Esempio n. 1
0
    def test_inactive_user(self):
        """change password api errors for inactive users"""
        self.user.requires_activation = 1
        self.user.save()

        response = self.client.post(
            self.link % self.user.pk,
            data={
                'password': '******',
                'token': make_password_change_token(self.user),
            },
        )
        self.assertContains(response,
                            "You have to activate your account",
                            status_code=400)

        self.user.requires_activation = 2
        self.user.save()

        response = self.client.post(
            self.link % self.user.pk,
            data={
                'password': '******',
                'token': make_password_change_token(self.user),
            },
        )
        self.assertContains(response,
                            "Administrator has to activate your account",
                            status_code=400)
Esempio n. 2
0
def send_password_form(request):
    """
    POST /auth/send-password-form/ with CSRF token and email
    will mail change password form link to requester
    """
    form = ResetPasswordForm(request.data)
    if form.is_valid():
        requesting_user = form.user_cache

        mail_subject = _("Change %(user)s password on %(forum_name)s forums") % {
            'user': requesting_user.username,
            'forum_name': settings.forum_name,
        }

        confirmation_token = make_password_change_token(requesting_user)

        mail_user(
            request,
            requesting_user,
            mail_subject,
            'misago/emails/change_password_form_link',
            {
                'confirmation_token': confirmation_token,
            },
        )

        return Response({
            'username': form.user_cache.username,
            'email': form.user_cache.email,
        })
    else:
        return Response(
            form.get_errors_dict(),
            status=status.HTTP_400_BAD_REQUEST,
        )
Esempio n. 3
0
    def test_valid_link(self):
        """get validates link"""
        response = self.client.get(
            self.link % (self.user.id, make_password_change_token(self.user)))

        self.assertEqual(response.status_code, 200)
        self.assertIn(self.user.username, response.content)
Esempio n. 4
0
def send_password_form(request):
    """
    POST /auth/send-password-form/ with CSRF token and email
    will mail change password form link to requester
    """
    form = ResetPasswordForm(request.data)
    if form.is_valid():
        requesting_user = form.user_cache

        mail_subject = _("Change %(user)s password on %(forum_name)s forums") % {
            'user': requesting_user.username,
            'forum_name': settings.forum_name,
        }

        confirmation_token = make_password_change_token(requesting_user)

        mail_user(
            request,
            requesting_user,
            mail_subject,
            'misago/emails/change_password_form_link',
            {
                'confirmation_token': confirmation_token,
            },
        )

        return Response({
            'username': form.user_cache.username,
            'email': form.user_cache.email,
        })
    else:
        return Response(
            form.get_errors_dict(),
            status=status.HTTP_400_BAD_REQUEST,
        )
Esempio n. 5
0
    def test_invalid_user_id_link(self):
        """get errors on invalid user id link"""
        response = self.client.get(
            self.link % (123, make_password_change_token(self.user)))

        self.assertEqual(response.status_code, 400)
        self.assertIn('Form link is invalid.', response.content)
Esempio n. 6
0
def send_link(request):
    form = ResetPasswordForm(request.DATA)
    if form.is_valid():
        requesting_user = form.user_cache

        mail_subject = _("Change %(user)s password "
                         "on %(forum_title)s forums")
        subject_formats = {
            'user': requesting_user.username,
            'forum_title': settings.forum_name
        }
        mail_subject = mail_subject % subject_formats

        confirmation_token = make_password_change_token(requesting_user)

        mail_user(request, requesting_user, mail_subject,
                  'misago/emails/change_password_form_link',
                  {'confirmation_token': confirmation_token})

        return Response({
            'username': form.user_cache.username,
            'email': form.user_cache.email
        })
    else:
        return Response(form.get_errors_dict(),
                        status=status.HTTP_400_BAD_REQUEST)
    def test_change_view_returns_200(self):
        """change password view returns 200"""
        User = get_user_model()
        test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123')

        response = self.client.get(
            reverse('misago:forgotten_password_change_form',
                    kwargs={
                        'user_id': test_user.id,
                        'token': make_password_change_token(test_user)
                    }))
        self.assertEqual(response.status_code, 200)

        # test invalid user
        response = self.client.get(
            reverse('misago:forgotten_password_change_form',
                    kwargs={
                        'user_id': 7681,
                        'token': 'a7d8sa97d98sa798dsa'
                    }))
        self.assertEqual(response.status_code, 200)

