def test_password_reset_happy_path(self):
""" Verify password reset with correct token and user works
"""
user_data = {
'username_or_email': '*****@*****.**',
'username': '******',
'password': '******'
}
user = self._create_user(**user_data)
user_token = UserToken(user=user, token_type='reset')
user_token.save()
reset_request = self.client.get(user_token.path, follow=True)
self.assertIn('form', str(reset_request.content))
post_data = {'user_id': user.pk, 'password': '******'}
reset_request = self.client.post(user_token.path,
post_data,
follow=True)
self.assertMessageInContext(
reset_request, 'Password reset. Please log in to continue.')
user_data = {
'username_or_email': '*****@*****.**',
'password': post_data['password']
}
login_request = self._login_user(user_data)
self.assertMessageInContext(login_request, 'Log in successful.')
def test_login_with_token_expired(self):
""" Verify correct log in token error message when expired token given in URL
"""
user_data = {'email': '*****@*****.**', 'password': '******'}
user = self._create_user(**user_data)
user_token = UserToken(user=user,
token_type='login',
expiration=yesterday())
user_token.save()
login_request = self.client.get(user_token.path, follow=True)
self.assertMessageInContext(login_request, 'Token is expired.')
def test_login_with_token_not_found(self):
""" Verify correct log in token error message when bad token given in URL
"""
user_data = {'email': '*****@*****.**', 'password': '******'}
user = self._create_user(**user_data)
user_token = UserToken(user=user, token_type='login')
user_token.save()
login_request = self.client.get(user_token.path.replace(
user_token.token, 'asdf'),
follow=True)
self.assertMessageInContext(login_request, 'Token not found.')
def test_login_with_token_happy_path(self):
""" Verify log in with token when valid token and username given in URL
"""
user_data = {'email': '*****@*****.**', 'password': '******'}
user = self._create_user(**user_data)
user_token = UserToken(user=user, token_type='login')
user_token.save()
token_str = user_token.token
login_request = self.client.get(user_token.path, follow=True)
self.assertMessageInContext(login_request, 'Log in successful.')
user_token = UserToken.objects.filter(token=token_str)
self.assertFalse(user_token.exists())
def post(self, request, *args, **kwargs):
form = self.form(request.POST)
if form.is_valid():
user_exists = SessionManager.get_user_by_username_or_email(strip_tags(request.POST['email']))
if user_exists:
messages.error(request, '{} already has an account.'.format(user_exists.email))
else:
new_app_user = AppUser()
new_app_user.save()
participant = ExchangeParticipant.get_or_create(
appuser=new_app_user,
giftexchange=self.giftexchange,
status='pending'
)
UserToken.clean(appuser=new_app_user, token_type='invitation')
token = UserToken(appuser=new_app_user, token_type='invitation')
token._generate_token()
token.save()
mailer = GifteratorMailer()
mailer.send_exchange_invitation_email(
request.POST['email'],
self.giftexchange,
existing_user=False,
registration_token=token
)
messages.success(request, 'An invitation has been sent to {}!'.format(request.POST['email']))
if settings.PREVIEW_EMAILS_IN_APP:
self.context.update({'show_email': mailer})
self.context.update({'form': self.form()})
return HttpResponse(self.template.render(self.context, request))
def post(self, request, *args, **kwargs):
form = PreRegisterUserForm(request.POST)
if form.is_valid():
email_error = validate_email(request.POST['email'], 0)
if email_error:
error = '{}<p>Did you mean to <a href="{}">log in instead</a>?'.format(
email_error, reverse('session_manager_login')
)
messages.error(request, error)
else:
user = SessionManager.get_user_by_username_or_email(request.POST['email'])
if not user:
user, appuser = SessionManager.preregister_email(request.POST['email'])
UserToken.clean(appuser=appuser, token_type='registration')
token = UserToken(appuser=appuser, token_type='registration')
token._generate_token()
token.save()
mailer = SessionManagerEmailer()
mailer.send_app_registration_link(user, token)
if settings.PREVIEW_EMAILS_IN_APP:
self.context.update({'show_email': mailer})
messages.success(request, 'Thanks! To verify your email address, we have sent you a link to complete your registration.')
return HttpResponse(self.template.render(self.context, request))
self.context.update({
'form': form,
})
return HttpResponse(self.template.render(self.context, request))
def post(self, request, *args, **kwargs):
form = self.form(request.POST)
if form.is_valid():
existing_user = SessionManager.get_user_by_username_or_email(request.POST['email_address'])
if existing_user:
messages.error(request, 'This user is already registered.')
