def test_decode_invitation_token_does_not_work_if_token_expired(email_app):
with freeze_time('2015-01-02 03:04:05'):
data = {'email_address': '*****@*****.**', 'supplier_name': 'A. Supplier'}
token = generate_token(data, email_app.config['SHARED_EMAIL_KEY'], email_app.config['INVITE_EMAIL_SALT'])
with email_app.app_context():
assert decode_invitation_token(token, role='supplier') is None
def generate_buyer_creation_token(name, email_address, **unused):
data = {
'name': name,
'email_address': email_address,
}
token = generate_token(data, current_app.config['SECRET_KEY'], current_app.config['BUYER_CREATION_TOKEN_SALT'])
return token
def generate_buyer_creation_token(name, email_address, **unused):
data = {
'name': name,
'email_address': email_address,
}
token = generate_token(data, current_app.config['SECRET_KEY'], current_app.config['BUYER_CREATION_TOKEN_SALT'])
return token
def test_token_created_before_last_updated_password_cannot_be_used(self):
self.data_api_client.get_user.return_value = self.user(
123,
"*****@*****.**",
1234,
'email',
'Name',
is_token_valid=False)
token = generate_token(self._user, self.app.config['SHARED_EMAIL_KEY'],
self.app.config['RESET_PASSWORD_TOKEN_NS'])
url = '/user/reset-password/{}'.format(token)
res = self.client.post(url,
data={
'password': '******',
'confirm_password': '******'
},
follow_redirects=True)
assert res.status_code == 200
document = html.fromstring(res.get_data(as_text=True))
error_selector = cssselect.CSSSelector('div.dm-alert.dm-alert--error')
error_elements = error_selector(document)
assert len(error_elements) == 1
assert reset_password.EXPIRED_PASSWORD_RESET_TOKEN_MESSAGE in error_elements[
0].text_content()
assert self.data_api_client.update_user_password.called is False
def test_parse_timestamp_from_token():
test_time = datetime(2000, 1, 1)
with freeze_time(test_time):
data = {}
token = generate_token(data, TEST_SECRET_KEY, 'PassSalt')
timestamp = parse_fernet_timestamp(token)
assert timestamp == test_time
def test_parse_timestamp_from_token():
test_time = datetime(2000, 1, 1)
with freeze_time(test_time):
data = {}
token = generate_token(data, TEST_SECRET_KEY, 'PassSalt')
timestamp = parse_fernet_timestamp(token)
assert timestamp == test_time
def test_decode_invitation_token_does_not_work_if_token_expired(email_app):
with freeze_time('2015-01-02 03:04:05'):
data = {'email_address': '*****@*****.**', 'supplier_name': 'A. Supplier'}
token = generate_token(data, TEST_SECRET_KEY, email_app.config['INVITE_EMAIL_SALT'])
with email_app.app_context():
assert decode_invitation_token(token, role='supplier') is None
def test_should_render_correct_error_page_for_old_style_expired_supplier_token(self):
with freeze_time('2016-09-28 16:00:00'):
token = generate_token(
{
"supplier_id": '12345',
"supplier_name": 'Supplier Name',
"email_address": '*****@*****.**'
},
self.app.config['SHARED_EMAIL_KEY'],
self.app.config['INVITE_EMAIL_TOKEN_NS']
)
res = self.client.get(
'/user/create/{}'.format(token)
)
assert res.status_code == 400
messages = [
'The link you used to create an account may have expired.',
'Check you’ve entered the correct link or ask the person who invited you to send a new invitation.'
