(s): validation mismatch
request = self.factory.post(
"/reset-password",
data={
"target": self.user_a.id,
"token": token,
"password": pwd,
"password_v": "a",
},
)
request._dont_enforce_csrf_checks = True
resp = views.view_password_reset(request)
self.assertEqual(resp.status_code, 400)
# failure test: invalid target
request = self.factory.post(
"/reset-password",
data={
"target": self.user_b.id,
"token": token,
"password": pwd,
"password_v": pwd,
},
)
request._dont_enforce_csrf_checks = True
resp = views.view_password_reset(request)
self.assertEqual(resp.status_code, 400)
def test_password_reset(self):
"""
Test User.password_reset_initiate
Test User.password_reset_complete
Test views.view_password_reset POST
"""
# initiate request
request = self.factory.post("/reset-password", data={
"email": self.user_a.email
})
request._dont_enforce_csrf_checks = True
resp = views.view_password_reset(request)
# check that password-reset instance was created
pr = models.UserPasswordReset.objects.get(user=self.user_a)
self.assertIsNotNone(pr.token)
self.assertEqual(pr.is_valid(), True)
# re-initiate internally so we can get the token
token, hashed = self.user_a.password_reset_initiate()
pr = self.user_a.password_reset
# password reset request
pwd = "abcdefghjikl"
request = self.factory.post(
"/reset-password", data={
"target": self.user_a.id,
"token": token,
"password": pwd,
"password_v": pwd
})
request._dont_enforce_csrf_checks = True
resp = views.view_password_reset(request)
self.assertEqual(json.loads(resp.content)["status"], "ok")
with self.assertRaises(models.UserPasswordReset.DoesNotExist):
models.UserPasswordReset.objects.get(user=self.user_a)
# initiate another request so we can test failures
token, hashed = self.user_a.password_reset_initiate()
# failure test: invalid token
request = self.factory.post(
"/reset-password", data={
"target": self.user_a.id,
"token": "wrong",
"password": pwd,
"password_v": pwd
})
request._dont_enforce_csrf_checks = True
resp = views.view_password_reset(request)
self.assertEqual(resp.status_code, 400)
# failure test: invalid password(s): length
request = self.factory.post(
"/reset-password", data={
"target": self.user_a.id,
"token": token,
"password": "******",
"password_v": "a"
})
request._dont_enforce_csrf_checks = True
resp = views.view_password_reset(request)
self.assertEqual(resp.status_code, 400)
# failure test: invalid password(s): validation mismatch
request = self.factory.post(
"/reset-password", data={
"target": self.user_a.id,
"token": token,
"password": pwd,
"password_v": "a"
})
request._dont_enforce_csrf_checks = True
resp = views.view_password_reset(request)
self.assertEqual(resp.status_code, 400)
# failure test: invalid target
request = self.factory.post(
"/reset-password", data={
"target": self.user_b.id,
"token": token,
"password": pwd,
"password_v": pwd
})
request._dont_enforce_csrf_checks = True
resp = views.view_password_reset(request)
self.assertEqual(resp.status_code, 400)