def test_confirm(self): """Test confirmation of a password reset that should succeed""" # create a confirmation record email = '*****@*****.**' p = Person(email_address=email) self.dbsession.save(p) c = PasswordResetConfirmation(email_address=email) # set the timestamp to just under 24 hours ago c.timestamp = datetime.datetime.now() - datetime.timedelta(23, 59, 59) self.dbsession.save(c) self.dbsession.flush() pid = p.id cid = c.id resp = self.app.get(url_for(controller='person', action='reset_password', url_hash=c.url_hash)) # showing the email on the page resp.mustcontain(email) f = resp.form f['password'] = '******' f['password_confirm'] = 'test' resp = f.submit() # check for success resp.mustcontain("Your password has been updated") self.dbsession.clear() # conf rec should be gone c = self.dbsession.get(PasswordResetConfirmation, cid) self.assertEqual(None, c) # password should be set to 'test' p_hash = md5.new('test').hexdigest() p = self.dbsession.get(Person, pid) self.assertEqual(p_hash, p.password_hash) self.dbsession.delete(p) self.dbsession.flush()
def test_confirm_old_url_hash(self): """Test that old url_hashes are caught""" email = '*****@*****.**' stamp = datetime.datetime.now() - datetime.timedelta(24, 0, 1) c = PasswordResetConfirmation(email_address=email) c.timestamp = stamp self.dbsession.save(c) self.dbsession.flush() cid = c.id resp = self.app.get(url_for(controller='person', action='reset_password', url_hash=c.url_hash)) # check for warning resp.mustcontain("This password recovery session has expired") self.dbsession.clear() c = self.dbsession.get(PasswordResetConfirmation, cid) # record shouldn't exist anymore self.assertEqual(None, c)