        # test invalid token
        response = self.client.get(
            reverse('misago:forgotten_password_change_form',
                    kwargs={
                        'user_id': test_user.id,
                        'token': 'asd79as87ds9a8d7sa'
                    }))
        self.assertEqual(response.status_code, 200)
    def test_change_view_returns_200(self):
        """change password view returns 200"""
        User = get_user_model()
        test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123')

        response = self.client.get(
            reverse('misago:forgotten_password_change_form', kwargs={
                'user_id': test_user.id,
                'token': make_password_change_token(test_user)
            }))
        self.assertEqual(response.status_code, 200)

        # test invalid user
        response = self.client.get(
            reverse('misago:forgotten_password_change_form', kwargs={
                'user_id': 7681,
                'token': 'a7d8sa97d98sa798dsa'
            }))
        self.assertEqual(response.status_code, 200)

        # test invalid token
        response = self.client.get(
            reverse('misago:forgotten_password_change_form', kwargs={
                'user_id': test_user.id,
                'token': 'asd79as87ds9a8d7sa'
            }))
        self.assertEqual(response.status_code, 200)
Esempio n. 9
0
def send_password_form(request):
    form = ResetPasswordForm(request.data)
    if form.is_valid():
        requesting_user = form.user_cache

        mail_subject = _("Change %(user)s password on %(forum_name)s forums")
        subject_formats = {
            'user': requesting_user.username,
            'forum_name': settings.forum_name,
        }
        mail_subject = mail_subject % subject_formats

        confirmation_token = make_password_change_token(requesting_user)

        mail_user(request, requesting_user, mail_subject,
                  'misago/emails/change_password_form_link',
                  {'confirmation_token': confirmation_token})

        return Response({
                'username': form.user_cache.username,
                'email': form.user_cache.email
            })
    else:
        return Response(form.get_errors_dict(),
                        status=status.HTTP_400_BAD_REQUEST)
Esempio n. 10
0
def send_password_form(request):
    """
    POST /auth/send-password-form/ with CSRF token and email
    will mail change password form link to requester
    """
    serializer = SendPasswordFormSerializer(data=request.data)
    serializer.is_valid(raise_exception=True)
    serializer.raise_if_banned()

    user = serializer.validated_data['user']

    mail_subject = _("Change %(user)s password on %(forum_name)s forums") % {
        'user': user.username,
        'forum_name': settings.forum_name,
    }

    confirmation_token = make_password_change_token(user)

    mail_user(
        request,
        user,
        mail_subject,
        'misago/emails/change_password_form_link',
        {
            'confirmation_token': confirmation_token,
        },
    )

    return Response({
        'username': user.username,
        'email': user.email,
    })
Esempio n. 11
0
 def test_submit_empty(self):
     """change password api errors for empty body"""
     response = self.client.post(
         self.link % (self.user.pk, make_password_change_token(self.user)))
     self.assertContains(response,
                         "This password is too shor",
                         status_code=400)
    def test_inactive_user(self):
        """change password api errors for inactive users"""
        self.user.requires_activation = 1
        self.user.save()

        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user))
        )
        self.assertContains(response, "Your link has expired.", status_code=400)

        self.user.requires_activation = 2
        self.user.save()

        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user))
        )
        self.assertContains(response, "Your link has expired.", status_code=400)
Esempio n. 13
0
 def setUp(self):
     User = get_user_model()
     self.user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123')
     self.link = reverse('misago:api:change_password_validate_token',
                         kwargs={
                             'user_id': self.user.id,
                             'token': make_password_change_token(self.user)
                         })
Esempio n. 14
0
    def test_inactive_user(self):
        """request change password form link api errors for inactive users"""
        self.user.requires_activation = 1
        self.user.save()

        response = self.client.get(
            self.link % (self.user.id, make_password_change_token(self.user)))
        self.assertEqual(response.status_code, 400)
        self.assertIn('Your link has expired.', response.content)

        self.user.requires_activation = 2
        self.user.save()

        response = self.client.get(
            self.link % (self.user.id, make_password_change_token(self.user)))
        self.assertEqual(response.status_code, 400)
        self.assertIn('Your link has expired.', response.content)
Esempio n. 15
0
    def test_inactive_user(self):
        """change password api errors for inactive users"""
        self.user.requires_activation = 1
        self.user.save()

        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user))
        )
        self.assertContains(response, "Your link has expired.", status_code=400)

        self.user.requires_activation = 2
        self.user.save()

