def post(self, request, data): """Changes users password if the provided token is valid.""" handler = UserHandler() handler.reset_password(data["token"], data["password"]) return Response("", status=204)
def test_send_reset_password_email(data_fixture, mailoutbox): user = data_fixture.create_user(email='test@localhost') handler = UserHandler() signer = handler.get_reset_password_signer() handler.send_reset_password_email(user, 'http://localhost/reset-password') assert len(mailoutbox) == 1 email = mailoutbox[0] assert email.subject == 'Reset password' assert email.from_email == 'no-reply@localhost' assert 'test@localhost' in email.to html_body = email.alternatives[0][0] search_url = 'http://localhost/reset-password/' start_url_index = html_body.index(search_url) assert start_url_index != -1 end_url_index = html_body.index('"', start_url_index) token = html_body[start_url_index + len(search_url):end_url_index] user_id = signer.loads(token) assert user_id == user.id
def test_reset_password(data_fixture): user = data_fixture.create_user(email='test@localhost') handler = UserHandler() signer = handler.get_reset_password_signer() with pytest.raises(BadSignature): handler.reset_password('test', 'test') assert not user.check_password('test') with freeze_time('2020-01-01 12:00'): token = signer.dumps(9999) with freeze_time('2020-01-02 12:00'): with pytest.raises(UserNotFound): handler.reset_password(token, 'test') assert not user.check_password('test') with freeze_time('2020-01-01 12:00'): token = signer.dumps(user.id) with freeze_time('2020-01-04 12:00'): with pytest.raises(SignatureExpired): handler.reset_password(token, 'test') assert not user.check_password('test') with freeze_time('2020-01-02 12:00'): user = handler.reset_password(token, 'test') assert user.check_password('test')
def test_password_reset(data_fixture, client): user = data_fixture.create_user(email='test@localhost') handler = UserHandler() signer = handler.get_reset_password_signer() response = client.post(reverse('api:user:reset_password'), {}, format='json') response_json = response.json() assert response.status_code == HTTP_400_BAD_REQUEST assert response_json['error'] == 'ERROR_REQUEST_BODY_VALIDATION' response = client.post(reverse('api:user:reset_password'), { 'token': 'test', 'password': '******' }, format='json') response_json = response.json() assert response.status_code == HTTP_400_BAD_REQUEST assert response_json['error'] == 'BAD_TOKEN_SIGNATURE' with freeze_time('2020-01-01 12:00'): token = signer.dumps(user.id) with freeze_time('2020-01-04 12:00'): response = client.post(reverse('api:user:reset_password'), { 'token': token, 'password': '******' }, format='json') response_json = response.json() assert response.status_code == HTTP_400_BAD_REQUEST assert response_json['error'] == 'EXPIRED_TOKEN_SIGNATURE' with freeze_time('2020-01-01 12:00'): token = signer.dumps(9999) with freeze_time('2020-01-02 12:00'): response = client.post(reverse('api:user:reset_password'), { 'token': token, 'password': '******' }, format='json') response_json = response.json() assert response.status_code == HTTP_400_BAD_REQUEST assert response_json['error'] == 'ERROR_USER_NOT_FOUND' with freeze_time('2020-01-01 12:00'): token = signer.dumps(user.id) with freeze_time('2020-01-02 12:00'): response = client.post(reverse('api:user:reset_password'), { 'token': token, 'password': '******' }, format='json') assert response.status_code == 204 user.refresh_from_db() assert user.check_password('test')
def post(self, request, data): """Changes the authenticated user's password if the old password is correct.""" handler = UserHandler() handler.change_password(request.user, data["old_password"], data["new_password"]) return Response("", status=204)
def test_change_password(data_fixture): user = data_fixture.create_user(email='test@localhost', password='******') handler = UserHandler() with pytest.raises(InvalidPassword): handler.change_password(user, 'INCORRECT', 'new') user.refresh_from_db() assert user.check_password('test') user = handler.change_password(user, 'test', 'new') assert user.check_password('new')
def test_change_password(data_fixture): user = data_fixture.create_user(email="test@localhost", password="******") handler = UserHandler() with pytest.raises(InvalidPassword): handler.change_password(user, "INCORRECT", "new") user.refresh_from_db() assert user.check_password("test") user = handler.change_password(user, "test", "new") assert user.check_password("new")
def test_first_ever_created_user_is_staff(data_fixture): user_handler = UserHandler() data_fixture.update_settings(allow_new_signups=True) first_user = user_handler.create_user('First Ever User', '*****@*****.**', 'password') assert first_user.first_name == 'First Ever User' assert first_user.is_staff second_user = user_handler.create_user('Second User', '*****@*****.**', 'password') assert second_user.first_name == 'Second User' assert not second_user.is_staff