]
for message in messages:
assert message in res.get_data(as_text=True)
def test_should_render_correct_error_page_for_old_style_expired_buyer_token(self):
with freeze_time('2016-09-28 16:00:00'):
token = generate_token(
{"email_address": '*****@*****.**'},
self.app.config['SHARED_EMAIL_KEY'],
self.app.config['INVITE_EMAIL_TOKEN_NS']
)
res = self.client.get(
'/user/create/{}'.format(token)
)
assert res.status_code == 400
doc = html.fromstring(res.get_data())
p = doc.xpath(
"//p[contains(normalize-space(string()),$t)][contains(normalize-space(string()),$m)]",
t="The link you used to create an account may have expired.",
m="Check you’ve entered the correct link or send a new one",
)
assert p
assert p[0].xpath(
".//a[@href=$u][normalize-space(string())=$t]",
u="/buyers/create",
t="send a new one",
)
def test_invalid_token_contents_500s(self):
token = generate_token({'this_is_not_expected': 1234},
self.app.config['SHARED_EMAIL_KEY'],
self.app.config['INVITE_EMAIL_TOKEN_NS'])
with pytest.raises(KeyError):
self.client.get('/user/create/{}'.format(token))
def test_decode_password_reset_token_ok_for_good_token(email_app, user):
user['users']['passwordChangedAt'] = "2016-01-01T12:00:00.30Z"
data_api_client = mock.Mock()
data_api_client.get_user.return_value = user
with email_app.app_context():
data = {'user': '******'}
token = generate_token(data, TEST_SECRET_KEY, 'PassSalt')
assert decode_password_reset_token(token, data_api_client) == data
def _generate_token(self, email_address='*****@*****.**'):
return generate_token(
{
'email_address': email_address
},
self.app.config['SHARED_EMAIL_KEY'],
self.app.config['INVITE_EMAIL_SALT']
)
def test_decode_invitation_token_decodes_ok_for_supplier(email_app):
with email_app.app_context():
data = {
'email_address': '*****@*****.**',
'supplier_code': 1234,
'supplier_name': 'A. Supplier'
}
token = generate_token(data, TEST_SECRET_KEY, 'Salt')
assert decode_invitation_token(token, role='supplier') == data
def test_cant_decode_token_with_wrong_key():
token = generate_token({
"key1": "value1",
"key2": "value2"},
secret_key=TEST_SECRET_KEY,
salt="1234567890")
with pytest.raises(InvalidToken):
decode_token(token, 'WrongKeyWrongKeyWrongKeyWrongKeyWrongKeyXXX=', '1234567890')
def test_decode_password_reset_token_ok_for_good_token(email_app):
user = user_json()
user['users']['passwordChangedAt'] = "2016-01-01T12:00:00.30Z"
data_api_client = mock.Mock()
data_api_client.get_user.return_value = user
with email_app.app_context():
data = {'user': '******'}
token = generate_token(data, 'Secret', 'PassSalt')
assert decode_password_reset_token(token, data_api_client) == data
def generate_supplier_invitation_token(name, email_address, supplier_code, supplier_name):
data = {
'name': name,
'emailAddress': email_address,
'supplierCode': supplier_code,
'supplierName': supplier_name,
}
token = generate_token(data, current_app.config['SECRET_KEY'], current_app.config['SUPPLIER_INVITE_TOKEN_SALT'])
return token
def test_should_be_an_error_for_invalid_token_contents(
self, data_api_client):
token = generate_token({'this_is_not_expected': 1234},
self.app.config['SHARED_EMAIL_KEY'],
self.app.config['INVITE_EMAIL_SALT'])
res = self.client.get('/suppliers/create-user/{}'.format(token))
assert res.status_code == 400
assert data_api_client.get_user.called is False
assert data_api_client.get_supplier.called is False
def test_decode_password_reset_token_does_not_work_if_bad_token(email_app):
user = user_json()
user['users']['passwordChangedAt'] = "2016-01-01T12:00:00.30Z"
data_api_client = mock.Mock()
data_api_client.get_user.return_value = user
data = {'user': '******'}
token = generate_token(data, TEST_SECRET_KEY, 'PassSalt')[1:]
with email_app.app_context():
assert decode_password_reset_token(token, data_api_client) == {'error': 'token_invalid'}
def test_should_be_an_error_for_invalid_token_contents(
self, data_api_client):
token = generate_token({'this_is_not_expected': 1234},
self.app.config['SECRET_KEY'],
self.app.config['SUPPLIER_INVITE_TOKEN_SALT'])
res = self.client.get(self.url_for('main.create_user', token=token))