self.context.update({'form': form})
return HttpResponse(self.template.render(self.context, request))
else:
new_appuser = AppUser(registration_source='invitation')
new_appuser.save()
mailer = SessionManagerEmailer()
UserToken.clean(appuser=new_appuser, token_type='invitation')
invitation_token = UserToken(
appuser=new_appuser,
token_type='invitation',
)
invitation_token._generate_token()
invitation_token.save()
mailer.send_app_invitation_link(
to_email=request.POST['email_address'],
from_appuser=self.appuser,
token=invitation_token
)
messages.success(
request,
'You sent an invitation to {}!'.format(request.POST['email_address'])
)
if settings.PREVIEW_EMAILS_IN_APP:
self.context.update({'show_email': mailer})
self.context.update({'form': form})
return HttpResponse(self.template.render(self.context, request))
def post(self, request, *args, **kwargs):
template = loader.get_template('session_manager/default.html')
context = {}
form = LoginEmailForm(request.POST)
if form.is_valid():
user = SessionManager.get_user_by_username(request.POST['email'])
UserToken.clean(
token_type='reset',
user=user
)
reset_token = UserToken(
token_type='reset',
user=user
)
reset_token._generate_token()
reset_token.save()
mailer = SessionManagerEmailer()
mailer.send_password_reset_link(reset_token)
messages.success(
request,
'A password reset link was sent to {}. You have 48 hours to use it.'.format(reset_token.user.email)
)
if settings.PREVIEW_EMAILS_IN_APP:
context.update({'show_email': mailer})
else:
messages.error(request, 'Could not validate request.')
return HttpResponse(template.render(context, request))
def post(self, request, *args, **kwargs):
context = {}
form = RegistrationLinkForm(request.POST)
if form.is_valid():
user = SessionManager.get_user_by_username(request.POST['email'])
UserToken.clean(
token_type='registration',
user=user
)
registration_token = UserToken(
token_type='registration',
user=user
)
registration_token._generate_token()
registration_token.save()
mailer = SessionManagerEmailer()
mailer.send_app_registration_link(user, registration_token)
messages.success(
request,
'A registration link was sent to {}. Use the provided link to complete registration.'.format(registration_token.user.email)
)
template = loader.get_template('session_manager/default.html')
if settings.PREVIEW_EMAILS_IN_APP:
context.update({'show_email': mailer})
return HttpResponse(template.render(context, request))
else:
messages.error(request, 'Could not validate request.')
return redirect(reverse('session_manager_login'))
def test_password_reset_expired(self):
""" Verify correct error token password reset error message with expired token
"""
user_data = {
'username_or_email': '*****@*****.**',
'password': '******',
'username': '******',
}
user = self._create_user(**user_data)
user_token = UserToken(user=user,
token_type='reset',
expiration=yesterday())
user_token.save()
reset_request = self.client.post(user_token.path, follow=True)
self.assertMessageInContext(reset_request, 'Token is expired.')
def test_password_reset_bad_token(self):
""" Verify correct error token password reset error message with bad token
"""
user_data = {
'username_or_email': '*****@*****.**',
'password': '******',
'username': '******',
}
user = self._create_user(**user_data)
user_token = UserToken(user=user, token_type='reset')
user_token.save()
reset_request = self.client.post(user_token.path.replace(
user_token.token, 'asdf'),
follow=True)
self.assertMessageInContext(reset_request, 'Token not found.')
def get(self, request, *args, **kwargs):
# check if a login token was provided
if request.GET.get('token') and request.GET.get('user'):
token, token_error_message = UserToken.get_token(
token=request.GET['token'],
username=request.GET['user'],
token_type='login')
if token:
if token.is_valid:
# a valid token/user combination was given, so log in and delete the token
login(request, token.user)
messages.success(request, 'Log in successful.')
token.delete()
request.session['user_is_authenticated'] = True
return redirect(reverse(settings.LOGIN_SUCCESS_REDIRECT))
else:
# provided token was found, but it is expired
# clean up the token
token.delete()
messages.error(request, 'Token is expired.')