        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user))
        )
        self.assertContains(response, "Your link has expired.", status_code=400)
Esempio n. 16
0
 def test_submit_empty(self):
     """submit change password form api errors for empty body"""
     response = self.client.post(self.link % (
             self.user.id,
             make_password_change_token(self.user)
         ))
     self.assertEqual(response.status_code, 400)
     self.assertIn('Valid password must', response.content)
 def test_submit_invalid_data(self):
     """login api errors for invalid data"""
     response = self.client.post(
         self.link % (self.user.pk, make_password_change_token(self.user)),
         'false',
         content_type="application/json",
     )
     self.assertContains(response, "Invalid data.", status_code=400)
Esempio n. 18
0
    def test_disabled_user(self):
        """change password api errors for disabled users"""
        self.user.is_active = False
        self.user.save()

        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user)))
        self.assertContains(response, "Form link is invalid.", status_code=400)
Esempio n. 19
0
    def test_submit_valid(self):
        """submit change password form api errors for empty body"""
        response = self.client.post(
            self.link % (self.user.id, make_password_change_token(self.user)),
            data={'password': '******'})
        self.assertEqual(response.status_code, 200)

        user = get_user_model().objects.get(id=self.user.id)
        self.assertTrue(user.check_password('n3wp4ss!'))
Esempio n. 20
0
    def test_invalid_user_id_link(self):
        """get errors on invalid user id link"""
        response = self.client.get(self.link % (
                123,
                make_password_change_token(self.user)
            ))

        self.assertEqual(response.status_code, 400)
        self.assertIn('Form link is invalid.', response.content)
    def test_disabled_user(self):
        """change password api errors for disabled users"""
        self.user.is_active = False
        self.user.save()

        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user))
        )
        self.assertContains(response, "Form link is invalid.", status_code=400)
Esempio n. 22
0
    def test_submit_valid(self):
        """submit change password form api changes password"""
        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user)),
            data={'password': '******'})
        self.assertEqual(response.status_code, 200)

        user = UserModel.objects.get(id=self.user.pk)
        self.assertTrue(user.check_password('n3wp4ss!'))
 def setUp(self):
     User = get_user_model()
     self.user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123')
     self.link = reverse(
         'misago:api:change_password_validate_token',
         kwargs={
             'user_id': self.user.id,
             'token': make_password_change_token(self.user)
         })
Esempio n. 24
0
    def test_valid_link(self):
        """get validates link"""
        response = self.client.get(self.link % (
                self.user.id,
                make_password_change_token(self.user)
            ))

        self.assertEqual(response.status_code, 200)
        self.assertIn(self.user.username, response.content)
Esempio n. 25
0
    def test_disabled_user(self):
        """change password api errors for disabled users"""
        self.user.is_active = False
        self.user.save()

        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user)))
        self.assertEqual(response.status_code, 400)
        self.assertEqual(response.json(),
                         {'detail': 'Form link is invalid. Please try again.'})
Esempio n. 26
0
    def test_submit_valid(self):
        """submit change password form api errors for empty body"""
        response = self.client.post(self.link % (
                self.user.id,
                make_password_change_token(self.user)
            ), data={'password': '******'})
        self.assertEqual(response.status_code, 200)

        user = get_user_model().objects.get(id=self.user.id)
        self.assertTrue(user.check_password('n3wp4ss!'))
Esempio n. 27
0
    def test_banned_user_link(self):
        """get errors because user is banned"""
        Ban.objects.create(check_type=BAN_USERNAME,
                           banned_value=self.user.username,
                           user_message='Nope!')

        response = self.client.get(
            self.link % (self.user.id, make_password_change_token(self.user)))
        self.assertEqual(response.status_code, 400)
        self.assertIn('Your link has expired.', response.content)
Esempio n. 28
0
 def test_submit_empty(self):
     """change password api errors for empty body"""
     response = self.client.post(
         self.link % (self.user.pk, make_password_change_token(self.user)))
     self.assertEqual(response.status_code, 400)
     self.assertEqual(
         response.json(), {
             'detail':
             "This password is too short. It must contain at least 7 characters."
         })
    def test_banned_user_link(self):
        """request errors because user is banned"""
        Ban.objects.create(
            check_type=Ban.USERNAME,
            banned_value=self.user.username,
            user_message='Nope!',
        )

