def test_password_reset_happy_path(self): """ Verify password reset with correct token and user works """ with self.settings(DISPLAY_AUTH_SUCCESS_MESSAGES=True): user_data = { 'username_or_email': '*****@*****.**', 'username': '******', 'password': '******' } user = self._create_user(**user_data) user_token = UserToken(user=user, token_type='reset') user_token.save() reset_request = self.client.get(user_token.path, follow=True) self.assertIn('form', str(reset_request.content)) post_data = { 'user_id': user.pk, 'password': '******', 'confirm_password': '******' } reset_request = self.client.post(user_token.path, post_data, follow=True) self.assertMessageInContext( reset_request, 'Password reset. Please log in to continue.') user_data = { 'username_or_email': '*****@*****.**', 'password': post_data['password'] } login_request = self._login_user(user_data) self.assertMessageInContext(login_request, 'Log in successful.')
def test_login_with_token_not_found(self): """ Verify correct log in token error message when bad token given in URL """ user_data = { 'username_or_email': '*****@*****.**', 'password': '******' } user = self._create_user(**user_data) user_token = UserToken(user=user, token_type='login') user_token.save() login_request = self.client.get(user_token.path.replace( user_token.token, 'asdf'), follow=True) self.assertMessageInContext(login_request, 'Token not found.')
def test_login_with_token_expired(self): """ Verify correct log in token error message when expired token given in URL """ user_data = { 'username_or_email': '*****@*****.**', 'password': '******' } user = self._create_user(**user_data) user_token = UserToken(user=user, token_type='login', expiration=TimeDiff.yesterday()) user_token.save() login_request = self.client.get(user_token.path, follow=True) self.assertMessageInContext(login_request, 'Token is expired.')
def test_password_reset_expired(self): """ Verify correct error token password reset error message with expired token """ user_data = { 'username_or_email': '*****@*****.**', 'password': '******', 'username': '******', } user = self._create_user(**user_data) user_token = UserToken(user=user, token_type='reset', expiration=TimeDiff.yesterday()) user_token.save() reset_request = self.client.get(user_token.path, follow=True) self.assertMessageInContext(reset_request, 'Token is expired.')
def test_password_reset_bad_token(self): """ Verify correct error token password reset error message with bad token """ user_data = { 'username_or_email': '*****@*****.**', 'password': '******', 'username': '******', } user = self._create_user(**user_data) user_token = UserToken(user=user, token_type='reset') user_token.save() reset_request = self.client.get(user_token.path.replace( user_token.token, 'asdf'), follow=True) self.assertMessageInContext(reset_request, 'Token not found.')
def get(self, request, *args, **kwargs): if request.GET.get('token') and request.GET.get('user'): registration_token, token_error_message = UserToken.get_token( token=request.GET['token'], username=request.GET['user'], token_type='registration') if not registration_token: messages.error(request, token_error_message) return redirect(reverse('user_login')) elif not registration_token.is_valid: registration_token.delete() messages.error(request, 'Registration link invalid or expired') return redirect(reverse('user_login')) else: if settings.MAKE_USERNAME_EMAIL: initial = { 'email': registration_token.user.email, 'username': registration_token.user.username } else: initial = { 'email': registration_token.user.email, } form = CreateUserForm(initial=initial, user=registration_token.user) else: form = PreRegisterEmailForm() self.context.update({ 'form': form, }) return HttpResponse(self.template.render(self.context, request))
def get(self, request, *args, **kwargs): # check if a login token was provided self.context.update({'login_stage': self.login_stage}) if request.GET.get('token') and request.GET.get('user'): token, token_error_message = UserToken.get_token( token=request.GET['token'], username=request.GET['user'], token_type='login') if token: if token.is_valid: # a valid token/user combination was given, so log in and delete the token login(request, token.user) token.delete() request.session['user_is_authenticated'] = True if settings.DISPLAY_AUTH_SUCCESS_MESSAGES: messages.success(request, 'Log in successful.') return redirect(reverse(settings.LOGIN_SUCCESS_REDIRECT)) else: # provided token was found, but it is expired # clean up the token token.delete() messages.error(request, 'Token is expired.') else: # no matching token was found for provided user/token messages.error(request, token_error_message) # no token was provided, or it was invalid, so just render the login form form = LoginEmailForm() self.context.update({ 'form': form, }) return HttpResponse(self.template.render(self.context, request))
def test_login_with_token_happy_path(self): """ Verify log in with token when valid token and username given in URL """ with self.settings(DISPLAY_AUTH_SUCCESS_MESSAGES=True): user_data = { 'username_or_email': '*****@*****.**', 'password': '******' } user = self._create_user(**user_data) user_token = UserToken(user=user, token_type='login') user_token.save() token_str = user_token.token login_request = self.client.get(user_token.path, follow=True) self.assertMessageInContext(login_request, 'Log in successful.') user_token = UserToken.objects.filter(token=token_str) self.assertFalse(user_token.exists())
def setup(self, request, *args, **kwargs): super(ResetPasswordWithTokenView, self).setup(request, *args, **kwargs) self.template = loader.get_template('usermanager/reset_password.html') self.context = {} # get the token and error message, needed for both GET and POST self.token, self.token_error_message = UserToken.get_token( token=request.GET.get('token'), username=request.GET.get('user'), token_type='reset')
def test_password_reset_bad_user(self): """ Verify correct error token password reset error message with bad user """ user_data = { 'username_or_email': '*****@*****.**', 'username': '******', 'password': '******' } user = self._create_user(**user_data) user_token = UserToken(user=user, token_type='reset') user_token.save() reset_request = self.client.get(user_token.path, follow=True) self.assertIn('form', str(reset_request.content)) post_data = { 'user_id': user.pk, 'password': '******', } reset_request = self.client.get(user_token.path.replace( user_token.user.username, 'asdf'), post_data, follow=True) self.assertMessageInContext(reset_request, 'User matching username not found.')
