def test_check_token_secret_fallbacks(self): user = User.objects.create_user("tokentestuser", "*****@*****.**", "testpw") p1 = PasswordResetTokenGenerator() p1.secret = "secret" tk = p1.make_token(user) p2 = PasswordResetTokenGenerator() p2.secret = "newsecret" p2.secret_fallbacks = ["secret"] self.assertIs(p1.check_token(user, tk), True) self.assertIs(p2.check_token(user, tk), True)
def test_check_token_secret_fallbacks(self): user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw') p1 = PasswordResetTokenGenerator() p1.secret = 'secret' tk = p1.make_token(user) p2 = PasswordResetTokenGenerator() p2.secret = 'newsecret' p2.secret_fallbacks = ['secret'] self.assertIs(p1.check_token(user, tk), True) self.assertIs(p2.check_token(user, tk), True)
def test_check_token_secret_key_fallbacks_override(self): user = User.objects.create_user("tokentestuser", "*****@*****.**", "testpw") p1 = PasswordResetTokenGenerator() p1.secret = "oldsecret" tk = p1.make_token(user) p2 = PasswordResetTokenGenerator() p2.secret_fallbacks = [] self.assertIs(p2.check_token(user, tk), False)
def test_token_with_different_secret(self): """ A valid token can be created with a secret other than SECRET_KEY by using the PasswordResetTokenGenerator.secret attribute. """ user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw') new_secret = 'abcdefghijkl' # Create and check a token with a different secret. p0 = PasswordResetTokenGenerator() p0.secret = new_secret tk0 = p0.make_token(user) self.assertTrue(p0.check_token(user, tk0)) # Create and check a token with the default secret. p1 = PasswordResetTokenGenerator() self.assertEqual(p1.secret, settings.SECRET_KEY) self.assertNotEqual(p1.secret, new_secret) tk1 = p1.make_token(user) # Tokens created with a different secret don't validate. self.assertFalse(p0.check_token(user, tk1)) self.assertFalse(p1.check_token(user, tk0))
def test_token_with_different_secret(self): """ A valid token can be created with a secret other than SECRET_KEY by using the PasswordResetTokenGenerator.secret attribute. """ user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw') new_secret = 'abcdefghijkl' # Create and check a token with a different secret. p0 = PasswordResetTokenGenerator() p0.secret = new_secret tk0 = p0.make_token(user) self.assertIs(p0.check_token(user, tk0), True) # Create and check a token with the default secret. p1 = PasswordResetTokenGenerator() self.assertEqual(p1.secret, settings.SECRET_KEY) self.assertNotEqual(p1.secret, new_secret) tk1 = p1.make_token(user) # Tokens created with a different secret don't validate. self.assertIs(p0.check_token(user, tk1), False) self.assertIs(p1.check_token(user, tk0), False)