def test_first_ever_created_user_is_staff(data_fixture): user_handler = UserHandler() data_fixture.update_settings(allow_new_signups=True) first_user = user_handler.create_user("First Ever User", "*****@*****.**", "password") assert first_user.first_name == "First Ever User" assert first_user.is_staff second_user = user_handler.create_user("Second User", "*****@*****.**", "password") assert second_user.first_name == "Second User" assert not second_user.is_staff
def post(self, request, data): """ If the email is found, an email containing the password reset link is send to the user. """ handler = UserHandler() try: user = handler.get_user(email=data["email"]) handler.send_reset_password_email(user, data["base_url"]) except UserNotFound: pass return Response("", status=204)
def test_get_user(data_fixture): user_1 = data_fixture.create_user(email='user1@localhost') handler = UserHandler() with pytest.raises(ValueError): handler.get_user() with pytest.raises(UserNotFound): handler.get_user(user_id=-1) with pytest.raises(UserNotFound): handler.get_user(email='user3@localhost') assert handler.get_user(user_id=user_1.id).id == user_1.id assert handler.get_user(email=user_1.email).id == user_1.id
def test_create_user(): plugin_mock = MagicMock() plugin_registry.registry['mock'] = plugin_mock user_handler = UserHandler() user = user_handler.create_user('Test1', '*****@*****.**', 'password') assert user.pk assert user.first_name == 'Test1' assert user.email == '*****@*****.**' assert user.username == '*****@*****.**' assert Group.objects.all().count() == 1 group = Group.objects.all().first() assert group.users.filter(id=user.id).count() == 1 assert group.name == "Test1's group" assert Database.objects.all().count() == 1 assert Table.objects.all().count() == 2 assert GridView.objects.all().count() == 2 assert TextField.objects.all().count() == 3 assert LongTextField.objects.all().count() == 1 assert BooleanField.objects.all().count() == 2 assert DateField.objects.all().count() == 1 assert GridViewFieldOptions.objects.all().count() == 3 tables = Table.objects.all().order_by('id') model_1 = tables[0].get_model() model_1_results = model_1.objects.all() assert len(model_1_results) == 4 assert model_1_results[0].order == Decimal('1.00000000000000000000') assert model_1_results[1].order == Decimal('2.00000000000000000000') assert model_1_results[2].order == Decimal('3.00000000000000000000') assert model_1_results[3].order == Decimal('4.00000000000000000000') model_2 = tables[1].get_model() model_2_results = model_2.objects.all() assert len(model_2_results) == 3 assert model_2_results[0].order == Decimal('1.00000000000000000000') assert model_2_results[1].order == Decimal('2.00000000000000000000') assert model_2_results[2].order == Decimal('3.00000000000000000000') plugin_mock.user_created.assert_called_with(user, group, None) with pytest.raises(UserAlreadyExist): user_handler.create_user('Test1', '*****@*****.**', 'password')
def test_send_reset_password_email(data_fixture, mailoutbox): user = data_fixture.create_user(email="test@localhost") handler = UserHandler() with pytest.raises(BaseURLHostnameNotAllowed): handler.send_reset_password_email(user, "http://test.nl/reset-password") signer = handler.get_reset_password_signer() handler.send_reset_password_email(user, "http://*****:*****@localhost" assert "test@localhost" in email.to html_body = email.alternatives[0][0] search_url = "http://localhost:3000/reset-password/" start_url_index = html_body.index(search_url) assert start_url_index != -1 end_url_index = html_body.index('"', start_url_index) token = html_body[start_url_index + len(search_url):end_url_index] user_id = signer.loads(token) assert user_id == user.id
def test_create_user_with_template(data_fixture): old_templates = settings.APPLICATION_TEMPLATES_DIR settings.APPLICATION_TEMPLATES_DIR = os.path.join( settings.BASE_DIR, "../../../tests/templates") template = data_fixture.create_template(slug="example-template") user_handler = UserHandler() user_handler.create_user("Test1", "*****@*****.**", "password", template=template) assert Group.objects.all().count() == 2 assert GroupUser.objects.all().count() == 1 # We expect the example template to be installed assert Database.objects.all().count() == 1 assert Database.objects.all().first().name == "Event marketing" assert Table.objects.all().count() == 2 settings.APPLICATION_TEMPLATES_DIR = old_templates
def test_create_user(data_fixture): plugin_mock = MagicMock() plugin_registry.registry["mock"] = plugin_mock user_handler = UserHandler() data_fixture.update_settings(allow_new_signups=False) with pytest.raises(DisabledSignupError): user_handler.create_user("Test1", "*****@*****.**", "password") assert User.objects.all().count() == 0 data_fixture.update_settings(allow_new_signups=True) user = user_handler.create_user("Test1", "*****@*****.**", "password") assert user.pk assert user.first_name == "Test1" assert user.email == "*****@*****.**" assert user.username == "*****@*****.