assert res.status_code == 404
assert data_api_client.get_user.called is False
assert data_api_client.get_supplier.called is False
def _generate_token(self, email_address='*****@*****.**', role='buyer'):
token_data = {'role': role, 'email_address': email_address}
if role == 'buyer':
token_data.update({"phoneNumber": "020-7930-4832"})
elif role == 'supplier':
token_data.update({"supplier_id": '12345'})
return generate_token(token_data, self.app.config['SHARED_EMAIL_KEY'],
self.app.config['INVITE_EMAIL_TOKEN_NS'])
def _generate_token(self, supplier_id=1234, supplier_name='Supplier Name', email_address='*****@*****.**'):
return generate_token(
{
'supplier_id': supplier_id,
'supplier_name': supplier_name,
'email_address': email_address
},
self.app.config['SHARED_EMAIL_KEY'],
self.app.config['INVITE_EMAIL_SALT']
)
def test_decode_password_reset_token_does_not_work_if_bad_token(email_app):
user = user_json()
user['users']['passwordChangedAt'] = "2016-01-01T12:00:00.30Z"
data_api_client = mock.Mock()
data_api_client.get_user.return_value = user
data = {'user': '******'}
token = generate_token(data, 'Secret', 'PassSalt')[1:]
with email_app.app_context():
assert decode_password_reset_token(token, data_api_client) == {'error': 'token_invalid'}
def test_can_generate_token():
token = generate_token({
"key1": "value1",
"key2": "value2"
},
secret_key=TEST_SECRET_KEY,
salt="1234567890")
token = decode_token(token, TEST_SECRET_KEY, '1234567890')
assert {"key1": "value1", "key2": "value2"} == token
def test_decode_invitation_token_does_not_work_if_bad_token(email_app):
with email_app.app_context():
data = {
'email_address': '*****@*****.**',
'supplier_name': 'A. Supplier'
}
token = generate_token(data, TEST_SECRET_KEY,
email_app.config['INVITE_EMAIL_SALT'])[1:]
assert decode_invitation_token(token, role='supplier') is None
def test_cant_decode_token_with_wrong_key():
token = generate_token({
"key1": "value1",
"key2": "value2"},
secret_key="1234567890",
salt="1234567890")
with pytest.raises(BadTimeSignature) as error:
decode_token(token, "failed", "1234567890")
assert "does not match" in str(error.value)
def _generate_token(self,
supplier_id=1234,
supplier_name='Supplier Name',
email_address='*****@*****.**'):
return generate_token(
{
'supplier_id': supplier_id,
'supplier_name': supplier_name,
'email_address': email_address
}, self.app.config['SHARED_EMAIL_KEY'],
self.app.config['INVITE_EMAIL_SALT'])
def generate_creation_token(name, email_address, user_type, framework,
**unused):
data = {
'name': name,
'email_address': email_address,
'user_type': user_type,
'framework': framework
}
token = generate_token(data, current_app.config['SECRET_KEY'],
current_app.config['SIGNUP_INVITATION_TOKEN_SALT'])
return token
def test_can_generate_token():
token = generate_token({
"key1": "value1",
"key2": "value2"},
secret_key=TEST_SECRET_KEY,
salt="1234567890")
token = decode_token(token, TEST_SECRET_KEY, '1234567890')
assert {
"key1": "value1",
"key2": "value2"} == token
def invite_user_to_application(application_id):
json_payload = request.get_json(True)
email_address = json_payload.get('email')
name = json_payload.get('name')
application = data_api_client.get_application(application_id)
if not application:
return abort(404)
user_json = data_api_client.get_user(email_address=email_address)
if user_json:
return abort(400)
token_data = {'id': application_id, 'name': name, 'email_address': email_address}
token = generate_token(token_data, current_app.config['SECRET_KEY'], current_app.config['INVITE_EMAIL_SALT'])
try:
token = token.decode()
except AttributeError:
pass
url = '{}://{}/{}/{}'.format(
current_app.config['DM_HTTP_PROTO'],
current_app.config['DM_MAIN_SERVER_NAME'],
current_app.config['CREATE_APPLICANT_PATH'],
format(token)
)
email_body = render_template(
'emails/invite_user_application_email.html',
url=url,
supplier=application['application']['name'],
name=name,
)
try:
send_email(
email_address,
email_body,
current_app.config['INVITE_EMAIL_SUBJECT'],
current_app.config['INVITE_EMAIL_FROM'],
current_app.config['INVITE_EMAIL_NAME'],
)
except EmailError as e:
current_app.logger.error(
