def test_auth_password_reset_test():
clear()
#resgistering user to test
auth_register('*****@*****.**', '123abc!@#', 'Hayden', 'Everest',
None)
#requesting a password reset
auth_passwordreset_request('*****@*****.**')
for user in users:
if user['u_id'] == 1:
reset_code = user['reset_code']
break
with pytest.raises(InputError):
#raise error if incorrect code
auth_passwordreset_reset('12345', 'Agoodpassowrd')
#raise error if bad bassword
auth_passwordreset_reset(reset_code, 'bad')
#raise error if both incorrect
auth_passwordreset_reset('12345', 'bad')
#test correct inputs change passowrd
auth_passwordreset_reset(reset_code, 'Agoodpassowrd')
for user in users:
if user['u_id'] == 1:
assert user['password'] == hashlib.sha256(
'Agoodpassowrd'.encode()).hexdigest()
break
def test_auth_passwordreset_reset():
"""
password entered is less than 6 characters long
"""
server_data = Server_data()
email = "*****@*****.**"
auth_register(server_data, email, "abcde123", "Jay", "Chen")
# get the user's full information by email
# reset code should be empty
user_full = server_data.get_user_by_email(email)
old_password = user_full.password
assert user_full.reset_code == ""
# request to set a new password, will get a reset_code
# after request send, user receive a secret reset_code
auth_passwordreset_request(server_data, email)
reset_code = user_full.reset_code
assert reset_code != ""
# reset the password by using valid code
auth_passwordreset_reset(server_data, reset_code, "1234abc")
# check if the password has change to the new one
new_password = user_full.password
assert new_password != old_password
def test_auth_reset_no_email():
"""
use an non registered email to request a password reset
"""
server_data = Server_data()
with pytest.raises(InputError):
auth_passwordreset_request(server_data, "*****@*****.**")
def test_auth_reset_invalid_email():
"""
use a invalid email to request a password reset
"""
server_data = Server_data()
with pytest.raises(InputError):
auth_passwordreset_request(server_data, "jay.chen")
def test_auth_passwordreset_request():
"""
After using password request user should get a reset_code
"""
server_data = Server_data()
email = "*****@*****.**"
# assert check(email) == True
user = auth_register(server_data, email, "abcde123", "Jay", "Chen")
user_id = user['u_id']
token = user['token']
# assume the token is generated from using auth_register
assert user_profile(server_data, token, user_id) == {
'user': {\
'u_id': user_id, \
'email': "*****@*****.**", \
'name_first': 'Jay', \
'name_last': 'Chen', \
'profile_img_url': '', \
'handle_str': 'jaychen', \
},
}
# get the user's full information by email
# reset code should be empty
user_full = server_data.get_user_by_email(email)
assert user_full.reset_code == ""
# request to set a new password, will get a reset_code
# after request send, user receive a secret reset_code
auth_passwordreset_request(server_data, email)
assert user_full.reset_code != ""
def test_auth_password_reset_request_invalid_email():
'''
Test that an InputError is raised when an invalid email is given
'''
other.clear()
auth_register("*****@*****.**", "abcd1081$#", "John", "Smith")
with pytest.raises(InputError):
auth_passwordreset_request("*****@*****.**")
def send_email():
'''
A route to send a reset code via email to a user
'''
payload = request.get_json()
if not payload['email']:
raise RequestError(description="Missing data in request body")
auth_passwordreset_request(payload['email'])
return dumps({})
def test_auth_passwordreset_request_unregistered_email_muplitple_users():
clear()
auth_register('*****@*****.**', 'password', 'madeline',
'younes')
auth_register('*****@*****.**', '238hadJHJ', 'Mira', 'Bankstone')
auth_register('*****@*****.**', '82hBKH', 'Thomas', 'Yossef')
with pytest.raises(InputError):
auth_passwordreset_request('*****@*****.**')
def auth_passwordreset_request():
'''
Route that sends a 16 character alphanumeric reset code
to a user who is requesting the password reset.
'''
payload = request.get_json()
email = payload['email']
auth.auth_passwordreset_request(email)
return dumps({})
def test_auth_passwordreset_reset_success():
clear()
auth_register('*****@*****.**', 'password', 'Madeline',
'Younes')
auth_passwordreset_request('*****@*****.**')
for user in data.users:
if user.email == '*****@*****.**':
reset_code = user.secret_key
auth_passwordreset_reset(reset_code, 'New_3dpassword')
def test_exception_auth_passwordreset_request():
clear()
user_dict = auth_register("*****@*****.**", "password", "Nate", "Drake")
user_token = user_dict["token"]
auth_logout(user_token)
with pytest.raises(InputError):
auth_passwordreset_request("*****@*****.**")
def test_auth_passwordreset_request_pass():
clear()
email = '*****@*****.**'
auth_register(email, 'weiqiangpass1', 'Weiqiang1', 'Zhuang1')
for user in USER_DATA:
if user['email'] == email:
assert user['reset_code'] == ""
auth_passwordreset_request(email)
for user in USER_DATA:
if user['email'] == email:
assert user['reset_code'] != ""
def test_auth_passwordreset_reset_invalid_reset_code():
'''
This is a test to ensure that the test fails due to the user
inputting an invalid reset_code.
