def test_send_link_ok(self):
user = self.create_test_user(username='******')
request = self.factory.post('', {
'login': user.username,
})
time_before = math.floor(time.time())
with self.assert_one_mail_sent() as sent_emails:
response = send_reset_password_link(request)
time_after = math.ceil(time.time())
self.assert_valid_response(response, status.HTTP_200_OK)
sent_email = sent_emails[0]
self.assertEqual(
sent_email.from_email,
REST_REGISTRATION_WITH_RESET_PASSWORD['VERIFICATION_FROM_EMAIL'],
)
self.assertListEqual(sent_email.to, [user.email])
url = self.assert_one_url_line_in_text(sent_email.body)
verification_data = self.assert_valid_verification_url(
url,
expected_path=RESET_PASSWORD_VERIFICATION_URL,
expected_query_keys={'signature', 'user_id', 'timestamp'},
)
self.assertEqual(int(verification_data['user_id']), user.id)
url_sig_timestamp = int(verification_data['timestamp'])
self.assertGreaterEqual(url_sig_timestamp, time_before)
self.assertLessEqual(url_sig_timestamp, time_after)
signer = ResetPasswordSigner(verification_data)
signer.verify()
def _assert_valid_verification_data(self, verification_data, user, timer):
self.assertEqual(int(verification_data['user_id']), user.id)
url_sig_timestamp = int(verification_data['timestamp'])
self.assertGreaterEqual(url_sig_timestamp, timer.start_time)
self.assertLessEqual(url_sig_timestamp, timer.end_time)
signer = ResetPasswordSigner(verification_data)
signer.verify()
def _assert_valid_reset_password_verification_data(verification_data, user,
timer):
assert int(verification_data['user_id']) == user.id
url_sig_timestamp = int(verification_data['timestamp'])
assert url_sig_timestamp >= timer.start_time
assert url_sig_timestamp <= timer.end_time
signer = ResetPasswordSigner(verification_data)
signer.verify()
def test_reset_short_password(self):
old_password = '******'
new_password = '******'
user = self.create_test_user(password=old_password)
signer = ResetPasswordSigner({'user_id': user.pk})
data = signer.get_signed_data()
data['password'] = new_password
request = self.create_post_request(data)
response = self.view_func(request)
self.assert_response_is_bad_request(response)
user.refresh_from_db()
self.assertTrue(user.check_password(old_password))
def test_reset_unverified_user(self):
old_password = '******'
new_password = '******'
user = self.create_test_user(password=old_password, is_active=False)
signer = ResetPasswordSigner({'user_id': user.pk})
data = signer.get_signed_data()
data['password'] = new_password
request = self.create_post_request(data)
response = self.view_func(request)
self.assert_response_is_ok(response)
user.refresh_from_db()
self.assertTrue(user.check_password(new_password))
def test_reset_with_username_as_verification_id_ok(self):
old_password = '******'
new_password = '******'
user = self.create_test_user(password=old_password)
signer = ResetPasswordSigner({'user_id': user.username})
data = signer.get_signed_data()
data['password'] = new_password
request = self.create_post_request(data)
response = self.view_func(request)
self.assert_response_is_ok(response)
user.refresh_from_db()
self.assertTrue(user.check_password(new_password))
def test_ok(self):
old_password = '******'
new_password = '******'
user = self.create_test_user(password=old_password)
signer = ResetPasswordSigner({'user_id': user.pk})
data = signer.get_signed_data()
data['password'] = new_password
response = self.client.post(self.view_url, data=data)
self.assertEqual(response.status_code, 302)
self.assertEqual(response.url, SUCCESS_URL)
user.refresh_from_db()
self.assertTrue(user.check_password(new_password))
def test_reset_numeric_password(self):
old_password = '******'
new_password = '******'
user = self.create_test_user(password=old_password)
signer = ResetPasswordSigner({'user_id': user.pk})
data = signer.get_signed_data()
data['password'] = new_password
request = self.factory.post('', data)
response = reset_password(request)
self.assert_response_is_bad_request(response)
user.refresh_from_db()
self.assertTrue(user.check_password(old_password))
def test_reset_tampered_timestamp(self):
old_password = '******'
new_password = '******'
user = self.create_test_user(password=old_password)
signer = ResetPasswordSigner({'user_id': user.pk})
data = signer.get_signed_data()
data['timestamp'] += 1
data['password'] = new_password
request = self.factory.post('', data)
response = reset_password(request)
self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST)
user.refresh_from_db()
self.assertTrue(user.check_password(old_password))
