def test_reset_password(self, client, db, user):
# Requests password reset
client.post(url_for('auth.forgot_password'),
dict(email=user.email)).follow()
# User has valid UserPasswordToken
valid_token = UserPasswordToken.valid_token(user.id)
assert valid_token
# Invalid user/token combo does not display reset form
res = client.get(url_for('auth.reset_password', userid=user.id, reset="moop"))
assert not res.forms.get('reset-form')
# Valid user/token combo displays reset form
res = client.get(url_for('auth.reset_password', userid=user.id, value=valid_token.value))
assert res.forms.get('reset-form')
# Password is changed on form submit
reset_form = res.forms.get('reset-form')
reset_form['password'] = '******'
reset_form['confirm'] = 'joejoe'
reset_form.submit()
assert user.verify_password('joejoe')
# User has no more valid UserPasswordToken
assert not UserPasswordToken.valid_token(user.id)
# Previous valid token no longer works. Does not display reset form
res = client.get(url_for('auth.reset_password', userid=user.id, value=valid_token.value))
assert not res.forms.get('reset-form')
def test_forgot_password(self, client, db, user):
# User has no valid reset tokens initially
assert not UserPasswordToken.valid_token(user.id)
# Go to forgot password page
res = client.get(url_for('auth.forgot_password'), status=200)
# Submits bad email, forgot-form is still displayed
res.forms['forgot-form']['email'] = 'moop'
res = res.forms['forgot-form'].submit()
assert res.forms.get('forgot-form')
# Submits good email, forgot-form is no longer displayed
res.forms['forgot-form']['email'] = user.email
res = res.forms['forgot-form'].submit()
assert not res.forms.get('forgot-form')
# User now has a valid UserPasswordToken
assert UserPasswordToken.valid_token(user.id)
def test_forgot_password(self, client, db, user):
# User has no valid reset tokens initially
assert not UserPasswordToken.valid_token(user.id)
# Go to forgot password page
res = client.get(url_for('auth.forgot_password'), status=200)
# Submits bad email, forgot-form is still displayed
res.forms['forgot-form']['email'] = 'moop'
res = res.forms['forgot-form'].submit()
assert res.forms.get('forgot-form')
# Submits good email, forgot-form is no longer displayed
res.forms['forgot-form']['email'] = user.email
res = res.forms['forgot-form'].submit()
assert not res.forms.get('forgot-form')
# User now has a valid UserPasswordToken
assert UserPasswordToken.valid_token(user.id)
def test_reset_password(self, client, db, user):
# Requests password reset
client.post(url_for('auth.forgot_password'),
dict(email=user.email)).follow()
# User has valid UserPasswordToken
valid_token = UserPasswordToken.valid_token(user.id)
assert valid_token
# Invalid user/token combo does not display reset form
res = client.get(
url_for('auth.reset_password', userid=user.id, reset="moop"))
assert not res.forms.get('reset-form')
# Valid user/token combo displays reset form
res = client.get(
url_for('auth.reset_password',
userid=user.id,
value=valid_token.value))
assert res.forms.get('reset-form')
# Password is changed on form submit
reset_form = res.forms.get('reset-form')
reset_form['password'] = '******'
reset_form['confirm'] = 'joejoe'
reset_form.submit()
assert user.verify_password('joejoe')
# User has no more valid UserPasswordToken
assert not UserPasswordToken.valid_token(user.id)
# Previous valid token no longer works. Does not display reset form
res = client.get(
url_for('auth.reset_password',
userid=user.id,
value=valid_token.value))
assert not res.forms.get('reset-form')
def test_valid_token(self, user, db):
# Valid token is found
invalid_token = UserPasswordToken(user=user, used=True).save()
valid_token = UserPasswordToken(user=user).save()
assert UserPasswordToken.valid_token(user.id) == valid_token