def test_reset_numeric_password(self):
old_password = '******'
new_password = '******'
user = self.create_test_user(password=old_password)
signer = ResetPasswordSigner({'user_id': user.pk})
data = signer.get_signed_data()
data['password'] = new_password
request = self.factory.post('', data)
response = reset_password(request)
self.assert_response_is_bad_request(response)
user.refresh_from_db()
self.assertTrue(user.check_password(old_password))
def test_reset_tampered_timestamp(self):
old_password = '******'
new_password = '******'
user = self.create_test_user(password=old_password)
signer = ResetPasswordSigner({'user_id': user.pk})
data = signer.get_signed_data()
data['timestamp'] += 1
data['password'] = new_password
request = self.factory.post('', data)
response = reset_password(request)
self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST)
user.refresh_from_db()
self.assertTrue(user.check_password(old_password))
def test_reset_password_same_as_username(self):
username = '******'
old_password = '******'
new_password = username
user = self.create_test_user(username=username, password=old_password)
signer = ResetPasswordSigner({'user_id': user.pk})
data = signer.get_signed_data()
data['password'] = new_password
request = self.factory.post('', data)
response = reset_password(request)
self.assert_response_is_bad_request(response)
user.refresh_from_db()
self.assertTrue(user.check_password(old_password))
def test_reset_expired(self):
timestamp = int(time.time())
old_password = '******'
new_password = '******'
user = self.create_test_user(password=old_password)
with patch('time.time', side_effect=lambda: timestamp):
signer = ResetPasswordSigner({'user_id': user.pk})
data = signer.get_signed_data()
data['password'] = new_password
request = self.factory.post('', data)
with patch('time.time', side_effect=lambda: timestamp + 3600 * 24 * 8):
response = reset_password(request)
self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST)
user.refresh_from_db()
self.assertTrue(user.check_password(old_password))