def test_reset_logout():
"""
Testing that once password is successfully reset, the user is logged out.
"""
clear()
email = '*****@*****.**'
result = auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
password = '******'
auth.auth_passwordreset_reset(reset_code, password)
# comparing hashed password
hashed = hashlib.sha256(password.encode()).hexdigest()
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
assert user['u_id'] != result['u_id']
# making sure new hashed password is stored
data = pickle.load(open("data.p", "rb"))
for user in data.get_users():
if user['u_id'] == result['u_id']:
assert user['password'] == hashed
clear()
def test_reset_password_multiple_user():
"""
Testing that password is actually updated
"""
clear()
email = '*****@*****.**'
auth.auth_register('*****@*****.**', 'abcdefg', 'Jane', 'Smith')
result = auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
password = '******'
auth.auth_passwordreset_reset(reset_code, password)
# comparing hashed password
hashed = hashlib.sha256(password.encode()).hexdigest()
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
assert user['u_id'] != result['u_id']
# making sure new hashed password is stored
data = pickle.load(open("data.p", "rb"))
for user in data.get_users():
if user['u_id'] == result['u_id']:
assert user['password'] == hashed
clear()
def test_reset_invalid_secret():
"""
Testing that invalid passwords cannot be used to reset
"""
clear()
email = '*****@*****.**'
auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
reset_code = 'invalid'
with pytest.raises(InputError):
auth.auth_passwordreset_reset(reset_code, 'new_password')
clear()
def test_reset_invalid_password_3():
"""
Testing that invalid passwords cannot be used to reset
"""
clear()
email = '*****@*****.**'
result = auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
with pytest.raises(InputError):
auth.auth_passwordreset_reset(reset_code, 'h')
clear()
def test_reset_done():
"""
Testing that once the password has successfully been reset, user is removed from
'reset_users' field.
"""
clear()
email = '*****@*****.**'
result = auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
auth.auth_passwordreset_reset(reset_code, 'new_password')
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
assert user['u_id'] != result['u_id']
clear()
def test_reset_consecutive():
"""
Testing that a user can consecutively request and reset their password.
"""
clear()
email = '*****@*****.**'
result = auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
password = '******'
auth.auth_passwordreset_reset(reset_code, password)
# comparing hashed password
hashed = hashlib.sha256(password.encode()).hexdigest()
# making sure new hashed password is stored
data = pickle.load(open("data.p", "rb"))
for user in data.get_users():
if user['u_id'] == result['u_id']:
assert user['password'] == hashed
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
password = '******'
auth.auth_passwordreset_reset(reset_code, password)
# comparing hashed password
hashed = hashlib.sha256(password.encode()).hexdigest()
# making sure new hashed password is stored
data = pickle.load(open("data.p", "rb"))
for user in data.get_users():
if user['u_id'] == result['u_id']:
assert user['password'] == hashed
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
password = '******'
auth.auth_passwordreset_reset(reset_code, password)
# comparing hashed password
hashed = hashlib.sha256(password.encode()).hexdigest()
# making sure new hashed password is stored
data = pickle.load(open("data.p", "rb"))
for user in data.get_users():
if user['u_id'] == result['u_id']:
assert user['password'] == hashed
clear()
def route_auth_passwordreset_reset():
"""Given a reset code for a user, set that user's new password to the
password provided
Args:
reset_code (string)
new_password (string)
Returns:
(dict): {}
"""
payload = request.get_json()
reset_code = payload['reset_code']
new_password = payload['new_password']
try:
return dumps(auth.auth_passwordreset_reset(reset_code, new_password))
except (InputError, AccessError) as e:
return e