        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user))
        )
        self.assertContains(response, "Your link has expired.", status_code=400)
    def test_submit_with_whitespaces(self):
        """submit change password form api changes password with whitespaces"""
        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user)),
            data={
                'password': '******',
            },
        )
        self.assertEqual(response.status_code, 200)

        user = UserModel.objects.get(id=self.user.pk)
        self.assertTrue(user.check_password(' n3wp4ss! '))
    def test_change_password_form(self):
        """change user password form displays for valid token"""
        User = get_user_model()
        test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123')

        password_token = make_password_change_token(test_user)

        response = self.client.get(
            reverse('misago:forgotten_password_change_form',
                    kwargs={'user_id': test_user.pk, 'token': password_token}))
        self.assertEqual(response.status_code, 200)
        self.assertIn(password_token, response.content)
Esempio n. 32
0
    def test_inactive_user(self):
        """change password api errors for inactive users"""
        self.user.requires_activation = 1
        self.user.save()

        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user)))
        self.assertEqual(response.status_code, 400)
        self.assertEqual(
            response.json(),
            {'detail': 'Your link has expired. Please request new one.'})

        self.user.requires_activation = 2
        self.user.save()

        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user)))
        self.assertEqual(response.status_code, 400)
        self.assertEqual(
            response.json(),
            {'detail': 'Your link has expired. Please request new one.'})
Esempio n. 33
0
    def test_banned_user_link(self):
        """request errors because user is banned"""
        Ban.objects.create(
            check_type=Ban.USERNAME,
            banned_value=self.user.username,
            user_message='Nope!',
        )

        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user))
        )
        self.assertContains(response, "Your link has expired.", status_code=400)
Esempio n. 34
0
    def test_inactive_user(self):
        """request change password form link api errors for inactive users"""
        self.user.requires_activation = 1
        self.user.save()

        response = self.client.get(self.link % (
                self.user.id,
                make_password_change_token(self.user)
            ))
        self.assertEqual(response.status_code, 400)
        self.assertIn('Your link has expired.', response.content)

        self.user.requires_activation = 2
        self.user.save()

        response = self.client.get(self.link % (
                self.user.id,
                make_password_change_token(self.user)
            ))
        self.assertEqual(response.status_code, 400)
        self.assertIn('Your link has expired.', response.content)
    def test_change_password_invalid_token(self):
        """invalid form token errors"""
        User = get_user_model()
        test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123')

        password_token = make_password_change_token(test_user)

        response = self.client.get(
            reverse('misago:forgotten_password_change_form',
                    kwargs={'user_id': test_user.pk, 'token': 'abcdfghqsads'}))
        self.assertEqual(response.status_code, 400)
        self.assertIn('your link is invalid', response.content)
Esempio n. 36
0
    def test_banned_user_link(self):
        """get errors because user is banned"""
        Ban.objects.create(check_type=BAN_USERNAME,
                           banned_value=self.user.username,
                           user_message='Nope!')

        response = self.client.get(self.link % (
                self.user.id,
                make_password_change_token(self.user)
            ))
        self.assertEqual(response.status_code, 400)
        self.assertIn('Your link has expired.', response.content)
Esempio n. 37
0
    def test_submit_with_whitespaces(self):
        """submit change password form api changes password with whitespaces"""
        response = self.client.post(
            self.link % self.user.pk,
            data={
                'password': '******',
                'token': make_password_change_token(self.user),
            },
        )
        self.assertEqual(response.status_code, 200)

        user = UserModel.objects.get(id=self.user.pk)
        self.assertTrue(user.check_password(' n3wp4ss! '))
Esempio n. 38
0
    def test_inactive_user(self):
        """change password api errors for inactive users"""
        self.user.requires_activation = 1
        self.user.save()

        response = self.client.post(
            self.link % self.user.pk,
            data={
                'password': '******',
                'token': make_password_change_token(self.user),
            },
        )
        self.assertEqual(response.status_code, 400)
        self.assertEqual(
            response.json(), {
                'non_field_errors': [
                    "You have to activate your account before you will "
                    "be able to change your password.",
                ],
            })

        self.user.requires_activation = 2
        self.user.save()

        response = self.client.post(
            self.link % self.user.pk,
            data={
                'password': '******',
                'token': make_password_change_token(self.user),
            },
        )
        self.assertEqual(response.status_code, 400)
        self.assertEqual(
            response.json(), {
                'non_field_errors': [
                    "Administrator has to activate your account before you "
                    "will be able to change your password.",
                ],
            })
Esempio n. 39
0
 def test_submit_invalid_data(self):
     """login api errors for invalid data"""
     response = self.client.post(
         self.link % (self.user.pk, make_password_change_token(self.user)),
         'false',
         content_type="application/json",
     )
     self.assertEqual(response.status_code, 400)
     self.assertEqual(
         response.json(), {
             'non_field_errors':
             ['Invalid data. Expected a dictionary, but got bool.']
         })
Esempio n. 40
0
    def test_banned_user_link(self):
        """request errors because user is banned"""
        Ban.objects.create(
            check_type=Ban.USERNAME,
            banned_value=self.user.username,
            user_message='Nope!',
        )

