def test_password_reset_request_with_login_failures_feature_enabled(self): """ Tests that user's login failures lockout counter is reset upon successful password reset. """ # Adding an entry in LoginFailures to verify the password reset endpoint # reset the user's login failures lockout counter. LoginFailures.increment_lockout_counter(self.user) post_request = self.create_reset_request(self.uidb36, self.token, False) post_request.user = AnonymousUser() reset_view = LogistrationPasswordResetView.as_view() json_response = reset_view(post_request, uidb36=self.uidb36, token=self.token).render() json_response = json.loads(json_response.content.decode('utf-8')) # Verify that the user's login failures lockout count is reset. assert json_response.get('reset_status') assert not LoginFailures.is_user_locked_out(self.user) # Verify that the user's login failures lockout counter is not reset upon # password reset failure. LoginFailures.increment_lockout_counter(self.user) post_request = self.create_reset_request(self.uidb36, self.token, False, 'new_password2') post_request.user = AnonymousUser() reset_view = LogistrationPasswordResetView.as_view() reset_view(post_request, uidb36=self.uidb36, token=self.token).render() assert LoginFailures.is_user_locked_out(self.user)
def test_password_reset_email_successfully_sent(self, is_account_recovery): """ Test that with is_account_recovery query param available, password reset email is sent to newly updated email address. """ post_request = self.create_reset_request(self.uidb36, self.token, is_account_recovery) post_request.user = AnonymousUser() post_request.site = Mock(domain='example.com') reset_view = LogistrationPasswordResetView.as_view() reset_view(post_request, uidb36=self.uidb36, token=self.token) updated_user = User.objects.get(id=self.user.id) from_email = configuration_helpers.get_value( 'email_from_address', settings.DEFAULT_FROM_EMAIL) sent_message = mail.outbox[0] body = sent_message.body self.assertIn('Password reset completed', sent_message.subject) self.assertIn( 'This is to confirm that you have successfully changed your password', body) self.assertEqual(sent_message.from_email, from_email) self.assertEqual(len(sent_message.to), 1) self.assertIn(updated_user.email, sent_message.to[0])
def test_password_mismatch_in_reset_request(self): """ Test that user should not be able to reset password with password mismatch """ post_request = self.create_reset_request(self.uidb36, self.token, False, 'new_password2') post_request.user = AnonymousUser() reset_view = LogistrationPasswordResetView.as_view() json_response = reset_view(post_request, uidb36=self.uidb36, token=self.token).render() json_response = json.loads(json_response.content.decode('utf-8')) self.assertFalse(json_response.get('reset_status'))
def test_none_token_in_password_reset_request(self): """ Test that user should not be able to reset password through no token/uidb36 """ uidb36 = None token = None post_request = self.create_reset_request(self.uidb36, self.token, False) post_request.user = AnonymousUser() reset_view = LogistrationPasswordResetView.as_view() self.assertRaises(Exception, reset_view(post_request, uidb36=uidb36, token=token))
def test_password_reset_request(self, uidb36, token, status): """Tests password reset request with valid/invalid token""" uidb36 = uidb36 or self.uidb36 token = token or self.token post_request = self.create_reset_request(uidb36, token, False) post_request.user = AnonymousUser() reset_view = LogistrationPasswordResetView.as_view() json_response = reset_view(post_request, uidb36=uidb36, token=token).render() json_response = json.loads(json_response.content.decode('utf-8')) self.assertEqual(json_response.get('reset_status'), status)
def test_none_token_in_password_reset_request(self): """ Test that user should not be able to reset password through no token/uidb36 """ uidb36 = None token = None post_request = self.create_reset_request(self.uidb36, self.token, False) post_request.user = AnonymousUser() reset_view = LogistrationPasswordResetView.as_view() response = reset_view(post_request, uidb36=uidb36, token=token) assert response.status_code == 200 response.render() response_dict = json.loads(response.content.decode('utf-8')) assert response_dict.get('reset_status') is False
def test_account_recovery_using_forgot_password(self): """ Test that with is_account_recovery query param available, primary email is updated with linked secondary email. """ post_request = self.create_reset_request(self.uidb36, self.token, True) post_request.user = AnonymousUser() reset_view = LogistrationPasswordResetView.as_view() reset_view(post_request, uidb36=self.uidb36, token=self.token) updated_user = User.objects.get(id=self.user.id) assert updated_user.email == self.secondary_email self.assert_event_emitted(SETTING_CHANGE_INITIATED, user_id=self.user.id, setting='email', old=self.user.email, new=updated_user.email)
def test_password_reset_request_with_login_failures_feature_disabled(self): """ Tests that user's login failures lockout counter is not reset upon successful password reset. """ # Adding an entry in LoginFailures to verify the password reset endpoint # does not reset the user's login failures lockout counter. LoginFailures.increment_lockout_counter(self.user) post_request = self.create_reset_request(self.uidb36, self.token, False) post_request.user = AnonymousUser() reset_view = LogistrationPasswordResetView.as_view() reset_view(post_request, uidb36=self.uidb36, token=self.token).render() # Verify that the user's login failures lockout count is not reset. assert not LoginFailures.is_feature_enabled() assert LoginFailures.is_user_locked_out(self.user)