else:
# no matching token was found for provided user/token
messages.error(request, token_error_message)
# no token was provided, or it was invalid, so just render the login form
form = LoginUserForm()
self.context.update({
'form': form,
})
return HttpResponse(self.template.render(self.context, request))
def setup(self, request, *args, **kwargs):
super(ResetPasswordWithTokenView, self).setup(request, *args, **kwargs)
self.template = loader.get_template(
'session_manager/reset_password.html')
self.context = {}
# get the token and error message, needed for both GET and POST
self.token, self.token_error_message = UserToken.get_token(
token=request.GET.get('token'),
username=request.GET.get('user'),
token_type='reset')
def test_password_reset_bad_user(self):
""" Verify correct error token password reset error message with bad user
"""
user_data = {
'username_or_email': '*****@*****.**',
'username': '******',
'password': '******'
}
user = self._create_user(**user_data)
user_token = UserToken(user=user, token_type='reset')
user_token.save()
reset_request = self.client.get(user_token.path, follow=True)
self.assertIn('form', str(reset_request.content))
post_data = {'user_id': user.pk, 'password': '******'}
reset_request = self.client.post(user_token.path.replace(
user_token.user.username, 'asdf'),
post_data,
follow=True)
self.assertMessageInContext(reset_request,
'User matching username not found.')
def setup(self, request, *args, **kwargs):
super(RegisterUser, self).setup(request, *args, **kwargs)
self.template = loader.get_template('session_manager/register.html')
self.appuser = AppUser.objects.get(uuid=request.GET.get('id'))
self.registration_token, self.token_error_message = UserToken.get_token(
token=request.GET.get('token'),
appuser=self.appuser,
token_type=['registration', 'invitation']
)
if self.registration_token:
if self.registration_token.token_type == 'registration':
self.registration_type = 'website'
else:
self.registration_type = 'invitation'
self.context = {}
def post(self, request, *args, **kwargs):
# we should only get here if they submitted the form instead of a token in the URL
# standard Django form handling here
if 'password' in request.POST:
form = LoginUserPasswordForm(request.POST)
if form.is_valid():
user = SessionManager.get_user_by_id(request.POST['user_id'])
if SessionManager.check_password(user, request.POST['password']):
login(request, user)
request.session['user_is_authenticated'] = True
# messages.success(request, 'Log in successful.')
if request.session.get('login_redirect_from'):
return redirect(request.session['login_redirect_from'])
return redirect(reverse(settings.LOGIN_SUCCESS_REDIRECT))
else:
messages.error(request, 'Password incorrect.')
else:
messages.error(request, 'Something went wrong. Please correct errors below.')
elif 'send_token' in request.POST:
user = SessionManager.get_user_by_id(request.session['user_id'])
token = UserToken(
user=user,
token_type='login',
)
token.save()
token.send_login_email()
messages.success(
request,
'An email has been sent to {} containing a temporary log in token. It will expire in 24 hours.'.format(user.email)
)
form = LoginUserTokenForm(initial={'user_id': user.pk})
self.context.update({'form_step': 2})
elif 'login_token' in request.POST:
token, token_error_message = UserToken.get_token(
token=request.POST['login_token'],
username=SessionManager.get_user_by_id(request.session['user_id']).username,
token_type='login'
)
if token:
if token.is_valid:
# a valid token/user combination was given, so log in and delete the token
login(request, token.user)
request.session['user_is_authenticated'] = True
request.session['user_id'] = token.user.pk
# messages.success(request, 'Log in successful.')
token.delete()
return redirect(reverse('bogames_landingpage'))
else:
# provided token was found, but it is expired
# clean up the token
token.delete()
messages.error(request, 'Token is expired.')
else:
messages.error(request, 'Token not found. Perhaps you already used it?')
return redirect(reverse('session_manager_login'))
else:
form = LoginUserNameForm(request.POST)
self.context.update({'form_step': 1})
if form.is_valid():
if '@' in request.POST['username_or_email']:
user = SessionManager.get_user_by_email(username=request.POST['username_or_email'])
else:
user = SessionManager.get_user_by_username(username=request.POST['username_or_email'])
if not user:
messages.error(request, error_reason)
self.context.update({
'form': form,
})
messages.error(request, 'Something went wrong. Please correct errors below.')
else:
request.session['user_id'] = user.pk
form = LoginUserPasswordForm(initial={'user_id': user.pk})
self.context.update({'form_step': 2})
self.context.update({
'form': form,
})
return HttpResponse(self.template.render(self.context, request))
