def test_password_reset_happy_path(self):
""" Verify password reset with correct token and user works
"""
with self.settings(DISPLAY_AUTH_SUCCESS_MESSAGES=True):
user_data = {
'username_or_email': '*****@*****.**',
'username': '******',
'password': '******'
}
user = self._create_user(**user_data)
user_token = UserToken(user=user, token_type='reset')
user_token.save()
reset_request = self.client.get(user_token.path, follow=True)
self.assertIn('form', str(reset_request.content))
post_data = {
'user_id': user.pk,
'password': '******',
'confirm_password': '******'
}
reset_request = self.client.post(user_token.path,
post_data,
follow=True)
self.assertMessageInContext(
reset_request, 'Password reset. Please log in to continue.')
user_data = {
'username_or_email': '*****@*****.**',
'password': post_data['password']
}
login_request = self._login_user(user_data)
self.assertMessageInContext(login_request, 'Log in successful.')
def test_login_with_token_not_found(self):
""" Verify correct log in token error message when bad token given in URL
"""
user_data = {
'username_or_email': '*****@*****.**',
'password': '******'
}
user = self._create_user(**user_data)
user_token = UserToken(user=user, token_type='login')
user_token.save()
login_request = self.client.get(user_token.path.replace(
user_token.token, 'asdf'),
follow=True)
self.assertMessageInContext(login_request, 'Token not found.')
def test_login_with_token_expired(self):
""" Verify correct log in token error message when expired token given in URL
"""
user_data = {
'username_or_email': '*****@*****.**',
'password': '******'
}
user = self._create_user(**user_data)
user_token = UserToken(user=user,
token_type='login',
expiration=TimeDiff.yesterday())
user_token.save()
login_request = self.client.get(user_token.path, follow=True)
self.assertMessageInContext(login_request, 'Token is expired.')
def test_password_reset_expired(self):
""" Verify correct error token password reset error message with expired token
"""
user_data = {
'username_or_email': '*****@*****.**',
'password': '******',
'username': '******',
}
user = self._create_user(**user_data)
user_token = UserToken(user=user,
token_type='reset',
expiration=TimeDiff.yesterday())
user_token.save()
reset_request = self.client.get(user_token.path, follow=True)
self.assertMessageInContext(reset_request, 'Token is expired.')
def test_password_reset_bad_token(self):
""" Verify correct error token password reset error message with bad token
"""
user_data = {
'username_or_email': '*****@*****.**',
'password': '******',
'username': '******',
}
user = self._create_user(**user_data)
user_token = UserToken(user=user, token_type='reset')
user_token.save()
reset_request = self.client.get(user_token.path.replace(
user_token.token, 'asdf'),
follow=True)
self.assertMessageInContext(reset_request, 'Token not found.')
def get(self, request, *args, **kwargs):
if request.GET.get('token') and request.GET.get('user'):
registration_token, token_error_message = UserToken.get_token(
token=request.GET['token'],
username=request.GET['user'],
token_type='registration')
if not registration_token:
messages.error(request, token_error_message)
return redirect(reverse('user_login'))
elif not registration_token.is_valid:
registration_token.delete()
messages.error(request, 'Registration link invalid or expired')
return redirect(reverse('user_login'))
else:
if settings.MAKE_USERNAME_EMAIL:
initial = {
'email': registration_token.user.email,
'username': registration_token.user.username
}
else:
initial = {
'email': registration_token.user.email,
}
form = CreateUserForm(initial=initial,
user=registration_token.user)
else:
form = PreRegisterEmailForm()
self.context.update({
'form': form,
})
return HttpResponse(self.template.render(self.context, request))
def get(self, request, *args, **kwargs):
# check if a login token was provided
self.context.update({'login_stage': self.login_stage})
if request.GET.get('token') and request.GET.get('user'):
token, token_error_message = UserToken.get_token(
token=request.GET['token'],
username=request.GET['user'],
token_type='login')
if token:
if token.is_valid:
# a valid token/user combination was given, so log in and delete the token
login(request, token.user)
token.delete()
request.session['user_is_authenticated'] = True
if settings.DISPLAY_AUTH_SUCCESS_MESSAGES:
messages.success(request, 'Log in successful.')
return redirect(reverse(settings.LOGIN_SUCCESS_REDIRECT))
else:
# provided token was found, but it is expired
# clean up the token
token.delete()
messages.error(request, 'Token is expired.')
else:
# no matching token was found for provided user/token
messages.error(request, token_error_message)
# no token was provided, or it was invalid, so just render the login form
form = LoginEmailForm()
self.context.update({
'form': form,
})
return HttpResponse(self.template.render(self.context, request))
def test_login_with_token_happy_path(self):
""" Verify log in with token when valid token and username given in URL
"""
with self.settings(DISPLAY_AUTH_SUCCESS_MESSAGES=True):
user_data = {
'username_or_email': '*****@*****.**',
'password': '******'
}
user = self._create_user(**user_data)
user_token = UserToken(user=user, token_type='login')
user_token.save()
token_str = user_token.token
login_request = self.client.get(user_token.path, follow=True)
self.assertMessageInContext(login_request, 'Log in successful.')
