def test_decode_password_reset_token_ok_for_good_token( self, email_app, data_api_client, password_reset_token): with email_app.app_context(): token = generate_token(password_reset_token, "Key", 'PassSalt') assert decode_password_reset_token( token, data_api_client) == password_reset_token data_api_client.get_user.assert_called_once_with(123)
def test_decode_password_reset_token_invalid_if_password_changed_since_token_was_generated( self, generation_time, expected_result, email_app, data_api_client, password_reset_token): with freeze_time(generation_time): token = generate_token(password_reset_token, "Key", 'PassSalt') with freeze_time('2016-01-01T13:00:00.30Z'): with email_app.app_context(): if expected_result == 'ok': assert decode_password_reset_token( token, data_api_client) == password_reset_token else: assert decode_password_reset_token(token, data_api_client) == { 'error': 'token_invalid' }
def test_decode_password_reset_token_is_only_valid_within_a_day_of_token_creation( self, decode_time, expected_result, email_app, data_api_client, password_reset_token): with email_app.app_context(): with freeze_time('2016-01-02 03:04:05'): token = generate_token(password_reset_token, "Key", 'PassSalt') with freeze_time(decode_time): if expected_result == 'ok': assert decode_password_reset_token( token, data_api_client) == password_reset_token else: assert decode_password_reset_token(token, data_api_client) == { 'error': 'token_invalid' }
def test_decode_password_reset_token_does_not_work_if_bad_token( self, email_app, data_api_client, password_reset_token): token = generate_token(password_reset_token, "Key", 'PassSalt')[1:] with email_app.app_context(): assert decode_password_reset_token(token, data_api_client) == { 'error': 'token_invalid' }
def test_decode_password_reset_token_does_not_work_if_token_expired( email_app, data_api_client, password_reset_token): with freeze_time('2015-01-02 03:04:05'): # Token was generated a year before current time token = generate_token(password_reset_token, 'Secret', 'PassSalt') with freeze_time('2016-01-02 03:04:05'): with email_app.app_context(): assert decode_password_reset_token(token, data_api_client) == { 'error': 'token_invalid' }
def test_decode_password_reset_token_does_not_work_if_password_changed_later_than_token( email_app, data_api_client, password_reset_token): with freeze_time('2016-01-01T11:00:00.30Z'): # Token was generated an hour earlier than password was changed token = generate_token(password_reset_token, 'Secret', 'PassSalt') with freeze_time('2016-01-01T13:00:00.30Z'): # Token is two hours old; password was changed an hour ago with email_app.app_context(): assert decode_password_reset_token(token, data_api_client) == { 'error': 'token_invalid' }
def test_decode_password_reset_token_user_inactive(self, email_app, data_api_client, password_reset_token): with freeze_time('2016-01-01T12:00:00.30Z'): token = generate_token(password_reset_token, "Key", 'PassSalt') data_api_client.get_user.return_value["users"]["active"] = False with freeze_time('2016-01-01T13:00:00.30Z'): with email_app.app_context(): assert decode_password_reset_token(token, data_api_client) == { 'error': 'user_inactive' }