Exemple #1
0
    def test_password_reset(self):
        """
        Test User.password_reset_initiate
        Test User.password_reset_complete
        Test views.view_password_reset POST
        """

        # initiate request
        request = self.factory.post("/reset-password",
                                    data={"email": self.user_a.email})
        request._dont_enforce_csrf_checks = True
        resp = views.view_password_reset(request)

        # check that password-reset instance was created
        pr = models.UserPasswordReset.objects.get(user=self.user_a)

        self.assertIsNotNone(pr.token)
        self.assertEqual(pr.is_valid(), True)

        # re-initiate internally so we can get the token
        token, hashed = self.user_a.password_reset_initiate()
        pr = self.user_a.password_reset

        # password reset request
        pwd = "abcdefghjikl"
        request = self.factory.post(
            "/reset-password",
            data={
                "target": self.user_a.id,
                "token": token,
                "password": pwd,
                "password_v": pwd,
            },
        )
        request._dont_enforce_csrf_checks = True
        resp = views.view_password_reset(request)

        self.assertEqual(json.loads(resp.content)["status"], "ok")

        with pytest.raises(models.UserPasswordReset.DoesNotExist):
            models.UserPasswordReset.objects.get(user=self.user_a)

        # initiate another request so we can test failures
        token, hashed = self.user_a.password_reset_initiate()

        # failure test: invalid token
        request = self.factory.post(
            "/reset-password",
            data={
                "target": self.user_a.id,
                "token": "wrong",
                "password": pwd,
                "password_v": pwd,
            },
        )
        request._dont_enforce_csrf_checks = True
        resp = views.view_password_reset(request)
        self.assertEqual(resp.status_code, 400)

        # failure test: invalid password(s): length
        request = self.factory.post(
            "/reset-password",
            data={
                "target": self.user_a.id,
                "token": token,
                "password": "******",
                "password_v": "a",
            },
        )
        request._dont_enforce_csrf_checks = True
        resp = views.view_password_reset(request)
        self.assertEqual(resp.status_code, 400)

        # failure test: invalid password(s): validation mismatch
        request = self.factory.post(
            "/reset-password",
            data={
                "target": self.user_a.id,
                "token": token,
                "password": pwd,
                "password_v": "a",
            },
        )
        request._dont_enforce_csrf_checks = True
        resp = views.view_password_reset(request)
        self.assertEqual(resp.status_code, 400)

        # failure test: invalid target
        request = self.factory.post(
            "/reset-password",
            data={
                "target": self.user_b.id,
                "token": token,
                "password": pwd,
                "password_v": pwd,
            },
        )
        request._dont_enforce_csrf_checks = True
        resp = views.view_password_reset(request)
        self.assertEqual(resp.status_code, 400)
Exemple #2
0
    def test_password_reset(self):
        """
        Test User.password_reset_initiate
        Test User.password_reset_complete
        Test views.view_password_reset POST
        """

        # initiate request
        request = self.factory.post("/reset-password", data={
            "email": self.user_a.email
        })
        request._dont_enforce_csrf_checks = True
        resp = views.view_password_reset(request)

        # check that password-reset instance was created
        pr = models.UserPasswordReset.objects.get(user=self.user_a)

        self.assertIsNotNone(pr.token)
        self.assertEqual(pr.is_valid(), True)

        # re-initiate internally so we can get the token
        token, hashed = self.user_a.password_reset_initiate()
        pr = self.user_a.password_reset

        # password reset request
        pwd = "abcdefghjikl"
        request = self.factory.post(
            "/reset-password", data={
                "target": self.user_a.id,
                "token": token,
                "password": pwd,
                "password_v": pwd
            })
        request._dont_enforce_csrf_checks = True
        resp = views.view_password_reset(request)

        self.assertEqual(json.loads(resp.content)["status"], "ok")

        with self.assertRaises(models.UserPasswordReset.DoesNotExist):
            models.UserPasswordReset.objects.get(user=self.user_a)

        # initiate another request so we can test failures
        token, hashed = self.user_a.password_reset_initiate()

        # failure test: invalid token
        request = self.factory.post(
            "/reset-password", data={
                "target": self.user_a.id,
                "token": "wrong",
                "password": pwd,
                "password_v": pwd
            })
        request._dont_enforce_csrf_checks = True
        resp = views.view_password_reset(request)
        self.assertEqual(resp.status_code, 400)

        # failure test: invalid password(s): length
        request = self.factory.post(
            "/reset-password", data={
                "target": self.user_a.id,
                "token": token,
                "password": "******",
                "password_v": "a"
            })
        request._dont_enforce_csrf_checks = True
        resp = views.view_password_reset(request)
        self.assertEqual(resp.status_code, 400)

        # failure test: invalid password(s): validation mismatch
        request = self.factory.post(
            "/reset-password", data={
                "target": self.user_a.id,
                "token": token,
                "password": pwd,
                "password_v": "a"
            })
        request._dont_enforce_csrf_checks = True
        resp = views.view_password_reset(request)
        self.assertEqual(resp.status_code, 400)

        # failure test: invalid target
        request = self.factory.post(
            "/reset-password", data={
                "target": self.user_b.id,
                "token": token,
                "password": pwd,
                "password_v": pwd
            })
        request._dont_enforce_csrf_checks = True
        resp = views.view_password_reset(request)
        self.assertEqual(resp.status_code, 400)