def test_user_cannot_change_password_with_wrong_old_password( self, mock_object): mock_object.return_value = {} self.user.is_active = True self.user.save() # this should perform login login_response = client.post(self.login_url, data=self.data) token = login_response.data['token'] data = { "old_password": faker.password(), "new_password": faker.password(), } # this should perform change password change_password_response = client.post( self.change_password_url, json.dumps(data), **{ 'HTTP_AUTHORIZATION': f'JWT {token}', 'content_type': 'application/json' }, ) self.assertEqual(change_password_response.status_code, 400) self.assertEqual(change_password_response.data['errors'][0]['message'], 'Old password is invalid.')
def setUp(self): self.test_password = faker.password() self.token = PasswordResetTokenFactory() self.user = self.token.user self.user.set_password(self.test_password) self.user.save() self.initial_secret_key = self.user.secret_key self.password = faker.password()
def test_user_cannot_change_password_with_invalid_token(self, mock_object): mock_object.return_value = {} self.user.is_active = True self.user.save() # this should perform login login_response = client.post(self.login_url, data=self.data) token = login_response.data['token'] self.user.rotate_secret_key() data = { 'old_password': self.test_password, 'new_password': faker.password(), } # this should perform change password change_password_response = client.post( self.change_password_url, json.dumps(data), **{ 'HTTP_AUTHORIZATION': f'JWT {token}', 'content_type': 'application/json' }, ) self.assertEqual(change_password_response.status_code, 401) self.assertEqual(change_password_response.data['errors'][0]['code'], 'authentication_failed')
def test_inactive_user_cannot_change_password(self, mock_object): mock_object.return_value = {} self.user.is_active = True self.user.save() # this should perform login login_response = client.post(self.login_url, data=self.data) token = login_response.data['token'] self.user.is_active = False self.user.save() data = { 'old_password': self.test_password, 'new_password': faker.password(), } # this should perform change password change_password_response = client.post( self.change_password_url, json.dumps(data), **{ 'HTTP_AUTHORIZATION': f'JWT {token}', 'content_type': 'application/json' }, ) self.assertEqual(change_password_response.status_code, 401) self.assertEqual(change_password_response.data['errors'][0]['message'], 'User account is disabled.')
def test_active_user_can_change_password_with_valid_token( self, mock1, mock2): mock1.return_value = {} self.user.is_active = True self.user.save() # this should perform login login_response = client.post(self.login_url, data=self.data) token = login_response.data['token'] data = { "old_password": self.test_password, "new_password": faker.password(), } # this should perform change password change_password_response = client.post( self.change_password_url, json.dumps(data), **{ 'HTTP_AUTHORIZATION': f'JWT {token}', 'content_type': 'application/json' }, ) self.assertTrue(mock2.called) self.assertEqual(change_password_response.status_code, 202)
def setUp(self): self.test_password = faker.password() self.test_email = faker.email() self.user = BaseUserFactory(email=self.test_email) self.user.set_password(self.test_password) self.user.is_active = True self.user.save() self.login_url = reverse('api:auth:login')
def test_user_cannot_login_with_wrong_password(self): password = faker.password() data = { 'email': self.user.email, 'password': password, } response = client.post(self.login_url, data=data) self.assertEqual(response.status_code, 400)
def setUp(self): self.password_reset_token = PasswordResetTokenFactory() self.user = self.password_reset_token.user self.user.is_active = True self.user.save() self.url = reverse('api:auth:forgot-password-set') self.password = faker.password() self.data = { 'token': str(self.password_reset_token.token), 'password': self.password, }
def setUp(self): self.test_email = faker.email() self.test_password = faker.password() self.user = BaseUserFactory(email=self.test_email) self.user.set_password(self.test_password) self.user.save() self.login_url = reverse('api:auth:login') self.logout_url = reverse('api:auth:logout') self.change_password_url = reverse('api:auth:change-password') self.data = { 'email': self.test_email, 'password': self.test_password, }
def setUp(self): self.test_email = faker.email() self.test_password = faker.password() self.user = BaseUserFactory(email=self.test_email) self.user.set_password(self.test_password) self.user.is_active = True self.user.save() self.login_url = reverse('api:auth:login') self.user_detail_url = reverse('api:auth:user-detail') self.data = { 'email': self.test_email, 'password': self.test_password, }
def test_creating_single_teacher_works(self): count = Teacher.objects.count() email, password = faker.email(), faker.password() Teacher.objects.create(email=email, password=password) self.assertEqual(count + 1, Teacher.objects.count()) teacher = Teacher.objects.first() self.assertEqual(email, teacher.email) self.assertTrue(teacher.user.check_password(password)) self.assertIsNotNone(teacher.user.downcast(Teacher))
def test_creating_single_student_works(self): count = Student.objects.count() email, password = faker.email(), faker.password() Student.objects.create(email=email, password=password) self.assertEqual(count + 1, Student.objects.count()) student = Student.objects.first() self.assertEqual(email, student.email) self.assertTrue(student.user.check_password(password)) self.assertIsNotNone(student.user.downcast(Student))
def test_user_can_decode_only_own_tokens(self): response1 = self.post(self.login_url, data=self.data) user = BaseUserFactory() user.is_active = True user.passwd = faker.password() user.set_password(user.passwd) user.save() data = { 'email': user.email, 'password': user.passwd, } response2 = self.post(self.login_url, data=data) token_user1 = response1.data['token'] token_user2 = response2.data['token'] self.assertNotEqual(token_user1, token_user2) self.assertNotEqual(self.user.secret_key, user.secret_key) with self.assertRaises(InvalidSignatureError): jwt.decode(token_user1, key=str(user.secret_key)) with self.assertRaises(InvalidSignatureError): jwt.decode(token_user2, key=str(self.user.secret_key)) self.assertEqual( self.user.email, jwt.decode(token_user1, key=str(self.user.secret_key))['email'] ) self.assertEqual( user.email, jwt.decode(token_user2, key=str(user.secret_key))['email'] )
def setUp(self): self.email = faker.email() self.test_password = faker.password()
class BaseUserFactory(factory.DjangoModelFactory): class Meta: model = BaseUser email = factory.Sequence(lambda n: '{}{}'.format(n, faker.email())) password = faker.password()