def test_get_invalid_uid(client, user):
uidb64 = "XX"
token = token_generator.make_token(user)
url = client.app.url_path_for("auth:password_reset_confirm",
uidb64=uidb64,
token=token)
response = client.get(url)
assert response.status_code == 404
def test_invalid(test_data, client, user):
uidb64 = urlsafe_base64_encode(bytes(str(user.id), encoding="utf-8"))
token = token_generator.make_token(user)
url = client.app.url_path_for("auth:password_reset_confirm",
uidb64=uidb64,
token=token)
response = client.post(url, data=test_data)
assert response.status_code == 200
assert response.url == f"http://testserver{url}"
def test_get_200(client, user):
uidb64 = urlsafe_base64_encode(bytes(str(user.id), encoding="utf-8"))
token = token_generator.make_token(user)
url = client.app.url_path_for("auth:password_reset_confirm",
uidb64=uidb64,
token=token)
response = client.get(url)
assert response.status_code == 200
assert "form" in response.context
assert "request" in response.context
def test_get_user_not_active(client, user):
user.is_active = False
user.save()
uidb64 = urlsafe_base64_encode(bytes(str(user.id), encoding="utf-8"))
token = token_generator.make_token(user)
url = client.app.url_path_for("auth:password_reset_confirm",
uidb64=uidb64,
token=token)
response = client.get(url)
assert response.status_code == 404
def test_post(client, user):
uidb64 = urlsafe_base64_encode(bytes(str(user.id), encoding="utf-8"))
token = token_generator.make_token(user)
url = client.app.url_path_for("auth:password_reset_confirm",
uidb64=uidb64,
token=token)
response = client.post(url,
data={
"new_password": "******",
"confirm_new_password": "******"
})
assert response.status_code == 302
assert response.next.url == "http://testserver/auth/password/reset/complete"
def test_get_user_url_is_invalid_by_logging_in(client, user):
uidb64 = urlsafe_base64_encode(bytes(str(user.id), encoding="utf-8"))
token = token_generator.make_token(user)
url = client.app.url_path_for("auth:password_reset_confirm",
uidb64=uidb64,
token=token)
# here we just update the last_login to simulate the user logging
# in after the pw request is created
user.last_login = datetime.utcnow()
user.save()
response = client.get(url)
assert response.status_code == 404
def test_post_changed_password(client, user):
uidb64 = urlsafe_base64_encode(bytes(str(user.id), encoding="utf-8"))
token = token_generator.make_token(user)
url = client.app.url_path_for("auth:password_reset_confirm",
uidb64=uidb64,
token=token)
client.post(url,
data={
"new_password": "******",
"confirm_new_password": "******"
})
user.refresh_from_db()
assert user.check_password("foobar25")
def test_post_url_is_one_time_use(client, user):
uidb64 = urlsafe_base64_encode(bytes(str(user.id), encoding="utf-8"))
token = token_generator.make_token(user)
url = client.app.url_path_for("auth:password_reset_confirm",
uidb64=uidb64,
token=token)
client.post(url,
data={
"new_password": "******",
"confirm_new_password": "******"
})
another = client.get(url)
assert another.status_code == 404
async def send_email(self, request: Request):
from . import config
user = await db.get_user_by_email(self.data["email"])
if not user:
return
templates = config.templates
context = {
"request":
request,
"uid":
http.urlsafe_base64_encode(bytes(str(user["id"]),
encoding="utf-8")),
"user":
user,
"token":
token_generator.make_token(user),
}
msg = EmailMessage()
if (not config.reset_pw_email_subject_template
or not config.reset_pw_email_template):
error_message = (
"To sent a password reset email you must specify both the "
"`reset_pw_email_subject_template` and `reset_pw_email_template` "
"templates. Additionally you can also specify the "
"`reset_pw_html_email_template` to send an html version.")
raise ImproperlyConfigured(error_message)
subject_tmpl = templates.get_template(
config.reset_pw_email_subject_template)
subject = subject_tmpl.render(context)
body_tmpl = templates.get_template(config.reset_pw_email_template)
body = body_tmpl.render(context)
msg["To"] = [user["email"]]
msg["Subject"] = subject
msg.set_content(body)
if config.reset_pw_html_email_template:
html_body_tmpl = templates.get_template(
config.reset_pw_html_email_template)
html_body = html_body_tmpl.render(context)
msg.add_alternative(html_body, subtype="html")
await send_message(msg)