def test_clear_expired_tokens(self):
settings.OAUTH2_PROVIDER['REFRESH_TOKEN_EXPIRE_SECONDS'] = 3600
initial_count = 5
now = timezone.now()
expires = now - timedelta(days=1)
users = UserFactory.create_batch(initial_count)
for user in users:
application = factories.ApplicationFactory(user=user)
factories.AccessTokenFactory(user=user,
application=application,
expires=expires)
self.assertEqual(
AccessToken.objects.filter(refresh_token__isnull=True,
expires__lt=now).count(), initial_count)
original_delete = QuerySet.delete
QuerySet.delete = counter(QuerySet.delete)
try:
call_command('edx_clear_expired_tokens',
batch_size=1,
sleep_time=0)
self.assertEqual(QuerySet.delete.invocations, initial_count)
self.assertEqual(
AccessToken.objects.filter(refresh_token__isnull=True,
expires__lt=now).count(), 0)
finally:
QuerySet.delete = original_delete
def test_delete_dot_models(self):
user = UserFactory.create()
app = factories.ApplicationFactory(user=user)
access_token = factories.AccessTokenFactory(user=user, application=app)
factories.RefreshTokenFactory(
user=user,
application=app,
access_token=access_token,
)
DOTGrant.objects.create(
user=user,
application=app,
expires=datetime.datetime(2018, 1, 1),
)
retire_dot_oauth2_models(user)
applications = DOTApplication.objects.filter(user_id=user.id)
access_tokens = DOTAccessToken.objects.filter(user_id=user.id)
refresh_tokens = DOTRefreshToken.objects.filter(user_id=user.id)
grants = DOTGrant.objects.filter(user=user)
query_sets = [applications, access_tokens, refresh_tokens, grants]
for query_set in query_sets:
self.assertFalse(query_set.exists())
def test_excluded_application_ids(self):
settings.OAUTH2_PROVIDER['REFRESH_TOKEN_EXPIRE_SECONDS'] = 3600
expires = timezone.now() - timedelta(days=1)
application = factories.ApplicationFactory()
access_token = factories.AccessTokenFactory(user=application.user,
application=application,
expires=expires)
factories.RefreshTokenFactory(user=application.user,
application=application,
access_token=access_token)
with LogCapture(LOGGER_NAME) as log:
call_command('edx_clear_expired_tokens',
sleep_time=0,
excluded_application_ids=str(application.id))
log.check(
(LOGGER_NAME, 'INFO', 'Cleaning {} rows from {} table'.format(
0, RefreshToken.__name__)), (
LOGGER_NAME,
'INFO',
'Cleaning {} rows from {} table'.format(
0, AccessToken.__name__),
), (
LOGGER_NAME,
'INFO',
'Cleaning 0 rows from Grant table',
))
self.assertTrue(
RefreshToken.objects.filter(application=application).exists())
def test_reset_password_email(self, body_type, expected_output):
"""Tests contents of reset password email, and that user is not active"""
good_req = self.request_factory.post('/password_reset/',
{'email': self.user.email})
good_req.user = self.user
good_req.site = Mock(domain='example.com')
dot_application = dot_factories.ApplicationFactory(user=self.user)
dot_access_token = dot_factories.AccessTokenFactory(
user=self.user, application=dot_application)
dot_factories.RefreshTokenFactory(user=self.user,
application=dot_application,
access_token=dot_access_token)
good_resp = password_reset(good_req)
assert good_resp.status_code == 200
assert not dot_models.AccessToken.objects.filter(
user=self.user).exists()
assert not dot_models.RefreshToken.objects.filter(
user=self.user).exists()
obj = json.loads(good_resp.content.decode('utf-8'))
assert obj['success']
assert 'e-mailed you instructions for setting your password' in obj[
'value']
from_email = configuration_helpers.get_value(
'email_from_address', settings.DEFAULT_FROM_EMAIL)
sent_message = mail.outbox[0]
bodies = {
'plain_text': sent_message.body,
'html': sent_message.alternatives[0][0],
}
body = bodies[body_type]
if django.VERSION >= (3, 0) and body_type == 'html':
expected_output = "You're receiving this e-mail because you requested a password reset"
assert 'Password reset' in sent_message.subject
assert expected_output in body
assert sent_message.from_email == from_email
assert len(sent_message.to) == 1
assert self.user.email in sent_message.to
self.assert_event_emitted(
SETTING_CHANGE_INITIATED,
user_id=self.user.id,
setting='password',
old=None,
new=None,
)
# Test that the user is not active
self.user = User.objects.get(pk=self.user.pk)
assert not self.user.is_active
assert 'password_reset_confirm/' in body
re.search(
r'password_reset_confirm/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)/',
body).groupdict()
def _create_dot_tokens(self, user=None):
"""Create dop access token for given user if user provided else for default user."""
