def test_change_password__success(self):
from webidentity.views.user import change_password
self.config.testing_securitypolicy(userid=u"dokai")
self.config.add_route("change_password", "/change-password")
user = User("dokai", "secret", "*****@*****.**")
session = DBSession()
session.add(user)
request = testing.DummyRequest(
post={
"form.submitted": "1",
"current_password": "******",
"password": "******",
"confirm_password": "******",
}
)
token = request.session.new_csrf_token()
request.POST["csrf_token"] = token
self.assertEquals(
change_password(request), {"action_url": "http://example.com/change-password", "csrf_token": token}
)
# Check that the password was changed correctly.
self.failUnless(user.check_password("new_password"))
def test_change_password__csrf_mismatch(self):
from pyramid.exceptions import Forbidden
from webidentity.views.user import change_password
self.config.testing_securitypolicy(userid=u"dokai")
self.config.add_route("change_password", "/change-password")
user = User("dokai", "secret", "*****@*****.**")
session = DBSession()
session.add(user)
request = testing.DummyRequest(
post={
"form.submitted": "1",
"current_password": "******",
"password": "******",
"confirm_password": "******",
}
)
token = request.session.new_csrf_token()
request.POST["csrf_token"] = "invalid"
self.failIf(token == "invalid")
self.assertRaises(Forbidden, lambda: change_password(request))
def test_change_password__anonymous(self):
from webidentity.views.user import change_password
from pyramid.exceptions import Forbidden
request = testing.DummyRequest()
self.assertRaises(Forbidden, lambda: change_password(request))