'Invitation email failed to send error {} to {} supplier {} supplier code {} '.format(
str(e),
email_address,
current_user.supplier_name,
current_user.supplier_code)
)
abort(503, "Failed to send user invite reset")
return jsonify(success=True), 200
def test_email_should_be_decoded_from_token(self):
with self.app.app_context():
token = generate_token(
self._user,
self.app.config['SECRET_KEY'],
self.app.config['RESET_PASSWORD_SALT'])
url = '/reset-password/{}'.format(token)
res = self.client.get(url)
assert res.status_code == 200
assert "Reset password for [email protected]" in res.get_data(as_text=True)
def send_invite_user():
form = EmailAddressForm()
if form.validate_on_submit():
token = generate_token(
{
"supplier_id": current_user.supplier_id,
"supplier_name": current_user.supplier_name,
"email_address": form.email_address.data
},
current_app.config['SHARED_EMAIL_KEY'],
current_app.config['INVITE_EMAIL_SALT']
)
url = url_for('main.create_user', encoded_token=token, _external=True)
email_body = render_template(
"emails/invite_user_email.html",
url=url,
user=current_user.name,
supplier=current_user.supplier_name)
try:
send_email(
form.email_address.data,
email_body,
current_app.config['DM_MANDRILL_API_KEY'],
current_app.config['INVITE_EMAIL_SUBJECT'],
current_app.config['INVITE_EMAIL_FROM'],
current_app.config['INVITE_EMAIL_NAME'],
["user-invite"]
)
except MandrillException as e:
current_app.logger.error(
"Invitation email failed to send. "
"error {error} supplier_id {supplier_id} email_hash {email_hash}",
extra={'error': six.text_type(e),
'supplier_id': current_user.supplier_id,
'email_hash': hash_email(current_user.email_address)})
abort(503, "Failed to send user invite reset")
data_api_client.create_audit_event(
audit_type=AuditTypes.invite_user,
user=current_user.email_address,
object_type='suppliers',
object_id=current_user.supplier_id,
data={'invitedEmail': form.email_address.data},
)
flash('user_invited', 'success')
return redirect(url_for('.list_users'))
else:
return render_template(
"auth/submit_email_address.html",
form=form), 400
def send_invite_user():
form = EmailAddressForm()
if form.validate_on_submit():
token = generate_token(
{
"supplier_id": current_user.supplier_id,
"supplier_name": current_user.supplier_name,
"email_address": form.email_address.data
},
current_app.config['SHARED_EMAIL_KEY'],
current_app.config['INVITE_EMAIL_SALT']
)
url = url_for('main.create_user', encoded_token=token, _external=True)
email_body = render_template(
"emails/invite_user_email.html",
url=url,
user=current_user.name,
supplier=current_user.supplier_name)
try:
send_email(
form.email_address.data,
email_body,
current_app.config['DM_MANDRILL_API_KEY'],
current_app.config['INVITE_EMAIL_SUBJECT'],
current_app.config['INVITE_EMAIL_FROM'],
current_app.config['INVITE_EMAIL_NAME'],
["user-invite"]
)
except MandrillException as e:
current_app.logger.error(
"Invitation email failed to send. "
"error {error} supplier_id {supplier_id} email_hash {email_hash}",
extra={'error': six.text_type(e),
'supplier_id': current_user.supplier_id,
'email_hash': hash_email(current_user.email_address)})
abort(503, "Failed to send user invite reset")
data_api_client.create_audit_event(
audit_type=AuditTypes.invite_user,
user=current_user.email_address,
object_type='suppliers',
object_id=current_user.supplier_id,
data={'invitedEmail': form.email_address.data},
)
flash('user_invited', 'success')
return redirect(url_for('.list_users'))
else:
return render_template(
"auth/submit_email_address.html",
form=form), 400
def test_can_generate_token():
token = generate_token({
"key1": "value1",
"key2": "value2"},
secret_key="1234567890",
salt="1234567890")
token, timestamp = decode_token(token, "1234567890", "1234567890")
assert {
"key1": "value1",
"key2": "value2"} == token
assert timestamp
def test_should_not_strip_whitespace_surrounding_reset_password_password_field(
self):
token = generate_token(self._user, self.app.config['SHARED_EMAIL_KEY'],
self.app.config['RESET_PASSWORD_TOKEN_NS'])
url = '/user/reset-password/{}'.format(token)
self.client.post(url,
data={
