예제 #1
0
 def test_verify_expired(self):
     timestamp = int(time.time())
     user = self.create_test_user(is_active=False)
     self.assertFalse(user.is_active)
     with patch('time.time', side_effect=lambda: timestamp):
         signer = RegisterSigner({'user_id': user.pk})
         data = signer.get_signed_data()
         request = self.create_post_request(data)
     with patch('time.time', side_effect=lambda: timestamp + 3600 * 24 * 8):
         response = self.view_func(request)
     self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST)
     user.refresh_from_db()
     self.assertFalse(user.is_active)
예제 #2
0
    def test_signer_with_different_secret_keys(self):
        user = self.create_test_user(is_active=False)
        data_to_sign = {'user_id': user.pk}
        secrets = [
            '#0ka!t#6%28imjz+2t%l(()yu)tg93-1w%$du0*po)*@l+@+4h',
            'feb7tjud7m=91$^mrk8dq&nz(0^!6+1xk)%gum#oe%(n)8jic7',
        ]
        signatures = []
        for secret in secrets:
            with override_settings(SECRET_KEY=secret):
                signer = RegisterSigner(data_to_sign)
                data = signer.get_signed_data()
                signatures.append(data[signer.SIGNATURE_FIELD])

        assert signatures[0] != signatures[1]
예제 #3
0
    def test_register_no_password_confirm_ok(self):
        data = self._get_register_user_data(password='******')
        data.pop('password_confirm')
        request = self.create_post_request(data)
        time_before = math.floor(time.time())
        with self.assert_one_mail_sent() as sent_emails:
            response = self.view_func(request)
            self.assert_valid_response(response, status.HTTP_201_CREATED)
        time_after = math.ceil(time.time())
        user_id = response.data['id']
        # Check database state.
        user = self.user_class.objects.get(id=user_id)
        self.assertEqual(user.username, data['username'])
        self.assertTrue(user.check_password(data['password']))
        self.assertFalse(user.is_active)
        # Check verification e-mail.
        sent_email = sent_emails[0]
        self.assertEqual(
            sent_email.from_email,
            REST_REGISTRATION_WITH_VERIFICATION['VERIFICATION_FROM_EMAIL'],
        )
        self.assertListEqual(sent_email.to, [data['email']])
        url = self.assert_one_url_line_in_text(sent_email.body)

        verification_data = self.assert_valid_verification_url(
            url,
            expected_path=REGISTER_VERIFICATION_URL,
            expected_query_keys={'signature', 'user_id', 'timestamp'},
        )
        url_user_id = int(verification_data['user_id'])
        self.assertEqual(url_user_id, user_id)
        url_sig_timestamp = int(verification_data['timestamp'])
        self.assertGreaterEqual(url_sig_timestamp, time_before)
        self.assertLessEqual(url_sig_timestamp, time_after)
        signer = RegisterSigner(verification_data)
        signer.verify()