class TestResetView(TestCase): def setUp(self): super().setUp() d = Domain(name="example.com") DBSession.add(d) DBSession.flush() self.address = Address(domain_id=d.id, local_part="test") self.address.set_password("pw") DBSession.add(self.address) DBSession.flush() self.valid_token = PwResetToken(address_id=self.address.id) self.expired_token = PwResetToken(address_id=self.address.id) self.expired_token.create_date = datetime.now() - timedelta(days=10) DBSession.add_all([self.valid_token, self.expired_token]) DBSession.flush() def test_not_found(self): request = DummyRequest(matchdict=dict(token="invalid")) r = views.reset(request) self.assertIsInstance(r, HTTPNotFound) def test_form(self): request = DummyRequest(matchdict=dict(token=self.valid_token.token)) r = views.reset(request) self.assertIsInstance(r, dict) self.assertIn("address", r) self.assertEqual(r["address"], self.address) def test_expired(self): request = DummyRequest(matchdict=dict(token=self.expired_token.token)) r = views.reset(request) self.assertIsInstance(r, HTTPSeeOther) def test_reset(self): # Wrong input, should not be changed request = DummyRequest(matchdict=dict(token=self.valid_token.token), post=dict(password="******")) r = views.reset(request) self.assertIsInstance(r, HTTPSeeOther) self.assertFalse(self.address.check_password("newpw")) # Wrong input, should not be changed request = DummyRequest( matchdict=dict(token=self.valid_token.token), post=dict(password="******", password2="NOTnewpw") ) r = views.reset(request) self.assertIsInstance(r, HTTPSeeOther) self.assertFalse(self.address.check_password("newpw")) # Valid input, should be changed request = DummyRequest( matchdict=dict(token=self.valid_token.token), post=dict(password="******", password2="newpw") ) r = views.reset(request) self.assertIsInstance(r, HTTPSeeOther) self.assertTrue(self.address.check_password("newpw")) # Already used token, should not be changed request = DummyRequest( matchdict=dict(token=self.valid_token.token), post=dict(password="******", password2="lastpw") ) r = views.reset(request) self.assertIsInstance(r, HTTPNotFound) self.assertTrue(self.address.check_password("newpw"))