'password': '******',
'confirm_password': '******'
})
self.data_api_client.update_user_password.assert_called_with(
self._user.get('user'), ' password12345', self._user.get('email'))
def test_passwords_should_match(self):
token = generate_token(self._user, self.app.config['SHARED_EMAIL_KEY'],
self.app.config['RESET_PASSWORD_TOKEN_NS'])
url = '/user/reset-password/{}'.format(token)
res = self.client.post(url,
data={
'password': '******',
'confirm_password': '******'
})
assert res.status_code == 400
assert PASSWORD_MISMATCH_ERROR_MESSAGE in res.get_data(as_text=True)
assert self.data_api_client.update_user_password.called is False
def test_decode_password_reset_token_does_not_work_if_token_expired(email_app):
user = user_json()
user['users']['passwordChangedAt'] = "2016-01-01T12:00:00.30Z"
data_api_client = mock.Mock()
data_api_client.get_user.return_value = user
with freeze_time('2015-01-02 03:04:05'):
# Token was generated a year before current time
data = {'user': '******'}
token = generate_token(data, TEST_SECRET_KEY, 'PassSalt')
with freeze_time('2016-01-02 03:04:05'):
with email_app.app_context():
assert decode_password_reset_token(token, data_api_client) == {'error': 'token_invalid'}
def test_decode_password_reset_token_does_not_work_if_token_expired(email_app):
user = user_json()
user['users']['passwordChangedAt'] = "2016-01-01T12:00:00.30Z"
data_api_client = mock.Mock()
data_api_client.get_user.return_value = user
with freeze_time('2015-01-02 03:04:05'):
# Token was generated a year before current time
data = {'user': '******'}
token = generate_token(data, 'Secret', 'PassSalt')
with freeze_time('2016-01-02 03:04:05'):
with email_app.app_context():
assert decode_password_reset_token(token, data_api_client) == {'error': 'token_expired'}
def test_password_should_not_be_in_blocklist(self, bad_password):
token = generate_token(self._user, self.app.config['SHARED_EMAIL_KEY'],
self.app.config['RESET_PASSWORD_TOKEN_NS'])
url = '/user/reset-password/{}'.format(token)
res = self.client.post(url,
data={
'password': bad_password,
'confirm_password': bad_password,
})
assert res.status_code == 400
assert PASSWORD_BLOCKLIST_ERROR_MESSAGE in res.get_data(as_text=True)
assert self.data_api_client.update_user_password.called is False
def test_redirect_to_login_page_on_success(self):
with self.app.app_context():
token = generate_token(
self._user,
self.app.config['SECRET_KEY'],
self.app.config['RESET_PASSWORD_SALT'])
url = '/reset-password/{}'.format(token)
res = self.client.post(url, data={
'password': '******',
'confirm_password': '******'
})
assert res.status_code == 302
assert res.location == 'http://localhost/login'
def test_passwords_should_match(self):
with self.app.app_context():
token = generate_token(
self._user,
self.app.config['SECRET_KEY'],
self.app.config['RESET_PASSWORD_SALT'])
url = '/reset-password/{}'.format(token)
res = self.client.post(url, data={
'password': '******',
'confirm_password': '******'
})
assert res.status_code == 400
assert PASSWORD_MISMATCH_ERROR in res.get_data(as_text=True)
def test_should_be_an_error_for_invalid_token_contents(self, data_api_client):
token = generate_token(
{
'this_is_not_expected': 1234
},
self.app.config['SHARED_EMAIL_KEY'],
self.app.config['INVITE_EMAIL_SALT']
)
res = self.client.get(
'/create-user/{}'.format(token)
)
assert res.status_code == 400
assert data_api_client.get_user.called is False
def test_should_not_strip_whitespace_surrounding_reset_password_password_field(self):
with self.app.app_context():
token = generate_token(
self._user,
self.app.config['SECRET_KEY'],
self.app.config['RESET_PASSWORD_SALT'])
url = '/reset-password/{}'.format(token)
self.client.post(url, data={
'password': '******',
'confirm_password': '******'
})
self.data_api_client_mock.update_user_password.assert_called_with(
self._user.get('user'), ' 1234567890', self._user.get('email'))
def test_reset_password_form_and_inputs_specify_input_purpose(
self, data_api_client):
data_api_client.get_user.return_value = self.user(
123, "*****@*****.**", 1234, 'email', 'name')
token = generate_token({
"user": 123,
