def test_user_can_reset_password(self):
url = reverse("password_new")
beverly = UserFactory(username="******")
beverly.set_password("jack")
beverly.save()
mismatch_password_data = {
"uid": urlsafe_base64_encode(force_bytes(beverly.pk)).decode(),
"token": default_token_generator.make_token(beverly),
"password": encode_string("wesley"),
"confirm_password": encode_string("WESLEY")
}
response = self.client.post(url, mismatch_password_data, format='json')
self.assertEqual(response.status_code, 400)
self.assertFalse(User.objects.get(username='******').check_password('wesley'))
bad_uid_data = {
"uid": urlsafe_base64_encode(force_bytes(UserFactory().pk)).decode(),
"token": default_token_generator.make_token(beverly),
"password": encode_string("wesley"),
"confirm_password": encode_string("wesley")
}
response = self.client.post(url, bad_uid_data, format='json')
self.assertEqual(response.status_code, 400)
self.assertFalse(User.objects.get(username='******').check_password('wesley'))
good_data = {
"uid": urlsafe_base64_encode(force_bytes(beverly.pk)).decode(),
"token": default_token_generator.make_token(beverly),
"password": encode_string("wesley"),
"confirm_password": encode_string("wesley")
}
self.assertSchemaPost(url, "$setPasswordRequest", "$userResponse", good_data, None, status_OK=True)
self.assertTrue(User.objects.get(username='******').check_password('wesley'))
def test_user_can_change_password(self):
felicia = UserFactory(username='******')
felicia.set_password('password')
felicia.save()
url = reverse("password_change")
data = {
"old_password": base64.encodestring("password"),
"password": base64.encodestring("felicia"),
"confirm_password": base64.encodestring("felicia")
}
# Unauthenticated user can't change password
self.assertSchemaPatch(url,
"$changePasswordRequest",
"$changePasswordResponse",
data,
None,
unauthorized=True)
self.assertFalse(
User.objects.get(pk=felicia.pk).check_password("felicia"))
# User can't change password if the old / current password is incorrect
bad_data = {
"old_password": base64.encodestring("wrong_password"),
"password": base64.encodestring("felicia"),
"confirm_password": base64.encodestring("felicia")
}
self.assertSchemaPatch(url,
"$changePasswordRequest",
"$changePasswordResponse",
bad_data,
felicia,
unauthorized=True)
self.assertFalse(
User.objects.get(pk=felicia.pk).check_password("felicia"))
# User can't change password if the two new passwords don't match
mismatch_password_data = {
"old_password": base64.encodestring("password"),
"password": base64.encodestring("felicia"),
"confirm_password": base64.encodestring("FELICIA")
}
self.add_credentials(felicia)
response = self.client.patch(url,
mismatch_password_data,
format='json')
self.assertEqual(response.status_code, 400)
self.assertFalse(
User.objects.get(pk=felicia.pk).check_password("felicia"))
# User can change their own password
self.assertSchemaPatch(url, "$changePasswordRequest",
"$changePasswordResponse", data, felicia)
self.assertTrue(
User.objects.get(pk=felicia.pk).check_password("felicia"))
def test_user_can_reset_password(self):
url = reverse("password_new")
beverly = UserFactory(username="******")
beverly.set_password("jack")
beverly.save()
mismatch_password_data = {
"uid": urlsafe_base64_encode(force_bytes(beverly.pk)).decode(),
"token": default_token_generator.make_token(beverly),
"password": encode_string("wesley"),
"confirm_password": encode_string("WESLEY")
}
response = self.client.post(url, mismatch_password_data, format='json')
self.assertEqual(response.status_code, 400)
self.assertFalse(
User.objects.get(username='******').check_password('wesley'))
bad_uid_data = {
"uid":
urlsafe_base64_encode(force_bytes(UserFactory().pk)).decode(),
"token": default_token_generator.make_token(beverly),
"password": encode_string("wesley"),
"confirm_password": encode_string("wesley")
}
response = self.client.post(url, bad_uid_data, format='json')
self.assertEqual(response.status_code, 400)
self.assertFalse(
User.objects.get(username='******').check_password('wesley'))
good_data = {
"uid": urlsafe_base64_encode(force_bytes(beverly.pk)).decode(),
"token": default_token_generator.make_token(beverly),
"password": encode_string("wesley"),
"confirm_password": encode_string("wesley")
}
self.assertSchemaPost(url,
"$setPasswordRequest",
"$userResponse",
good_data,
None,
status_OK=True)
self.assertTrue(
User.objects.get(username='******').check_password('wesley'))
def test_user_can_change_password(self):
felicia = UserFactory(username='******')
felicia.set_password('password')
felicia.save()
url = reverse("password_change")
data = {
"old_password": encode_string("password"),
"password": encode_string("felicia"),
"confirm_password": encode_string("felicia")
}
# Unauthenticated user can't change password
self.assertSchemaPatch(url, "$changePasswordRequest", "$changePasswordResponse", data, None, unauthorized=True)
self.assertFalse(User.objects.get(pk=felicia.pk).check_password("felicia"))
# User can't change password if the old / current password is incorrect
bad_data = {
"old_password": encode_string("wrong_password"),
"password": encode_string("felicia"),
"confirm_password": encode_string("felicia")
}
self.assertSchemaPatch(url, "$changePasswordRequest", "$changePasswordResponse", bad_data, felicia,
unauthorized=True)
self.assertFalse(User.objects.get(pk=felicia.pk).check_password("felicia"))
# User can't change password if the two new passwords don't match
mismatch_password_data = {
"old_password": encode_string("password"),
"password": encode_string("felicia"),
"confirm_password": encode_string("FELICIA")
}
self.add_credentials(felicia)
response = self.client.patch(url, mismatch_password_data, format='json')
self.assertEqual(response.status_code, 400)
self.assertFalse(User.objects.get(pk=felicia.pk).check_password("felicia"))
# User can change their own password
self.assertSchemaPatch(url, "$changePasswordRequest", "$changePasswordResponse", data, felicia)
self.assertTrue(User.objects.get(pk=felicia.pk).check_password("felicia"))
