def test_password_reset_already_reset(self):
user = add_user('justatest3', '*****@*****.**', 'password')
token = user.encode_password_token()
user = set_user_token_hash(user, token)
with self.client:
response = self.client.put(
'/v1/auth/password',
data=json.dumps(dict(token=token, password='******')),
content_type='application/json',
headers=[('Accept', 'application/json')])
data = json.loads(response.data.decode())
self.assertEqual(data['status'], 'success')
self.assertEqual(data['message'], 'Successfully reset password.')
self.assertEqual(response.status_code, 200)
user_password_before = user.password
with self.client:
response = self.client.put(
'/v1/auth/password',
data=json.dumps(dict(token=token, password='******')),
content_type='application/json',
headers=[('Accept', 'application/json')])
data = json.loads(response.data.decode())
self.assertEqual(data['status'], 'error')
self.assertEqual(data['message'],
'Invalid reset. Please try again.')
self.assertEqual(response.status_code, 404)
# check db password has not changed
self.assertEqual(user_password_before, user.password)
def test_auth_password_reset(self):
"""Ensure password reset works"""
user = add_user()
password = user.password
token = user.encode_password_token().decode()
set_user_token_hash(user, token)
new_password = self.data_generator.password()
with self.client:
response = self.client.put(
f'/{self.version}/auth/password_reset',
data=json.dumps(dict(
token=token,
password=new_password
)),
content_type='application/json',
headers=[('Accept', 'application/json')]
)
data = json.loads(response.data.decode())
self.assertEqual(data['message'], 'Successfully reset password.')
self.assertEqual(response.status_code, 200)
# check db password have really changed
self.assertNotEqual(password, user.password)
def test_password_reset_expired(self):
user = add_user('justatest3', '*****@*****.**', 'password')
token = user.encode_password_token()
user = set_user_token_hash(user, token)
user_password_before = user.password
time.sleep(3)
with self.client:
response = self.client.put(
'/v1/auth/password',
data=json.dumps(dict(token=token, password='******')),
content_type='application/json',
headers=[('Accept', 'application/json')])
data = json.loads(response.data.decode())
self.assertEqual(data['status'], 'error')
self.assertEqual(
data['message'],
'Password recovery token expired. Please try again.')
self.assertEqual(response.status_code, 400)
# check db password has not changed
self.assertEqual(user_password_before, user.password)
def test_auth_password_reset_token_used(self):
"""Ensure password reset with already used token does not work"""
user = add_user()
token = user.encode_password_token().decode()
user = set_user_token_hash(user, token)
with self.client:
response = self.client.put(
f'/{self.version}/auth/password_reset',
data=json.dumps(dict(
token=token,
password=self.data_generator.password()
)),
content_type='application/json',
headers=[('Accept', 'application/json')]
)
data = json.loads(response.data.decode())
self.assertEqual(data['message'], 'Successfully reset password.')
self.assertEqual(response.status_code, 200)
user_password_before = user.password
with self.client:
response = self.client.put(
f'/{self.version}/auth/password_reset',
data=json.dumps(dict(
token=token,
password=self.data_generator.password()
)),
content_type='application/json',
headers=[('Accept', 'application/json')]
)
data = json.loads(response.data.decode())
self.assertEqual(data['message'], 'Invalid password reset token. Please try again.')
self.assertEqual(response.status_code, 400)
# check db password has not changed
self.assertEqual(user_password_before, user.password)