"email": '*****@*****.**',
}, self.app.config['SHARED_EMAIL_KEY'],
self.app.config['RESET_PASSWORD_TOKEN_NS'])
url = '/user/reset-password/{}'.format(token)
self._forms_and_inputs_specify_input_purpose(
url, "Reset password", "Reset password for [email protected]")
def invite_user_to_application(application_id):
json_payload = request.get_json(True)
email_address = json_payload.get('email')
name = json_payload.get('name')
application = data_api_client.get_application(application_id)
if not application:
return abort(404)
user_json = data_api_client.get_user(email_address=email_address)
if user_json:
return abort(400)
token_data = {'id': application_id, 'name': name, 'email_address': email_address}
token = generate_token(token_data, current_app.config['SECRET_KEY'], current_app.config['INVITE_EMAIL_SALT'])
url = '{}://{}/{}/{}'.format(
current_app.config['DM_HTTP_PROTO'],
current_app.config['DM_MAIN_SERVER_NAME'],
current_app.config['CREATE_APPLICANT_PATH'],
format(token)
)
email_body = render_template(
'emails/invite_user_application_email.html',
url=url,
supplier=application['application']['name'],
name=name,
)
try:
send_email(
email_address,
email_body,
current_app.config['INVITE_EMAIL_SUBJECT'],
current_app.config['INVITE_EMAIL_FROM'],
current_app.config['INVITE_EMAIL_NAME'],
)
except EmailError as e:
current_app.logger.error(
'Invitation email failed to send error {} to {} supplier {} supplier code {} '.format(
str(e),
email_address,
current_user.supplier_name,
current_user.supplier_code)
)
abort(503, "Failed to send user invite reset")
return jsonify(success=True), 200
def test_password_should_not_be_empty(self):
token = generate_token(self._user, self.app.config['SHARED_EMAIL_KEY'],
self.app.config['RESET_PASSWORD_TOKEN_NS'])
url = '/user/reset-password/{}'.format(token)
res = self.client.post(url,
data={
'password': '',
'confirm_password': ''
})
assert res.status_code == 400
assert NEW_PASSWORD_EMPTY_ERROR_MESSAGE in res.get_data(as_text=True)
assert NEW_PASSWORD_CONFIRM_EMPTY_ERROR_MESSAGE in res.get_data(
as_text=True)
assert self.data_api_client.update_user_password.called is False
def test_decode_password_reset_token_does_not_work_if_password_changed_later_than_token(email_app):
user = user_json()
user['users']['passwordChangedAt'] = "2016-01-01T13:00:00.30Z"
data_api_client = mock.Mock()
data_api_client.get_user.return_value = user
with freeze_time('2016-01-01T12:00:00.30Z'):
# Token was generated an hour earlier than password was changed
data = {'user': '******'}
token = generate_token(data, 'Secret', 'PassSalt')
with freeze_time('2016-01-01T14:00:00.30Z'):
# Token is two hours old; password was changed an hour ago
with email_app.app_context():
assert decode_password_reset_token(token, data_api_client) == {'error': 'token_invalid'}
def test_password_should_not_be_empty(self):
with self.app.app_context():
token = generate_token(
self._user,
self.app.config['SECRET_KEY'],
self.app.config['RESET_PASSWORD_SALT'])
url = '/reset-password/{}'.format(token)
res = self.client.post(url, data={
'password': '',
'confirm_password': ''
})
assert res.status_code == 400
assert NEW_PASSWORD_EMPTY_ERROR in res.get_data(as_text=True)
assert NEW_PASSWORD_CONFIRM_EMPTY_ERROR in res.get_data(as_text=True)
def test_decode_password_reset_token_does_not_work_if_password_changed_later_than_token(email_app):
user = user_json()
user['users']['passwordChangedAt'] = "2016-01-01T13:00:00.30Z"
data_api_client = mock.Mock()
data_api_client.get_user.return_value = user
with freeze_time('2016-01-01T12:00:00.30Z'):
# Token was generated an hour earlier than password was changed
data = {'user': '******'}
token = generate_token(data, TEST_SECRET_KEY, 'PassSalt')
with freeze_time('2016-01-01T14:00:00.30Z'):
# Token is two hours old; password was changed an hour ago
with email_app.app_context():
assert decode_password_reset_token(token, data_api_client) == {'error': 'token_invalid'}
def reset_password(user_id):
user = data_api_client.get_user(user_id)
token = generate_token(
{
"user_id": user_id,
"email_address": user['users']['emailAddress']
},
current_app.config['SECRET_KEY'],