'''
other.clear()
auth_register("*****@*****.**", "abcd1081$#", "John", "Smith")
auth_passwordreset_request("*****@*****.**")
with pytest.raises(InputError):
auth_passwordreset_reset(10, "abcd1234$")
def test_incorrect_email_unsuccessful_request():
"""
Tests unsuccessful uses of passwordreset_request,
focusing on emails that don't have an account registered to them
"""
user1 = auth.auth_register('*****@*****.**', 'greetings', 'Good', 'Sir')
user.user_profile_setemail(user1['token'], '*****@*****.**')
auth.auth_logout(user1['token'])
with pytest.raises(InputError):
assert auth.auth_passwordreset_request('*****@*****.**') == {}
assert auth.auth_passwordreset_request('*****@*****.**') == {}
other.clear()
def test_auth_passwordreset_request_key_generated():
clear()
auth_register('*****@*****.**', 'password', 'madeline',
'younes')
for curr_user in data.users:
if curr_user.email == '*****@*****.**':
break
curr_user.secret_key = None
auth_passwordreset_request('*****@*****.**')
assert curr_user.secret_key is not None
def test_auth_passwordreset_reset_password_not_valid():
clear()
email = "*****@*****.**"
auth_register(email, 'weiqiangpass1', 'Weiqiang1', 'Zhuang1')
auth_passwordreset_request(email)
reset_code = ''
for user in USER_DATA:
if user['email'] == email:
reset_code = user['reset_code']
break
new_pwd = "123"
with pytest.raises(InputError):
assert auth_passwordreset_reset(reset_code, new_pwd)
def test_successful_passwordreset_reset():
user1 = auth.auth_register('*****@*****.**', 'thistooksolong', 'one',
'hundred')
auth.auth_logout(user1['token'])
auth.auth_passwordreset_request('*****@*****.**')
time.sleep(2)
code = get_code_from_email()
assert auth.auth_passwordreset_reset(code, 'new_password') == {}
with pytest.raises(InputError):
assert auth.auth_login('*****@*****.**', 'thistooksolong')
user2 = auth.auth_login('*****@*****.**', 'new_password')
assert user1['u_id'] == user2['u_id']
other.clear()
def test_incorrect_code_unsuccessful_reset():
"""
Tests unsuccessful uses of passwordreset_reset,
focusing on incorrect codes
"""
user1 = auth.auth_register('*****@*****.**', 'grobin?', 'Whedon', 'Gad')
auth.auth_logout(user1['token'])
auth.auth_passwordreset_request('*****@*****.**')
with pytest.raises(InputError):
assert auth.auth_passwordreset_reset('invalid_code', 'plsdontwork')
assert auth.auth_passwordreset_reset('another_invalid_code',
'good night')
other.clear()
def test_auth_password_request_test():
clear()
#resgistering user to test
auth_register('*****@*****.**', '123abc!@#', 'Hayden', 'Everest',
None)
#checking a request assigns the user a reset code
auth_passwordreset_request('*****@*****.**')
for user in users:
if user['u_id'] == 1:
assert user['reset_code'] != 0
break
def test_password_reset_invalid_reset_code():
'''reset_code is not a valid reset code'''
clear()
# Valid information has been summitted to register from the first user
auth_register("*****@*****.**", "ihfeh3hgi00d", "Yilang", "W")
# Vadid information has been summitted to register from the second user
auth_register("*****@*****.**", "VukkFs", "Bill", "Gates")
# Vadid information has been summitted to register from the third user
auth_register("*****@*****.**", "RFVtgb45678", "M", "Johnson")
# User 2 send a password reset request
auth_passwordreset_request("*****@*****.**")
# User 2 change the password with reset_code that has only 4 digits
with pytest.raises(InputError):
auth_passwordreset_reset(str(1234), "Qwerty567")
def test_invalid_new_password_unsuccessful_reset():
"""
Tests unsuccessful uses of passwordreset_reset,
focusing on invalid new passwords
"""
user1 = auth.auth_register('*****@*****.**', 'password', 'first',
'last')
auth.auth_logout(user1['token'])
auth.auth_passwordreset_request('*****@*****.**')
time.sleep(2)
code = get_code_from_email()
with pytest.raises(InputError):
assert auth.auth_passwordreset_reset(code, '')
assert auth.auth_passwordreset_reset(code, '12345')
other.clear()
def test_password_reset_wrong_reset_code1():
'''reset_code is not a valid reset code'''
clear()
# Valid information has been summitted to register from the first user
auth_register("*****@*****.**", "ihfeh3hgi00d", "Yilang", "W")
# Vadid information has been summitted to register from the second user
auth_register("*****@*****.**", "VukkFs", "Bill", "Gates")
# Vadid information has been summitted to register from the third user
auth_register("*****@*****.**", "RFVtgb45678", "M", "Johnson")
