def test_bad_token(self): ''' Test that the payload format is correct, but the token is invalid ''' user = self.inactive_user other_user = None for u in User.objects.all(): if u != user: other_user = u break # generate a valid token, but for a DIFFERENT user token = default_token_generator.make_token(other_user) uid = encode_uid(user.pk) payload = {'uid': uid, 'token': token} response = self.regular_client.post(self.url, data=payload, format='json') self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertTrue('token' in response.json()) # request with a garbage token token = 'asdfasdfasdfasd' uid = encode_uid(user.pk) payload = {'uid': uid, 'token': token} response = self.regular_client.post(self.url, data=payload, format='json') self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertTrue('token' in response.json()) # query the user again to check that they are still inactive: updated_user = User.objects.get(pk=user.pk) self.assertFalse(updated_user.is_active)
def test_bad_uid(self): ''' Test that the payload format is correct, but the UID is invalid Test two things-- one is a UID that is correctly generated but corresponds to a non-existent user. The other tests just a bogus string that cannot be decoded ''' user = self.inactive_user different_uuid = uuid.uuid4() if different_uuid == user.pk: raise ImproperlyConfigured('Somehow a randomly generated UUID' ' was equivalent to the user PK we are testing.') bad_uid = encode_uid(different_uuid) payload = {'uid': bad_uid, 'token': 'doesnotmatter'} response = self.regular_client.post(self.url, data=payload, format='json') self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertTrue('uid' in response.json()) bad_uid = 'asdfsadfsdfsdaf' payload = {'uid': bad_uid, 'token': 'doesnotmatter'} response = self.regular_client.post(self.url, data=payload, format='json') self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertTrue('uid' in response.json()) # query the user again to check that they are still inactive: updated_user = User.objects.get(pk=user.pk) self.assertFalse(updated_user.is_active)
def test_correct_request_activates_user(self): ''' The user is set to active if the request succeeds ''' user = self.inactive_user token = default_token_generator.make_token(user) uid = encode_uid(user.pk) payload = {'uid': uid, 'token': token} response = self.regular_client.post(self.url, data=payload, format='json') self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) # query the user again to check that they are NOW active: updated_user = User.objects.get(pk=user.pk) self.assertTrue(updated_user.is_active)
def test_expired_token(self, mock_token_generator): ''' Test that the payload format is correct, but the token has expired. Can't really fake this, but just return False from the mocked check_token method. Practically, this also tests all instances where the token validation fails. ''' mock_token_generator.check_token.return_value = False user = self.inactive_user token = default_token_generator.make_token(user) uid = encode_uid(user.pk) payload = {'uid': uid, 'token': token} response = self.regular_client.post(self.url, data=payload, format='json') self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertTrue('token' in response.json())
def test_previously_activated_user_does_nothing(self): ''' If the user had previously been activated and used the link again, nothing happens. Even if the token expired in the meantime. ''' active_users = User.objects.filter(is_active=True) if len(active_users) == 0: raise ImproperlyConfigured('Need at least one active user.') user = active_users[0] token = default_token_generator.make_token(user) uid = encode_uid(user.pk) payload = {'uid': uid, 'token': token} response = self.regular_client.post(self.url, data=payload, format='json') self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) # query the user again to check that they are still active: updated_user = User.objects.get(pk=user.pk) self.assertTrue(updated_user.is_active)
def test_bad_payload_raises_exception(self): ''' Bad payload, missing required key ''' payload = {'uid': 'junk'} response = self.regular_client.post(self.url, data=payload, format='json') self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) uid = encode_uid(self.test_user.pk) token = default_token_generator.make_token(self.test_user) pwd = 'some_new_password123!' payload = { 'uid': uid, 'token': token, 'password' : pwd, 'confirm_password': pwd + '!!' } response = self.regular_client.post(self.url, data=payload, format='json') self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_successful_reset(self): ''' Tests that a proper rest works. ''' uid = encode_uid(self.test_user.pk) token = default_token_generator.make_token(self.test_user) pwd = 'some_new_password123!' payload = { 'uid': uid, 'token': token, 'password' : pwd, 'confirm_password': pwd } response = self.regular_client.post(self.url, data=payload, format='json') self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) # check that a bad password doesn't work logged_in = self.regular_client.login(email=self.test_user.email, password=pwd+'!!!') self.assertFalse(logged_in) # and test that the new password allows login logged_in = self.regular_client.login(email=self.test_user.email, password=pwd) self.assertTrue(logged_in)