current_app.config['RESET_PASSWORD_SALT']
)
return redirect('{}://{}/2/reset-password/{}'.format(current_app.config['DM_HTTP_PROTO'],
current_app.config['DM_MAIN_SERVER_NAME'],
token))
def test_should_be_an_error_for_invalid_token_contents(self, data_api_client):
token = generate_token(
{
'this_is_not_expected': 1234
},
self.app.config['SECRET_KEY'],
self.app.config['SUPPLIER_INVITE_TOKEN_SALT']
)
res = self.client.get(
self.url_for('main.create_user', token=token)
)
assert res.status_code == 404
assert data_api_client.get_user.called is False
assert data_api_client.get_supplier.called is False
def test_password_should_be_under_51_chars_long(self):
with self.app.app_context():
token = generate_token(
self._user,
self.app.config['SECRET_KEY'],
self.app.config['RESET_PASSWORD_SALT'])
url = '/reset-password/{}'.format(token)
res = self.client.post(url, data={
'password':
'******',
'confirm_password':
'******'
})
assert res.status_code == 400
assert PASSWORD_INVALID_ERROR in res.get_data(as_text=True)
def test_reset_password_form_and_inputs_not_autofillable(
self, data_api_client):
data_api_client.get_user.return_value = self.user(
123, "*****@*****.**", 1234, 'email', 'name')
with self.app.app_context():
token = generate_token({
"user": 123,
"email": '*****@*****.**',
}, self.app.config['SECRET_KEY'],
self.app.config['RESET_PASSWORD_SALT'])
url = self.expand_path('/reset-password/{}').format(token)
self._forms_and_inputs_not_autofillable(
url,
"Reset password",
)
def test_redirect_to_login_page_on_success(self):
token = generate_token(self._user, self.app.config['SHARED_EMAIL_KEY'],
self.app.config['RESET_PASSWORD_TOKEN_NS'])
url = '/user/reset-password/{}'.format(token)
res = self.client.post(url,
data={
'password': '******',
'confirm_password': '******'
})
assert res.status_code == 302
assert res.location == 'http://localhost/user/login'
res = self.client.get(res.location)
assert reset_password.PASSWORD_UPDATED_MESSAGE in res.get_data(
as_text=True)
self.data_api_client.update_user_password.assert_called_with(
self._user.get('user'), 'password12345', self._user.get('email'))
def test_token_created_before_last_updated_password_cannot_be_used(
self, data_api_client
):
with self.app.app_context():
data_api_client.get_user.return_value = self.user(
123, "*****@*****.**", 1234, 'email', 'Name', is_token_valid=False
)
token = generate_token(
self._user,
self.app.config['SECRET_KEY'],
self.app.config['RESET_PASSWORD_SALT'])
url = '/reset-password/{}'.format(token)
res = self.client.post(url, data={
'password': '******',
'confirm_password': '******'
}, follow_redirects=True)
assert res.status_code == 200
assert TOKEN_CREATED_BEFORE_PASSWORD_LAST_CHANGED_ERROR in res.get_data(as_text=True)
def test_reset_password_form_and_inputs_not_autofillable(
self, data_api_client
):
data_api_client.get_user.return_value = self.user(
123, "*****@*****.**", 1234, 'email', 'name'
)
with self.app.app_context():
token = generate_token(
{
"user": 123,
"email": '*****@*****.**',
},
self.app.config['SECRET_KEY'],
self.app.config['RESET_PASSWORD_SALT'])
url = self.expand_path('/reset-password/{}').format(token)
self._forms_and_inputs_not_autofillable(
url,
"Reset password",
)
def test_decode_invitation_token_does_not_work_if_bad_token(email_app):
with email_app.app_context():
data = {'email_address': '*****@*****.**', 'supplier_name': 'A. Supplier'}
token = generate_token(data, email_app.config['SHARED_EMAIL_KEY'], email_app.config['INVITE_EMAIL_SALT'])[1:]
assert decode_invitation_token(token, role='supplier') is None
def test_decode_invitation_token_decodes_ok_for_supplier(email_app):
with email_app.app_context():
data = {'email_address': '*****@*****.**', 'supplier_id': 1234, 'supplier_name': 'A. Supplier'}
token = generate_token(data, 'Key', 'Salt')
assert decode_invitation_token(token, role='supplier') == data
def test_decode_invitation_token_decodes_ok_for_buyer(email_app):
with email_app.app_context():
data = {'email_address': '*****@*****.**'}
token = generate_token(data, 'Key', 'Salt')
assert decode_invitation_token(token, role='buyer') == data