def post(self, request, *args, **kwargs): template = loader.get_template('usermanager/default.html') context = {} form = LoginEmailForm(request.POST) if form.is_valid(): user = UserManager.get_user_by_username(request.POST['email']) UserToken.clean(token_type='reset', user=user) reset_token = UserToken(token_type='reset', user=user) reset_token._generate_token() reset_token.save() mailer = UserManagerEmailer() mailer.send_password_reset_link(reset_token) messages.success( request, 'A password reset link was sent to {}. You have 48 hours to use it.' .format(reset_token.user.email)) if settings.PREVIEW_EMAILS_IN_APP: context.update({'show_email': mailer}) else: messages.error(request, 'Could not validate request.') return HttpResponse(template.render(context, request))
def post(self, request, *args, **kwargs): context = {} form = RegistrationLinkForm(request.POST) if form.is_valid(): user = UserManager.get_user_by_username(request.POST['email']) UserToken.clean(token_type='registration', user=user) registration_token = UserToken(token_type='registration', user=user) registration_token._generate_token() registration_token.save() mailer = UserManagerEmailer() mailer.send_app_registration_link(user, registration_token) messages.success( request, 'A registration link was sent to {}. Use the provided link to complete registration.' .format(registration_token.user.email)) template = loader.get_template('usermanager/default.html') if settings.PREVIEW_EMAILS_IN_APP: context.update({'show_email': mailer}) return HttpResponse(template.render(context, request)) else: messages.error(request, 'Could not validate request.') return redirect(reverse('user_login'))
def post(self, request, *args, **kwargs): if 'password' in request.POST: user = UserManager.get_user_by_username(request.POST['email']) form = CreateUserForm(user, request.POST) if form.is_valid(): if not settings.MAKE_USERNAME_EMAIL: username = request.POST['username'] else: username = request.POST['email'] if not user.usermanager.eula_timestamp: eula_timestamp = datetime.now() else: eula_timestamp = user.usermanager.eula_timestamp if not user.usermanager.privacy_policy_timestamp: pp_timestamp = datetime.now() else: pp_timestamp = user.usermanager.privacy_policy_timestamp UserManager.register_user( user, username=username, password=request.POST['password'], first_name=request.POST['first_name'], last_name=request.POST['last_name'], pp_timestamp=pp_timestamp, eula_timestamp=eula_timestamp) messages.success( request, 'Registration complete! Please log in to continue.') UserToken.objects.filter( user=user, token_type='registration').all().delete() return redirect(reverse('user_login')) else: self.context.update({ 'form': form, }) return HttpResponse(self.template.render( self.context, request)) else: form = PreRegisterEmailForm(request.POST) if form.is_valid(): email_error = validate_email(request.POST['email'], 0) if email_error: error = '{}<p>Did you mean to <a href="{}">log in instead</a>?'.format( email_error, reverse('user_login')) messages.error(request, error) else: user = UserManager.get_user_by_username( request.POST['email']) if not user: user = UserManager.preregister_user( request.POST['email'], pp_timestamp=datetime.now(), eula_timestamp=datetime.now()) UserToken.clean(user=user, token_type='registration') token = UserToken(user=user, token_type='registration') token._generate_token() token.save() mailer = UserManagerEmailer() mailer.send_app_registration_link(user, token) if settings.PREVIEW_EMAILS_IN_APP: self.context.update({'show_email': mailer}) messages.success( request, 'Thanks! To verify your email address, we have sent you a link to complete your registration.' ) return HttpResponse( self.template.render(self.context, request)) self.context.update({ 'form': form, }) return HttpResponse(self.template.render(self.context, request))