def test_reset_password_bad_email(self):
# Create an account without going through the accounts API.
hashed_password = hash_password("12éé6")
self.app.app.registry.storage.create(
parent_id="alice",
resource_name="account",
record={"id": "alice", "password": hashed_password},
)
resp = self.app.post_json("/accounts/alice/reset-password", {}, status=400)
assert "user id should match" in resp.json["message"]
def test_previously_created_accounts_can_still_authenticate(self):
"""Accounts created before activating the 'account validation' option can still authenticate."""
# Create an account without going through the accounts API.
hashed_password = hash_password("12éé6")
self.app.app.registry.storage.create(
parent_id="alice",
resource_name="account",
record={"id": "alice", "password": hashed_password},
)
resp = self.app.get("/", headers=get_user_headers("alice", "12éé6"))
assert resp.json["user"]["id"] == "account:alice"