def test_forgotten_password_full_process(self, app, db_session, smtplib): p = PersonFactory(activated=False) db_session.commit() # get the login page resp = app.get(url_for(controller='person', action='signin', id=None)) # click on the forgotten password link resp = resp.click('Forgotten your password?') f = resp.forms[1] # TODO: Fragile, Persona is [0] f['email_address'] = p.email_address f.submit() # check that the confirmation record was created crecs = PasswordResetConfirmation.find_by_email(p.email_address) assert crecs is not None # check our email assert smtplib.existing != None # check to address to_match = re.match(r'^.*To:.*' + p.email_address, smtplib.existing.message, re.DOTALL) assert to_match != None # check that the email has no HTML in it and thus was not rendered # incorrectly html_match = re.match(r'^.*<!DOCTYPE', smtplib.existing.message, re.DOTALL) assert html_match == None # check that the message has a url hash in it url_match = re.match(r'^.*(/person/reset_password/\S+)', smtplib.existing.message, re.DOTALL) assert url_match != None # ok go to the URL, on treadmills resp = app.get(url_match.group(1)) # set password f = resp.form f['password'] = '******' f['password_confirm'] = 'passwdtest' resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0')) # Need to forget the objects we created, save ones that need saving pid = p.id old_hash = p.password_hash db_session.expunge_all() # check that the password was changed p = Person.find_by_id(pid) assert p.password_hash != old_hash # check that the confirmatin record is gone crecs = PasswordResetConfirmation.find_by_email(p.email_address) assert crecs is None
def test_forgotten_password_full_process(self, app, db_session, smtplib): p = PersonFactory(activated=False) db_session.commit() # get the login page resp = app.get(url_for(controller='person', action='signin', id=None)) # click on the forgotten password link resp = resp.click('Forgotten your password?') f = resp.forms['pwreset-form'] f['email_address'] = p.email_address f.submit() # check that the confirmation record was created crecs = PasswordResetConfirmation.find_by_email(p.email_address) assert crecs is not None # check our email assert smtplib.existing != None # check to address to_match = re.match(r'^.*To:.*' + p.email_address, smtplib.existing.message, re.DOTALL) assert to_match != None # check that the email has no HTML in it and thus was not rendered # incorrectly html_match = re.match(r'^.*<!DOCTYPE', smtplib.existing.message, re.DOTALL) assert html_match == None # check that the message has a url hash in it url_match = re.match(r'^.*(/person/reset_password/\S+)', smtplib.existing.message, re.DOTALL) assert url_match != None # ok go to the URL, on treadmills resp = app.get(url_match.group(1)) # set password f = resp.forms['reset-form'] f['password'] = '******' f['password_confirm'] = 'passwdtest' resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0')) # Need to forget the objects we created, save ones that need saving pid = p.id old_hash = p.password_hash db_session.expunge_all() # check that the password was changed p = Person.find_by_id(pid) assert p.password_hash != old_hash # check that the confirmatin record is gone crecs = PasswordResetConfirmation.find_by_email(p.email_address) assert crecs is None
def test_registration_confirmation(self, app, db_session): # insert registration model object p = PersonFactory(activated=False) db_session.commit() # visit the link resp = app.get('/person/confirm/' + p.url_hash) assert 'Thanks for confirming your account' in unicode(resp.body, 'utf-8') # Need to forget the objects we created db_session.expunge_all() # test that it's activated r = Person.find_by_id(p.id) assert r.activated == True
def test_registration_confirmation(self, app, db_session): # insert registration model object p = PersonFactory(activated=False) db_session.commit() # visit the link resp = app.get('/person/confirm/' + p.url_hash) assert 'Thanks for confirming your account' in unicode( resp.body, 'utf-8') # Need to forget the objects we created db_session.expunge_all() # test that it's activated r = Person.find_by_id(p.id) assert r.activated == True
def test_confirm_reset(self, app, db_session): """Test confirmation of a password reset that should succeed""" # create a confirmation record p = PersonFactory() # set the timestamp to just under 24 hours ago stamp = datetime.now() - timedelta(days=0.9) c = PasswordResetConfirmationFactory(email_address=p.email_address, timestamp=stamp) db_session.commit() resp = app.get( url_for(controller='person', action='reset_password', url_hash=c.url_hash)) # showing the email on the page assert c.email_address in unicode(resp.body, 'utf-8') f = resp.form f['password'] = '******' f['password_confirm'] = 'test' resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0')) resp = resp.maybe_follow() # check for success assert "Your password has been updated" in unicode(resp.body, 'utf-8') # Need to forget the objects we created, save portions we need pid = p.id old_password_hash = p.password_hash db_session.expunge_all() # conf rec should be gone crecs = PasswordResetConfirmation.find_by_email(c.email_address) assert crecs is None # password should be changed p = Person.find_by_id(pid) assert p.password_hash == old_password_hash
def test_confirm_reset(self, app, db_session): """Test confirmation of a password reset that should succeed""" # create a confirmation record p = PersonFactory() # set the timestamp to just under 24 hours ago stamp = datetime.now() - timedelta(days=0.9) c = PasswordResetConfirmationFactory(email_address=p.email_address, timestamp=stamp) db_session.commit() resp = app.get(url_for(controller='person', action='reset_password', url_hash=c.url_hash)) # showing the email on the page assert c.email_address in unicode(resp.body, 'utf-8') f = resp.forms['reset-form'] f['password'] = '******' f['password_confirm'] = 'test' resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0')) resp = resp.maybe_follow() # check for success assert "Your password has been updated" in unicode(resp.body, 'utf-8') # Need to forget the objects we created, save portions we need pid = p.id old_password_hash = p.password_hash db_session.expunge_all() # conf rec should be gone crecs = PasswordResetConfirmation.find_by_email(c.email_address) assert crecs is None # password should be changed p = Person.find_by_id(pid) assert p.password_hash == old_password_hash