def reset_password(): try: data = get_request_data( request, required_params=["token", "password", "passwordCheck"], ) except (ValueError, TypeError) as e: return handle_error( message="%s: %s" % (request.url, str(e)), logger=logger, status_code=422, ) token = data["token"] password = data["password"] password_check = data["passwordCheck"] if password != password_check: return make_response("Passwords do not match", 422) db = DatabaseService() user_email = db.validate_reset_token(token=token) if not user_email: return make_response("Invalid token", 422) db.update_password(email=user_email, password=password) return make_response("OK", 200)
class TestDatabaseService(BaseTest): def setUp(self): super(TestDatabaseService, self).setUp() self.db = DatabaseService() def tearDown(self): super(TestDatabaseService, self).tearDown() def test_database_service_can_connect(self): self.assertIsNotNone(self.db) def test_database_service_can_save_user(self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT COUNT(*) FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(1, results[0][0]) curr.close() def test_database_service_saves_user_with_correct_email(self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT email FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(email, results[0][0]) curr.close() def test_database_service_saves_email_as_lowercase(self): email = '*****@*****.**' lowercaseEmail = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT email FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(lowercaseEmail, results[0][0]) curr.close() def test_database_service_saves_hashed_password(self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT password FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertNotEqual(password, results[0][0]) curr.close() def test_database_services_saves_correct_password(self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT password FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertTrue(check_password_hash(results[0][0], password)) curr.close() def test_database_service_saves_first_and_last_name(self): email = '*****@*****.**' password = '******' firstName = 'First' lastName = 'Last' self.db.save_user( email=email, password=password, firstName=firstName, lastName=lastName, ) query = "SELECT first_name, last_name FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(firstName, results[0][0]) self.assertEqual(lastName, results[0][1]) curr.close() def test_database_service_handles_default_values_for_first_and_last_name( self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT first_name, last_name FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(None, results[0][0]) self.assertEqual(None, results[0][1]) curr.close() def test_database_service_can_authorize_valid_user_credentials(self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) result = self.db.authenticate_user(email=email, password=password) self.assertIsNotNone(result) def test_database_service_returns_user_type_after_authorizing(self): email = '*****@*****.**' password = '******' userType = 'testtype' self.db.save_user( email=email, password=password, userType=userType, ) result = self.db.authenticate_user(email=email, password=password) self.assertEqual(userType, result) def test_database_service_handles_nonexistent_user(self): email = '*****@*****.**' password = '******' result = self.db.authenticate_user(email=email, password=password) self.assertEqual(result, None) def test_database_service_creates_user_with_correct_user_type(self): email = '*****@*****.**' password = '******' userType = 'testtype' self.db.save_user( email=email, password=password, userType=userType, ) query = "SELECT user_type FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(userType, results[0][0]) curr.close() def test_database_service_can_return_user_data(self): email = '*****@*****.**' password = '******' userType = 'testtype' self.db.save_user( email=email, password=password, userType=userType, ) user = self.db.get_user(email=email) self.assertIsNotNone(user) def test_database_service_returns_correct_user_data_on_get_user(self): email = '*****@*****.**' password = '******' userType = 'testtype' firstName = 'First' lastName = 'Last' self.db.save_user( email=email, password=password, userType=userType, firstName=firstName, lastName=lastName, ) user = self.db.get_user(email=email) self.assertEqual(user['email'], email) self.assertEqual(user['firstName'], firstName) self.assertEqual(user['lastName'], lastName) self.assertEqual(user['userType'], userType) def test_database_service_can_save_reset_token(self): self.db.save_reset_token( email='*****@*****.**', token='thisisatesttoken', ) query = "SELECT * FROM reset_tokens" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() curr.close() self.assertIsNotNone(results[0]) def test_database_service_can_validate_saved_reset_token(self): email = '*****@*****.**' token = 'testtoken' curr = self.conn.cursor() data = (email, token) query = "INSERT INTO reset_tokens (email, token) VALUES (%s, %s)" curr.execute(query, data) self.conn.commit() user_email = self.db.validate_reset_token(token=token) self.assertIsNotNone(user_email) def test_database_service_can_update_password(self): email = '*****@*****.**' password1 = 'testpass1' password2 = 'testpass2' self.db.save_user(email=email, password=password1) query = "SELECT password FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() curr.close() first_password = results[0][0] self.db.update_password(email=email, password=password2) query = "SELECT password FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() curr.close() second_password = results[0][0] self.assertNotEqual(first_password, second_password)