def test_bad_token(self):
'''
Test that the payload format is correct, but the token
is invalid
'''
user = self.inactive_user
other_user = None
for u in User.objects.all():
if u != user:
other_user = u
break
# generate a valid token, but for a DIFFERENT user
token = default_token_generator.make_token(other_user)
uid = encode_uid(user.pk)
payload = {'uid': uid, 'token': token}
response = self.regular_client.post(self.url, data=payload, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertTrue('token' in response.json())
# request with a garbage token
token = 'asdfasdfasdfasd'
uid = encode_uid(user.pk)
payload = {'uid': uid, 'token': token}
response = self.regular_client.post(self.url, data=payload, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertTrue('token' in response.json())
# query the user again to check that they are still inactive:
updated_user = User.objects.get(pk=user.pk)
self.assertFalse(updated_user.is_active)
def test_bad_uid(self):
'''
Test that the payload format is correct, but the UID
is invalid
Test two things-- one is a UID that is correctly generated
but corresponds to a non-existent user.
The other tests just a bogus string that cannot be decoded
'''
user = self.inactive_user
different_uuid = uuid.uuid4()
if different_uuid == user.pk:
raise ImproperlyConfigured('Somehow a randomly generated UUID'
' was equivalent to the user PK we are testing.')
bad_uid = encode_uid(different_uuid)
payload = {'uid': bad_uid, 'token': 'doesnotmatter'}
response = self.regular_client.post(self.url, data=payload, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertTrue('uid' in response.json())
bad_uid = 'asdfsadfsdfsdaf'
payload = {'uid': bad_uid, 'token': 'doesnotmatter'}
response = self.regular_client.post(self.url, data=payload, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertTrue('uid' in response.json())
# query the user again to check that they are still inactive:
updated_user = User.objects.get(pk=user.pk)
self.assertFalse(updated_user.is_active)
def test_correct_request_activates_user(self):
'''
The user is set to active if the request succeeds
'''
user = self.inactive_user
token = default_token_generator.make_token(user)
uid = encode_uid(user.pk)
payload = {'uid': uid, 'token': token}
response = self.regular_client.post(self.url, data=payload, format='json')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
# query the user again to check that they are NOW active:
updated_user = User.objects.get(pk=user.pk)
self.assertTrue(updated_user.is_active)
def test_expired_token(self, mock_token_generator):
'''
Test that the payload format is correct, but the token
has expired. Can't really fake this, but just return False
from the mocked check_token method. Practically, this
also tests all instances where the token validation fails.
'''
mock_token_generator.check_token.return_value = False
user = self.inactive_user
token = default_token_generator.make_token(user)
uid = encode_uid(user.pk)
payload = {'uid': uid, 'token': token}
response = self.regular_client.post(self.url, data=payload, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertTrue('token' in response.json())
def test_previously_activated_user_does_nothing(self):
'''
If the user had previously been activated and used the link
again, nothing happens. Even if the token expired in the meantime.
'''
active_users = User.objects.filter(is_active=True)
if len(active_users) == 0:
raise ImproperlyConfigured('Need at least one active user.')
user = active_users[0]
token = default_token_generator.make_token(user)
uid = encode_uid(user.pk)
payload = {'uid': uid, 'token': token}
response = self.regular_client.post(self.url, data=payload, format='json')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
# query the user again to check that they are still active:
updated_user = User.objects.get(pk=user.pk)
self.assertTrue(updated_user.is_active)
def test_bad_payload_raises_exception(self):
'''
Bad payload, missing required key
'''
payload = {'uid': 'junk'}
response = self.regular_client.post(self.url, data=payload, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
uid = encode_uid(self.test_user.pk)
token = default_token_generator.make_token(self.test_user)
pwd = 'some_new_password123!'
payload = {
'uid': uid,
'token': token,
'password' : pwd,
'confirm_password': pwd + '!!'
}
response = self.regular_client.post(self.url, data=payload, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_successful_reset(self):
'''
Tests that a proper rest works.
'''
uid = encode_uid(self.test_user.pk)
token = default_token_generator.make_token(self.test_user)
pwd = 'some_new_password123!'
payload = {
'uid': uid,
'token': token,
'password' : pwd,
'confirm_password': pwd
}
response = self.regular_client.post(self.url, data=payload, format='json')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
# check that a bad password doesn't work
logged_in = self.regular_client.login(email=self.test_user.email, password=pwd+'!!!')
self.assertFalse(logged_in)
# and test that the new password allows login
logged_in = self.regular_client.login(email=self.test_user.email, password=pwd)
self.assertTrue(logged_in)