def test_user_can_reset_password(self): url = reverse("password_new") beverly = UserFactory(username="******") beverly.set_password("jack") beverly.save() mismatch_password_data = { "uid": urlsafe_base64_encode(force_bytes(beverly.pk)).decode(), "token": default_token_generator.make_token(beverly), "password": encode_string("wesley"), "confirm_password": encode_string("WESLEY") } response = self.client.post(url, mismatch_password_data, format='json') self.assertEqual(response.status_code, 400) self.assertFalse(User.objects.get(username='******').check_password('wesley')) bad_uid_data = { "uid": urlsafe_base64_encode(force_bytes(UserFactory().pk)).decode(), "token": default_token_generator.make_token(beverly), "password": encode_string("wesley"), "confirm_password": encode_string("wesley") } response = self.client.post(url, bad_uid_data, format='json') self.assertEqual(response.status_code, 400) self.assertFalse(User.objects.get(username='******').check_password('wesley')) good_data = { "uid": urlsafe_base64_encode(force_bytes(beverly.pk)).decode(), "token": default_token_generator.make_token(beverly), "password": encode_string("wesley"), "confirm_password": encode_string("wesley") } self.assertSchemaPost(url, "$setPasswordRequest", "$userResponse", good_data, None, status_OK=True) self.assertTrue(User.objects.get(username='******').check_password('wesley'))
def test_user_can_change_password(self): felicia = UserFactory(username='******') felicia.set_password('password') felicia.save() url = reverse("password_change") data = { "old_password": base64.encodestring("password"), "password": base64.encodestring("felicia"), "confirm_password": base64.encodestring("felicia") } # Unauthenticated user can't change password self.assertSchemaPatch(url, "$changePasswordRequest", "$changePasswordResponse", data, None, unauthorized=True) self.assertFalse( User.objects.get(pk=felicia.pk).check_password("felicia")) # User can't change password if the old / current password is incorrect bad_data = { "old_password": base64.encodestring("wrong_password"), "password": base64.encodestring("felicia"), "confirm_password": base64.encodestring("felicia") } self.assertSchemaPatch(url, "$changePasswordRequest", "$changePasswordResponse", bad_data, felicia, unauthorized=True) self.assertFalse( User.objects.get(pk=felicia.pk).check_password("felicia")) # User can't change password if the two new passwords don't match mismatch_password_data = { "old_password": base64.encodestring("password"), "password": base64.encodestring("felicia"), "confirm_password": base64.encodestring("FELICIA") } self.add_credentials(felicia) response = self.client.patch(url, mismatch_password_data, format='json') self.assertEqual(response.status_code, 400) self.assertFalse( User.objects.get(pk=felicia.pk).check_password("felicia")) # User can change their own password self.assertSchemaPatch(url, "$changePasswordRequest", "$changePasswordResponse", data, felicia) self.assertTrue( User.objects.get(pk=felicia.pk).check_password("felicia"))
def test_user_can_reset_password(self): url = reverse("password_new") beverly = UserFactory(username="******") beverly.set_password("jack") beverly.save() mismatch_password_data = { "uid": urlsafe_base64_encode(force_bytes(beverly.pk)).decode(), "token": default_token_generator.make_token(beverly), "password": encode_string("wesley"), "confirm_password": encode_string("WESLEY") } response = self.client.post(url, mismatch_password_data, format='json') self.assertEqual(response.status_code, 400) self.assertFalse( User.objects.get(username='******').check_password('wesley')) bad_uid_data = { "uid": urlsafe_base64_encode(force_bytes(UserFactory().pk)).decode(), "token": default_token_generator.make_token(beverly), "password": encode_string("wesley"), "confirm_password": encode_string("wesley") } response = self.client.post(url, bad_uid_data, format='json') self.assertEqual(response.status_code, 400) self.assertFalse( User.objects.get(username='******').check_password('wesley')) good_data = { "uid": urlsafe_base64_encode(force_bytes(beverly.pk)).decode(), "token": default_token_generator.make_token(beverly), "password": encode_string("wesley"), "confirm_password": encode_string("wesley") } self.assertSchemaPost(url, "$setPasswordRequest", "$userResponse", good_data, None, status_OK=True) self.assertTrue( User.objects.get(username='******').check_password('wesley'))
def test_user_can_change_password(self): felicia = UserFactory(username='******') felicia.set_password('password') felicia.save() url = reverse("password_change") data = { "old_password": encode_string("password"), "password": encode_string("felicia"), "confirm_password": encode_string("felicia") } # Unauthenticated user can't change password self.assertSchemaPatch(url, "$changePasswordRequest", "$changePasswordResponse", data, None, unauthorized=True) self.assertFalse(User.objects.get(pk=felicia.pk).check_password("felicia")) # User can't change password if the old / current password is incorrect bad_data = { "old_password": encode_string("wrong_password"), "password": encode_string("felicia"), "confirm_password": encode_string("felicia") } self.assertSchemaPatch(url, "$changePasswordRequest", "$changePasswordResponse", bad_data, felicia, unauthorized=True) self.assertFalse(User.objects.get(pk=felicia.pk).check_password("felicia")) # User can't change password if the two new passwords don't match mismatch_password_data = { "old_password": encode_string("password"), "password": encode_string("felicia"), "confirm_password": encode_string("FELICIA") } self.add_credentials(felicia) response = self.client.patch(url, mismatch_password_data, format='json') self.assertEqual(response.status_code, 400) self.assertFalse(User.objects.get(pk=felicia.pk).check_password("felicia")) # User can change their own password self.assertSchemaPatch(url, "$changePasswordRequest", "$changePasswordResponse", data, felicia) self.assertTrue(User.objects.get(pk=felicia.pk).check_password("felicia"))