        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user)))
        self.assertEqual(response.status_code, 400)
        self.assertEqual(
            response.json(),
            {'detail': 'Your link has expired. Please request new one.'})
    def test_change_password_on_other_user(self):
        """change other user password errors"""
        User = get_user_model()
        test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123')

        password_token = make_password_change_token(test_user)

        self.login_user(self.get_authenticated_user())

        response = self.client.get(
            reverse('misago:forgotten_password_change_form',
                    kwargs={'user_id': test_user.pk, 'token': password_token}))
        self.assertEqual(response.status_code, 400)
        self.assertIn('your link has expired', response.content)
Esempio n. 42
0
    def test_change_password_form(self):
        """change user password form displays for valid token"""
        test_user = UserModel.objects.create_user('Bob', '*****@*****.**',
                                                  'Pass.123')

        password_token = make_password_change_token(test_user)

        response = self.client.get(
            reverse('misago:forgotten-password-change-form',
                    kwargs={
                        'pk': test_user.pk,
                        'token': password_token,
                    }))
        self.assertContains(response, password_token)
Esempio n. 43
0
    def test_change_password_invalid_token(self):
        """invalid form token errors"""
        test_user = UserModel.objects.create_user('Bob', '*****@*****.**',
                                                  'Pass.123')

        password_token = make_password_change_token(test_user)

        response = self.client.get(
            reverse('misago:forgotten-password-change-form',
                    kwargs={
                        'pk': test_user.pk,
                        'token': 'abcdfghqsads',
                    }))
        self.assertContains(response, 'your link is invalid', status_code=400)
    def test_change_password_form(self):
        """change user password form displays for valid token"""
        User = get_user_model()
        test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123')

        password_token = make_password_change_token(test_user)

        response = self.client.get(
            reverse('misago:forgotten_password_change_form',
                    kwargs={
                        'user_id': test_user.pk,
                        'token': password_token
                    }))
        self.assertEqual(response.status_code, 200)
        self.assertIn(password_token, response.content)
    def test_change_password_invalid_token(self):
        """invalid form token errors"""
        User = get_user_model()
        test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123')

        password_token = make_password_change_token(test_user)

        response = self.client.get(
            reverse('misago:forgotten_password_change_form',
                    kwargs={
                        'user_id': test_user.pk,
                        'token': 'abcdfghqsads'
                    }))
        self.assertEqual(response.status_code, 400)
        self.assertIn('your link is invalid', response.content)
    def test_change_password_on_banned(self):
        """change banned user password errors"""
        User = get_user_model()
        test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123')

        Ban.objects.create(check_type=BAN_USERNAME,
                           banned_value='bob',
                           user_message='Nope!')

        password_token = make_password_change_token(test_user)

        response = self.client.get(
            reverse('misago:forgotten_password_change_form',
                    kwargs={'user_id': test_user.pk, 'token': password_token}))
        self.assertEqual(response.status_code, 403)
        self.assertIn('<p>Nope!</p>', response.content)
Esempio n. 47
0
    def test_change_password_on_other_user(self):
        """change other user password errors"""
        test_user = UserModel.objects.create_user('Bob', '*****@*****.**',
                                                  'Pass.123')

        password_token = make_password_change_token(test_user)

        self.login_user(self.get_authenticated_user())

        response = self.client.get(
            reverse('misago:forgotten-password-change-form',
                    kwargs={
                        'pk': test_user.pk,
                        'token': password_token,
                    }))
        self.assertContains(response, 'your link has expired', status_code=400)
    def test_change_password_on_other_user(self):
        """change other user password errors"""
        User = get_user_model()
        test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123')

        password_token = make_password_change_token(test_user)

        self.login_user(self.get_authenticated_user())

        response = self.client.get(
            reverse('misago:forgotten_password_change_form',
                    kwargs={
                        'user_id': test_user.pk,
                        'token': password_token
                    }))
        self.assertEqual(response.status_code, 400)
        self.assertIn('your link has expired', response.content)
 def test_submit_empty(self):
     """change password api errors for empty body"""
     response = self.client.post(
         self.link % (self.user.pk, make_password_change_token(self.user))
     )
     self.assertContains(response, "This password is too shor", status_code=400)