# User 2 send a password reset request
auth_passwordreset_request("*****@*****.**")
# User 2 change the password with wrong reset_code
reset_code = data['users'][2]['reset_code']
with pytest.raises(InputError):
auth_passwordreset_reset(reset_code, "Qwer7")
def test_password_reset_valid1():
'''Valid password reset by a member of flockr'''
clear()
# Valid information has been summitted to register from the first user
auth_register("*****@*****.**", "ihfeh3hgi00d", "Yilang", "W")
# Vadid information has been summitted to register from the second user
auth_register("*****@*****.**", "VukkFs", "Bill", "Gates")
# Vadid information has been summitted to register from the third user
auth_register("*****@*****.**", "RFVtgb45678", "M", "Johnson")
# User 2 send a password reset request
auth_passwordreset_request("*****@*****.**")
# User 2 change the password
reset_code = data['users'][2]['reset_code']
auth_passwordreset_reset(reset_code, "Qwerty567")
assert data['users'][2]['password'] == password_encode("Qwerty567")
def reset_request():
"""
Sends user email using http
"""
data = request.get_json()
email = data['email']
return auth.auth_passwordreset_request(email)
def test_logged_in_unsuccessful_request():
"""
Tests unsuccessful uses of passwordreset_request,
focusing on accounts that are logged in
"""
auth.auth_register('*****@*****.**', 'letsgooo', 'Fora', 'Walk')
with pytest.raises(InputError):
assert auth.auth_passwordreset_request('*****@*****.**')
other.clear()
def test_auth_passwordreset_reset_invalid_new_password():
'''
This is a test to ensure that the test fails as a result of
the new_password field not meeting the requirements for a valid password.
'''
other.clear()
test_user = auth_register("*****@*****.**", "abcd1081$#", "John", "Smith")
#auth_passwordreset_request("*****@*****.**")
# call a function to randomly generate the reset_code
auth_passwordreset_request("*****@*****.**")
code = ''
for reset_code in data.reset_codes:
if test_user['u_id'] == reset_code['u_id']:
code = reset_code['reset_code']
with pytest.raises(InputError):
new_password = "******"
auth_passwordreset_reset(code, new_password)
def test_auth_passwordreset_reset_success_case():
'''
This test will be used to check whether or not the user
receives the error_code that was sent out. (This test might be redundant).
'''
other.clear()
test_user = auth_register("*****@*****.**", "abcd1081$#", "John", "Smith")
auth_passwordreset_request("*****@*****.**")
code = ''
for reset_code in data.reset_codes:
if test_user['u_id'] == reset_code['u_id']:
code = reset_code['reset_code']
auth_passwordreset_reset(code, "wxyz1081$#")
auth_logout(test_user['token'])
auth_login("*****@*****.**", "wxyz1081$#")
def test_auth_passwordreset_reset_another_user():
'''
Test if another user can also reset their password
'''
other.clear()
auth_register("*****@*****.**", "abcd1081$#", "John", "Smith")
user2 = auth_register("*****@*****.**", "abcd1081$", "Will", "Smith")
auth_passwordreset_request("*****@*****.**")
auth_passwordreset_request("*****@*****.**")
code = ''
for reset_code in data.reset_codes:
if user2['u_id'] == reset_code['u_id']:
code = reset_code['reset_code']
auth_passwordreset_reset(code, "wxyz1081$#")
auth_logout(user2['token'])
auth_login("*****@*****.**", "wxyz1081$#")
def test_reset_password_short():
"""
password entered is less than 6 characters long
"""
server_data = Server_data()
email = "*****@*****.**"
auth_register(server_data, email, "abcde123", "Jay", "Chen")
# get the user's full information by email
# reset code should be empty
user_full = server_data.get_user_by_email(email)
assert user_full.reset_code == ""
# request to set a new password, will get a reset_code
# after request send, user receive a secret reset_code
auth_passwordreset_request(server_data, email)
reset_code = user_full.reset_code
assert reset_code != ""
with pytest.raises(InputError):
auth_passwordreset_reset(server_data, reset_code, "abc")
def test_password_reset():
"""
Check if password reset works for valid inputs.
"""
registered_email = "*****@*****.**"
return_1 = auth_passwordreset_request(registered_email)
# String sent
reset_string = jwt.encode({'email': registered_email},
'changepassword',
algorithm='HS256')
new_password = "******"
return_2 = auth_passwordreset_reset(reset_string, new_password)
assert return_1 == {} and return_2 == {}
