def get_password_confirmation_url(self, request, user, token=None): """Constructs the password confirmation (reset) url. """ token_key = ( self.default_token_generator.make_token(user) if token is None else token ) if self.is_api: # TODO: ASK MARK WHAT THIS SHOULD BE?!? path = app_settings.ACCOUNT_CONFIRM_PASSWORD_CLIENT_URL.format( key=token_key, uid=rest_encode_user_pk(user) ) else: path = reverse( "account_reset_password_from_key", kwargs={ "key": token_key, "uidb36": user_pk_to_url_str(user) }, ) if self.is_api and "HTTP_ORIGIN" in request.META: # request originates from a client on a different domain... url = urljoin(request.META['HTTP_ORIGIN'], path) else: url = build_absolute_uri(request, path) return url
def test_password_verify_reset(self, user): """ tests that resetting the password via an email link works. (the email link should open a client page that eventually makes a post to the view being tested here.) """ password = generate_password() token_key = get_adapter().default_token_generator.make_token(user) uid = rest_encode_user_pk(user) url = reverse("rest_password_reset_confirm") client = APIClient() invalid_data = { "new_password1": password, "new_password2": password, "uid": shuffle_string(uid), "token": shuffle_string(token_key), } valid_data = { "new_password1": password, "new_password2": password, "uid": uid, "token": token_key, } invalid_data = { "new_password1": password, "new_password2": password, "uid": shuffle_string(uid), "token": shuffle_string(token_key), } # passing invalid data doesn't change pwd... response = client.post(url, invalid_data) user.refresh_from_db() assert status.is_client_error(response.status_code) assert user.check_password(user.raw_password) # passing valid data does change pwd... response = client.post(url, valid_data) user.refresh_from_db() assert status.is_success(response.status_code) assert user.check_password(password)
def test_password_reset_sends_email(self, user): url = reverse("rest_password_reset") client = APIClient() response = client.post(url, {"email": user.email}) assert status.is_success(response.status_code) token_generator = get_adapter().default_token_generator reset_url = app_settings.ACCOUNT_CONFIRM_PASSWORD_CLIENT_URL.format( key=token_generator.make_token(user), uid=rest_encode_user_pk(user)) email = mail.outbox[0] assert user.email in email.to assert reset_url in email.body
def test_confirm_invalid_password(self, user): client = APIClient() uid = rest_encode_user_pk(user) token_key = get_adapter().default_token_generator.make_token(user) test_data = { "new_password1": "password", "new_password2": "password", "uid": uid, "token": token_key, } INVALID_PASSWORD_ERROR_RESPONSE = { "errors": { "new_password2": ["The password must not be weak."] } } response = client.post(self.reset_confirm_url, test_data) assert status.is_client_error(response.status_code) assert response.json() == INVALID_PASSWORD_ERROR_RESPONSE
def test_password_verify_reset_returns_user(self, user): """ tests that resetting the password returns UserSerializerLite in the response """ password = generate_password() token_key = get_adapter().default_token_generator.make_token(user) uid = rest_encode_user_pk(user) url = reverse("rest_password_reset_confirm") client = APIClient() data = { "new_password1": password, "new_password2": password, "uid": uid, "token": token_key, } response = client.post(url, data) content = response.json() assert status.is_success(response.status_code) assert content["user"]["email"] == user.email
def test_confirm_invalid_key(self, user): client = APIClient() password = generate_password() token_key = get_adapter().default_token_generator.make_token(user) uid = rest_encode_user_pk(user) test_data = { "new_password1": password, "new_password2": password, "uid": uid, "token": shuffle_string(token_key), } INVALID_KEY_ERROR_RESPONSE = { "errors": { "token": ["The link is broken or expired."] } } response = client.post(self.reset_confirm_url, test_data) assert status.is_client_error(response.status_code) assert response.json() == INVALID_KEY_ERROR_RESPONSE
def test_user_encoding_and_decoding(user): encoded_uid = rest_encode_user_pk(user) decoded_uid = rest_decode_user_pk(encoded_uid) assert encoded_uid != str(user.pk) assert decoded_uid == str(user.pk)