def test_reset_password_bad_password(app, user): assert services.request_password_reset(user) reset_token = user.reset_token with pytest.raises(ValueError): services.reset_password(user, "tooshort", user.reset_token) # and the token can be used again: assert user.reset_token == reset_token
def test_reset_password(app, user): # Given: user with matching reset_token and password assert services.request_password_reset(user) services.reset_password(user, A_PASSWORD, user.reset_token) # Then: the user's password is updated and the reset_token cannot be reused. assert utils.verify_hash(A_PASSWORD, user.password_hash, user.password_salt) assert user.reset_token == ""
def test_reset_password_expired_token(app, user): # Given: user with matching reset_token and password assert services.request_password_reset(user) # Then: no update b/c the reset_token is expired with freeze_time(datetime.utcnow() + timedelta(hours=services.RESET_TOKEN_EXPIRATION_HOURS + 1)), pytest.raises(ValueError): services.reset_password(user, A_PASSWORD, user.reset_token) utils.verify_hash(A_PASSWORD, user.password_hash, user.password_salt)
def test_request_password_reset_email_down(app, organization, monkeypatch): # Given: existing user, matching password user = services.create_user(USER1_EMAIL, A_PASSWORD, A_FIRST, A_LAST) db.session.add(user) db.session.commit() driver_mock = Mock() driver_mock.send_password_reset_email.return_value = False monkeypatch.setattr(services.mail, "make_driver", lambda: driver_mock) # Then: the user's reset_token is updated, and an email is sent. assert not services.request_password_reset(user) driver_mock.send_password_reset_email.assert_called_once()
def test_request_password_reset(app, organization, monkeypatch): # Given: existing user, matching password user = services.create_user(USER1_EMAIL, A_PASSWORD, A_FIRST, A_LAST) db.session.add(user) db.session.commit() driver_mock = Mock() monkeypatch.setattr(services.mail, "make_driver", lambda: driver_mock) # Then: the user's reset_token is updated, and an email is sent. original_reset_token = user.reset_token assert services.request_password_reset(user) driver_mock.send_password_reset_email.assert_called_once() assert driver_mock.mock_calls[0][1][0].id == user.id assert user.reset_token != original_reset_token assert user.reset_token_expires_at < datetime.utcnow()
def test_reset_password_no_reset_token(app, user, organization): assert services.request_password_reset(user) with pytest.raises(ValueError): services.reset_password(user, A_PASSWORD, "not right")
def test_request_password_reset_bad_user(app): with pytest.raises(BadRequestError): services.request_password_reset(None)