def test_reset_password_same_as_username(self):
username = '******'
old_password = '******'
new_password = username
user = self.create_test_user(username=username, password=old_password)
signer = ResetPasswordSigner({'user_id': user.pk})
data = signer.get_signed_data()
data['password'] = new_password
request = self.factory.post('', data)
response = reset_password(request)
self.assert_response_is_bad_request(response)
user.refresh_from_db()
self.assertTrue(user.check_password(old_password))
def test_when_confirm_enabled_and_no_password_confirm_field_then_reset_password_fails( # noqa: E501
settings_with_reset_password_verification, user, password_change,
api_view_provider, api_factory):
old_password = password_change.old_value
new_password = password_change.new_value
signer = ResetPasswordSigner({'user_id': user.pk})
data = signer.get_signed_data()
data['password'] = new_password
request = api_factory.create_post_request(data)
response = api_view_provider.view_func(request)
assert_response_is_bad_request(response)
user.refresh_from_db()
assert user.check_password(old_password)
def test_signer_with_different_secret_keys(self):
user = self.create_test_user(is_active=False)
data_to_sign = {'user_id': user.pk}
secrets = [
'#0ka!t#6%28imjz+2t%l(()yu)tg93-1w%$du0*po)*@l+@+4h',
'feb7tjud7m=91$^mrk8dq&nz(0^!6+1xk)%gum#oe%(n)8jic7',
]
signatures = []
for secret in secrets:
with override_settings(SECRET_KEY=secret):
signer = ResetPasswordSigner(data_to_sign)
data = signer.get_signed_data()
signatures.append(data[signer.SIGNATURE_FIELD])
assert signatures[0] != signatures[1]
def test_reset_expired(self):
timestamp = int(time.time())
old_password = '******'
new_password = '******'
user = self.create_test_user(password=old_password)
with patch('time.time', side_effect=lambda: timestamp):
signer = ResetPasswordSigner({'user_id': user.pk})
data = signer.get_signed_data()
data['password'] = new_password
request = self.factory.post('', data)
with patch('time.time', side_effect=lambda: timestamp + 3600 * 24 * 8):
response = reset_password(request)
self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST)
user.refresh_from_db()
self.assertTrue(user.check_password(old_password))
def test_send_link_with_username_as_verification_id_ok(self):
user = self.create_test_user(username='******')
request = self.create_post_request({
'login': user.username,
})
with self.assert_one_mail_sent() as sent_emails, self.timer() as timer:
response = self.view_func(request)
self.assert_valid_response(response, status.HTTP_200_OK)
sent_email = sent_emails[0]
verification_data = self._assert_valid_verification_email(
sent_email, user)
self.assertEqual(verification_data['user_id'], user.username)
url_sig_timestamp = int(verification_data['timestamp'])
self.assertGreaterEqual(url_sig_timestamp, timer.start_time)
self.assertLessEqual(url_sig_timestamp, timer.end_time)
signer = ResetPasswordSigner(verification_data)
signer.verify()
def _assert_valid_send_link_email(self, sent_email, user, timer):
self.assertEqual(
sent_email.from_email,
REST_REGISTRATION_WITH_RESET_PASSWORD['VERIFICATION_FROM_EMAIL'],
)
self.assertListEqual(sent_email.to, [user.email])
url = self.assert_one_url_line_in_text(sent_email.body)
verification_data = self.assert_valid_verification_url(
url,
expected_path=RESET_PASSWORD_VERIFICATION_URL,
expected_fields={'signature', 'user_id', 'timestamp'},
)
self.assertEqual(int(verification_data['user_id']), user.id)
url_sig_timestamp = int(verification_data['timestamp'])
self.assertGreaterEqual(url_sig_timestamp, timer.start_time)
self.assertLessEqual(url_sig_timestamp, timer.end_time)
signer = ResetPasswordSigner(verification_data)
signer.verify()
def test_one_time_reset_twice_fail(self):
old_password = '******'
new_first_password = '******'
new_second_password = '******'
user = self.create_test_user(password=old_password)
signer = ResetPasswordSigner({'user_id': user.pk})
data = signer.get_signed_data()
data['password'] = new_first_password
request = self.create_post_request(data)
response = self.view_func(request)
self.assert_response_is_ok(response)
user.refresh_from_db()
self.assertTrue(user.check_password(new_first_password))
data['password'] = new_second_password
request = self.create_post_request(data)
response = self.view_func(request)
self.assert_response_is_bad_request(response)
user.refresh_from_db()
self.assertTrue(user.check_password(new_first_password))
def user_signed_data(user):
user_reset_password_signer = ResetPasswordSigner({'user_id': user.pk})
return user_reset_password_signer.get_signed_data()
