Exemple #1
0
 def test_reset_numeric_password(self):
     old_password = '******'
     new_password = '******'
     user = self.create_test_user(password=old_password)
     signer = ResetPasswordSigner({'user_id': user.pk})
     data = signer.get_signed_data()
     data['password'] = new_password
     request = self.factory.post('', data)
     response = reset_password(request)
     self.assert_response_is_bad_request(response)
     user.refresh_from_db()
     self.assertTrue(user.check_password(old_password))
Exemple #2
0
 def test_reset_tampered_timestamp(self):
     old_password = '******'
     new_password = '******'
     user = self.create_test_user(password=old_password)
     signer = ResetPasswordSigner({'user_id': user.pk})
     data = signer.get_signed_data()
     data['timestamp'] += 1
     data['password'] = new_password
     request = self.factory.post('', data)
     response = reset_password(request)
     self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST)
     user.refresh_from_db()
     self.assertTrue(user.check_password(old_password))
Exemple #3
0
 def test_reset_password_same_as_username(self):
     username = '******'
     old_password = '******'
     new_password = username
     user = self.create_test_user(username=username, password=old_password)
     signer = ResetPasswordSigner({'user_id': user.pk})
     data = signer.get_signed_data()
     data['password'] = new_password
     request = self.factory.post('', data)
     response = reset_password(request)
     self.assert_response_is_bad_request(response)
     user.refresh_from_db()
     self.assertTrue(user.check_password(old_password))
Exemple #4
0
 def test_reset_expired(self):
     timestamp = int(time.time())
     old_password = '******'
     new_password = '******'
     user = self.create_test_user(password=old_password)
     with patch('time.time', side_effect=lambda: timestamp):
         signer = ResetPasswordSigner({'user_id': user.pk})
         data = signer.get_signed_data()
     data['password'] = new_password
     request = self.factory.post('', data)
     with patch('time.time', side_effect=lambda: timestamp + 3600 * 24 * 8):
         response = reset_password(request)
     self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST)
     user.refresh_from_db()
     self.assertTrue(user.check_password(old_password))