**" assert Group.objects.all().count() == 1 group = Group.objects.all().first() assert group.users.filter(id=user.id).count() == 1 assert group.name == "Test1's group" assert Database.objects.all().count() == 1 assert Table.objects.all().count() == 2 assert GridView.objects.all().count() == 2 assert TextField.objects.all().count() == 3 assert LongTextField.objects.all().count() == 1 assert BooleanField.objects.all().count() == 2 assert DateField.objects.all().count() == 1 assert GridViewFieldOptions.objects.all().count() == 3 tables = Table.objects.all().order_by("id") model_1 = tables[0].get_model() model_1_results = model_1.objects.all() assert len(model_1_results) == 4 assert model_1_results[0].order == Decimal("1.00000000000000000000") assert model_1_results[1].order == Decimal("2.00000000000000000000") assert model_1_results[2].order == Decimal("3.00000000000000000000") assert model_1_results[3].order == Decimal("4.00000000000000000000") model_2 = tables[1].get_model() model_2_results = model_2.objects.all() assert len(model_2_results) == 3 assert model_2_results[0].order == Decimal("1.00000000000000000000") assert model_2_results[1].order == Decimal("2.00000000000000000000") assert model_2_results[2].order == Decimal("3.00000000000000000000") plugin_mock.user_created.assert_called_with(user, group, None, None) with pytest.raises(UserAlreadyExist): user_handler.create_user("Test1", "*****@*****.**", "password")
def post(self, request, data): """Registers a new user.""" user = UserHandler().create_user(name=data['name'], email=data['email'], password=data['password']) response = {'user': UserSerializer(user).data} if data['authenticate']: payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) response.update(token=token) return Response(response)
def test_create_user_with_invitation(data_fixture): plugin_mock = MagicMock() plugin_registry.registry["mock"] = plugin_mock user_handler = UserHandler() core_handler = CoreHandler() invitation = data_fixture.create_group_invitation(email="*****@*****.**") signer = core_handler.get_group_invitation_signer() with pytest.raises(BadSignature): user_handler.create_user("Test1", "*****@*****.**", "password", "INVALID") with pytest.raises(GroupInvitationDoesNotExist): user_handler.create_user("Test1", "*****@*****.**", "password", signer.dumps(99999)) with pytest.raises(GroupInvitationEmailMismatch): user_handler.create_user("Test1", "*****@*****.**", "password", signer.dumps(invitation.id)) user = user_handler.create_user("Test1", "*****@*****.**", "password", signer.dumps(invitation.id)) assert Group.objects.all().count() == 1 assert Group.objects.all().first().id == invitation.group_id assert GroupUser.objects.all().count() == 2 plugin_mock.user_created.assert_called_once() args = plugin_mock.user_created.call_args assert args[0][0] == user assert args[0][1].id == invitation.group_id assert args[0][2].email == invitation.email assert args[0][2].group_id == invitation.group_id # We do not expect any initial data to have been created. assert Database.objects.all().count() == 0 assert Table.objects.all().count() == 0
def post(self, request, data): """Registers a new user.""" template = (Template.objects.get( pk=data["template_id"]) if data["template_id"] else None) user = UserHandler().create_user( name=data["name"], email=data["email"], password=data["password"], group_invitation_token=data.get("group_invitation_token"), template=template, ) response = {"user": UserSerializer(user).data} if data["authenticate"]: payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) response.update(token=token) return Response(response)
def test_password_reset(data_fixture, client): user = data_fixture.create_user(email="test@localhost") handler = UserHandler() signer = handler.get_reset_password_signer() response = client.post(reverse("api:user:reset_password"), {}, format="json") response_json = response.json() assert response.status_code == HTTP_400_BAD_REQUEST assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION" response = client.post( reverse("api:user:reset_password"), { "token": "test", "password": "******" }, format="json", ) response_json = response.json() assert response.status_code == HTTP_400_BAD_REQUEST assert response_json["error"] == "BAD_TOKEN_SIGNATURE" with freeze_time("2020-01-01 12:00"): token = signer.dumps(user.id) with freeze_time("2020-01-04 12:00"): response = client.post( reverse("api:user:reset_password"), { "token": token, "password": "******" }, format="json", ) response_json = response.json() assert response.status_code == HTTP_400_BAD_REQUEST assert response_json["error"] == "EXPIRED_TOKEN_SIGNATURE" with freeze_time("2020-01-01 12:00"): token = signer.dumps(9999) with freeze_time("2020-01-02 12:00"): response = client.post( reverse("api:user:reset_password"), { "token": token, "password": "******" }, format="json", ) response_json = response.json() assert response.status_code == HTTP_400_BAD_REQUEST assert response_json["error"] == "ERROR_USER_NOT_FOUND" with freeze_time("2020-01-01 12:00"): token = signer.dumps(user.id) with freeze_time("2020-01-02 12:00"): response = client.post( reverse("api:user:reset_password"), { "token": token, "password": "******" }, format="json", ) assert response.status_code == 204 user.refresh_from_db() assert user.check_password("test")