if not user:
user = User.objects.get(email=self.OLD_EMAIL)
application = dot_factories.ApplicationFactory(user=user)
access_token = dot_factories.AccessTokenFactory(user=user, application=application)
dot_factories.RefreshTokenFactory(user=user, application=application, access_token=access_token)
def _create_dot_access_token(self, grant_type='Client credentials'):
"""
Create dot based access token
"""
dot_application = dot_factories.ApplicationFactory(
user=self.user, authorization_grant_type=grant_type)
return dot_factories.AccessTokenFactory(user=self.user,
application=dot_application)
def test_refresh_token_factory(self):
application = factories.ApplicationFactory(user=self.user)
access_token = factories.AccessTokenFactory(user=self.user, application=application)
actual_refresh_token = factories.RefreshTokenFactory(
user=self.user, application=application, access_token=access_token
)
expected_refresh_token = RefreshToken.objects.get(user=self.user, access_token=access_token)
self.assertEqual(actual_refresh_token, expected_refresh_token)
def test_reset_password_email(self, body_type, expected_output):
"""Tests contents of reset password email, and that user is not active"""
good_req = self.request_factory.post('/password_reset/',
{'email': self.user.email})
good_req.user = self.user
good_req.site = Mock(domain='example.com')
dot_application = dot_factories.ApplicationFactory(user=self.user)
dot_access_token = dot_factories.AccessTokenFactory(
user=self.user, application=dot_application)
dot_factories.RefreshTokenFactory(user=self.user,
application=dot_application,
access_token=dot_access_token)
good_resp = password_reset(good_req)
self.assertEqual(good_resp.status_code, 200)
self.assertFalse(
dot_models.AccessToken.objects.filter(user=self.user).exists())
self.assertFalse(
dot_models.RefreshToken.objects.filter(user=self.user).exists())
obj = json.loads(good_resp.content.decode('utf-8'))
self.assertTrue(obj['success'])
self.assertIn('e-mailed you instructions for setting your password',
obj['value'])
from_email = configuration_helpers.get_value(
'email_from_address', settings.DEFAULT_FROM_EMAIL)
sent_message = mail.outbox[0]
bodies = {
'plain_text': sent_message.body,
'html': sent_message.alternatives[0][0],
}
body = bodies[body_type]
self.assertIn("Password reset", sent_message.subject)
self.assertIn(expected_output, body)
self.assertEqual(sent_message.from_email, from_email)
self.assertEqual(len(sent_message.to), 1)
self.assertIn(self.user.email, sent_message.to)
self.assert_event_emitted(
SETTING_CHANGE_INITIATED,
user_id=self.user.id,
setting=u'password',
old=None,
new=None,
)
# Test that the user is not active
self.user = User.objects.get(pk=self.user.pk)
self.assertFalse(self.user.is_active)
self.assertIn('password_reset_confirm/', body)
re.search(
r'password_reset_confirm/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)/',
body).groupdict()
def test_reset_password_email(self, send_email):
"""
Tests contents of reset password email, and that user is not active
"""
good_req = self.request_factory.post('/password_reset/', {'email': self.user.email})
good_req.user = self.user
dop_client = ClientFactory()
dop_access_token = AccessTokenFactory(user=self.user, client=dop_client)
RefreshTokenFactory(user=self.user, client=dop_client, access_token=dop_access_token)
dot_application = dot_factories.ApplicationFactory(user=self.user)
dot_access_token = dot_factories.AccessTokenFactory(user=self.user, application=dot_application)
dot_factories.RefreshTokenFactory(user=self.user, application=dot_application, access_token=dot_access_token)
good_resp = password_reset(good_req)
self.assertEquals(good_resp.status_code, 200)
self.assertFalse(dop_models.AccessToken.objects.filter(user=self.user).exists())
self.assertFalse(dop_models.RefreshToken.objects.filter(user=self.user).exists())
self.assertFalse(dot_models.AccessToken.objects.filter(user=self.user).exists())
self.assertFalse(dot_models.RefreshToken.objects.filter(user=self.user).exists())
obj = json.loads(good_resp.content)
self.assertEquals(obj, {
'success': True,
'value': "('registration/password_reset_done.html', [])",
})
(subject, msg, from_addr, to_addrs) = send_email.call_args[0]
self.assertIn("Password reset", subject)
self.assertIn("You're receiving this e-mail because you requested a password reset", msg)
self.assertEquals(from_addr, configuration_helpers.get_value('email_from_address', settings.DEFAULT_FROM_EMAIL))
self.assertEquals(len(to_addrs), 1)
self.assertIn(self.user.email, to_addrs)
self.assert_event_emitted(
SETTING_CHANGE_INITIATED, user_id=self.user.id, setting=u'password', old=None, new=None,
)
#test that the user is not active
self.user = User.objects.get(pk=self.user.pk)
self.assertFalse(self.user.is_active)
re.search(r'password_reset_confirm/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)/', msg).groupdict()
def test_access_token_client_factory(self):
application = factories.ApplicationFactory(user=self.user)
actual_access_token = factories.AccessTokenFactory(
user=self.user, application=application)
expected_access_token = AccessToken.objects.get(user=self.user)
self.assertEqual(actual_access_token, expected_access_token)
def test_client_factory(self):
actual_application = factories.ApplicationFactory(user=self.user)
expected_application = Application.objects.get(user=self.user)
self.assertEqual(actual_application, expected_application)