def test_change_password__success(self): from webidentity.views.user import change_password self.config.testing_securitypolicy(userid=u"dokai") self.config.add_route("change_password", "/change-password") user = User("dokai", "secret", "*****@*****.**") session = DBSession() session.add(user) request = testing.DummyRequest( post={ "form.submitted": "1", "current_password": "******", "password": "******", "confirm_password": "******", } ) token = request.session.new_csrf_token() request.POST["csrf_token"] = token self.assertEquals( change_password(request), {"action_url": "http://example.com/change-password", "csrf_token": token} ) # Check that the password was changed correctly. self.failUnless(user.check_password("new_password"))
def test_change_password__csrf_mismatch(self): from pyramid.exceptions import Forbidden from webidentity.views.user import change_password self.config.testing_securitypolicy(userid=u"dokai") self.config.add_route("change_password", "/change-password") user = User("dokai", "secret", "*****@*****.**") session = DBSession() session.add(user) request = testing.DummyRequest( post={ "form.submitted": "1", "current_password": "******", "password": "******", "confirm_password": "******", } ) token = request.session.new_csrf_token() request.POST["csrf_token"] = "invalid" self.failIf(token == "invalid") self.assertRaises(Forbidden, lambda: change_password(request))
def test_change_password__anonymous(self): from webidentity.views.user import change_password from pyramid.exceptions import Forbidden request = testing.DummyRequest() self.assertRaises(Forbidden, lambda: change_password(request))