user_token = UserToken.objects.filter(token=token_str)
self.assertFalse(user_token.exists())
def setup(self, request, *args, **kwargs):
super(ResetPasswordWithTokenView, self).setup(request, *args, **kwargs)
self.template = loader.get_template('usermanager/reset_password.html')
self.context = {}
# get the token and error message, needed for both GET and POST
self.token, self.token_error_message = UserToken.get_token(
token=request.GET.get('token'),
username=request.GET.get('user'),
token_type='reset')
def test_password_reset_bad_user(self):
""" Verify correct error token password reset error message with bad user
"""
user_data = {
'username_or_email': '*****@*****.**',
'username': '******',
'password': '******'
}
user = self._create_user(**user_data)
user_token = UserToken(user=user, token_type='reset')
user_token.save()
reset_request = self.client.get(user_token.path, follow=True)
self.assertIn('form', str(reset_request.content))
post_data = {
'user_id': user.pk,
'password': '******',
}
reset_request = self.client.get(user_token.path.replace(
user_token.user.username, 'asdf'),
post_data,
follow=True)
self.assertMessageInContext(reset_request,
'User matching username not found.')
def post(self, request, *args, **kwargs):
template = loader.get_template('usermanager/default.html')
context = {}
form = LoginEmailForm(request.POST)
if form.is_valid():
user = UserManager.get_user_by_username(request.POST['email'])
UserToken.clean(token_type='reset', user=user)
reset_token = UserToken(token_type='reset', user=user)
reset_token._generate_token()
reset_token.save()
mailer = UserManagerEmailer()
mailer.send_password_reset_link(reset_token)
messages.success(
request,
'A password reset link was sent to {}. You have 48 hours to use it.'
.format(reset_token.user.email))
if settings.PREVIEW_EMAILS_IN_APP:
context.update({'show_email': mailer})
else:
messages.error(request, 'Could not validate request.')
return HttpResponse(template.render(context, request))
def post(self, request, *args, **kwargs):
context = {}
form = RegistrationLinkForm(request.POST)
if form.is_valid():
user = UserManager.get_user_by_username(request.POST['email'])
UserToken.clean(token_type='registration', user=user)
registration_token = UserToken(token_type='registration',
user=user)
registration_token._generate_token()
registration_token.save()
mailer = UserManagerEmailer()
mailer.send_app_registration_link(user, registration_token)
messages.success(
request,
'A registration link was sent to {}. Use the provided link to complete registration.'
.format(registration_token.user.email))
template = loader.get_template('usermanager/default.html')
if settings.PREVIEW_EMAILS_IN_APP:
context.update({'show_email': mailer})
return HttpResponse(template.render(context, request))
else:
messages.error(request, 'Could not validate request.')
return redirect(reverse('user_login'))
def post(self, request, *args, **kwargs):
if 'password' in request.POST:
user = UserManager.get_user_by_username(request.POST['email'])
form = CreateUserForm(user, request.POST)
if form.is_valid():
if not settings.MAKE_USERNAME_EMAIL:
username = request.POST['username']
else:
username = request.POST['email']
if not user.usermanager.eula_timestamp:
eula_timestamp = datetime.now()
else:
eula_timestamp = user.usermanager.eula_timestamp
if not user.usermanager.privacy_policy_timestamp:
pp_timestamp = datetime.now()
else:
pp_timestamp = user.usermanager.privacy_policy_timestamp
UserManager.register_user(
user,
username=username,
password=request.POST['password'],
first_name=request.POST['first_name'],
last_name=request.POST['last_name'],
pp_timestamp=pp_timestamp,
eula_timestamp=eula_timestamp)
messages.success(
request,
'Registration complete! Please log in to continue.')
UserToken.objects.filter(
user=user, token_type='registration').all().delete()
return redirect(reverse('user_login'))
else:
self.context.update({
'form': form,
})
return HttpResponse(self.template.render(
self.context, request))
else:
form = PreRegisterEmailForm(request.POST)
if form.is_valid():
email_error = validate_email(request.POST['email'], 0)
if email_error:
error = '{}<p>Did you mean to <a href="{}">log in instead</a>?'.format(
email_error, reverse('user_login'))
messages.error(request, error)
else:
user = UserManager.get_user_by_username(
request.POST['email'])
if not user:
user = UserManager.preregister_user(
request.POST['email'],
pp_timestamp=datetime.now(),
eula_timestamp=datetime.now())
UserToken.clean(user=user, token_type='registration')
token = UserToken(user=user, token_type='registration')
token._generate_token()
token.save()
mailer = UserManagerEmailer()
mailer.send_app_registration_link(user, token)
if settings.PREVIEW_EMAILS_IN_APP:
self.context.update({'show_email': mailer})
messages.success(
request,
'Thanks! To verify your email address, we have sent you a link to complete your registration.'
)
return HttpResponse(
self.template.render(self.context, request))
self.context.update({
'form': form,
})
return HttpResponse(self.template.render(self.context, request))