def test_reset_logout():
"""
Testing that once password is successfully reset, the user is logged out.
"""
clear()
email = '*****@*****.**'
result = auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
password = '******'
auth.auth_passwordreset_reset(reset_code, password)
# comparing hashed password
hashed = hashlib.sha256(password.encode()).hexdigest()
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
assert user['u_id'] != result['u_id']
# making sure new hashed password is stored
data = pickle.load(open("data.p", "rb"))
for user in data.get_users():
if user['u_id'] == result['u_id']:
assert user['password'] == hashed
clear()
def test_reset_password_multiple_user():
"""
Testing that password is actually updated
"""
clear()
email = '*****@*****.**'
auth.auth_register('*****@*****.**', 'abcdefg', 'Jane', 'Smith')
result = auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
password = '******'
auth.auth_passwordreset_reset(reset_code, password)
# comparing hashed password
hashed = hashlib.sha256(password.encode()).hexdigest()
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
assert user['u_id'] != result['u_id']
# making sure new hashed password is stored
data = pickle.load(open("data.p", "rb"))
for user in data.get_users():
if user['u_id'] == result['u_id']:
assert user['password'] == hashed
clear()
def test_reset_invalid_secret():
"""
Testing that invalid passwords cannot be used to reset
"""
clear()
email = '*****@*****.**'
auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
reset_code = 'invalid'
with pytest.raises(InputError):
auth.auth_passwordreset_reset(reset_code, 'new_password')
clear()
def test_request_not_registered():
"""
Testing that a user who is not registered is not added to 'reset_users'
"""
clear()
email_1 = '*****@*****.**'
with pytest.raises(InputError):
auth.auth_passwordreset_request(email_1)
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
assert user['email'] != email_1
clear()
def test_request_logged_in():
"""
Testing that a user can request a password reset when logged in
"""
clear()
email_1 = '*****@*****.**'
result_1 = auth.auth_register(email_1, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email_1)
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result_1['u_id']:
assert user['email'] == email_1
clear()
def test_request_multiple_users():
"""
Testing multiple users who have requested to reset password
"""
clear()
email_1 = '*****@*****.**'
email_2 = '*****@*****.**'
email_3 = '*****@*****.**'
email_4 = '*****@*****.**'
result_1 = auth.auth_register(email_1, 'abcdefg', 'John', 'Smith')
result_2 = auth.auth_register(email_2, 'abcdefg', 'John', 'Smith')
result_3 = auth.auth_register(email_3, 'abcdefg', 'John', 'Smith')
result_4 = auth.auth_register(email_4, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email_1)
auth.auth_passwordreset_request(email_2)
auth.auth_passwordreset_request(email_3)
auth.auth_passwordreset_request(email_4)
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result_1['u_id']:
assert user['email'] == email_1
if user['u_id'] == result_2['u_id']:
assert user['email'] == email_2
if user['u_id'] == result_3['u_id']:
assert user['email'] == email_3
if user['u_id'] == result_4['u_id']:
assert user['email'] == email_4
clear()
def test_reset_register():
"""
Testing that when requested, a user is moved to a section of data that shows
that they are trying to reset the password ie 'reset_users'
"""
clear()
email = '*****@*****.**'
result = auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
assert user['email'] == email
clear()
def test_login_reset_password():
"""
Testing that a user should not be able to login when they have requested a
password reset.
"""
clear()
auth.auth_register('*****@*****.**', 'abcdefg', 'Christian', 'Ilagan')
user = auth.auth_register('*****@*****.**', 'abcdefg', 'Christian',
'Ilagan')
auth.auth_logout(user['token'])
auth.auth_passwordreset_request('*****@*****.**')
with pytest.raises(AccessError):
auth.auth_login('*****@*****.**', 'abcdefg')
clear()
def test_reset_invalid_password_3():
"""
Testing that invalid passwords cannot be used to reset
"""
clear()
email = '*****@*****.**'
result = auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
with pytest.raises(InputError):
auth.auth_passwordreset_reset(reset_code, 'h')
clear()
def test_reset_done():
"""
Testing that once the password has successfully been reset, user is removed from
'reset_users' field.
"""
clear()
email = '*****@*****.**'
result = auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
auth.auth_passwordreset_reset(reset_code, 'new_password')
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
assert user['u_id'] != result['u_id']
clear()
def test_secret_unique_user():
"""
Testing that the secret generated is unique each time requested
"""
clear()
email_1 = '*****@*****.**'
result_1 = auth.auth_register(email_1, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email_1)
secret_1 = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result_1['u_id']:
secret_1 = user['secret']
auth.auth_passwordreset_request(email_1)
secret_2 = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result_1['u_id']:
secret_2 = user['secret']
auth.auth_passwordreset_request(email_1)
secret_3 = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result_1['u_id']:
secret_3 = user['secret']
assert secret_1 != secret_2
assert secret_1 != secret_3
assert secret_2 != secret_3
clear()
def test_secret_unique_users():
"""
Testing that no 2 users have the same secret
"""
clear()
email_1 = '*****@*****.**'
email_2 = '*****@*****.**'
email_3 = '*****@*****.**'
result_1 = auth.auth_register(email_1, 'abcdefg', 'John', 'Smith')
result_2 = auth.auth_register(email_2, 'abcdefg', 'John', 'Smith')
result_3 = auth.auth_register(email_3, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email_1)
auth.auth_passwordreset_request(email_2)
auth.auth_passwordreset_request(email_3)
secret_1 = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result_1['u_id']:
secret_1 = user['secret']
auth.auth_passwordreset_request(email_1)
secret_2 = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result_2['u_id']:
secret_2 = user['secret']
auth.auth_passwordreset_request(email_1)
secret_3 = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result_3['u_id']:
secret_3 = user['secret']
assert secret_1 != secret_2
assert secret_1 != secret_3
assert secret_2 != secret_3
clear()
def test_reset_consecutive():
"""
Testing that a user can consecutively request and reset their password.
"""
clear()
email = '*****@*****.**'
result = auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
password = '******'
auth.auth_passwordreset_reset(reset_code, password)
# comparing hashed password
hashed = hashlib.sha256(password.encode()).hexdigest()
# making sure new hashed password is stored
data = pickle.load(open("data.p", "rb"))
for user in data.get_users():
if user['u_id'] == result['u_id']:
assert user['password'] == hashed
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
password = '******'
auth.auth_passwordreset_reset(reset_code, password)
# comparing hashed password
hashed = hashlib.sha256(password.encode()).hexdigest()
# making sure new hashed password is stored
data = pickle.load(open("data.p", "rb"))
for user in data.get_users():
if user['u_id'] == result['u_id']:
assert user['password'] == hashed
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
password = '******'
auth.auth_passwordreset_reset(reset_code, password)
# comparing hashed password
hashed = hashlib.sha256(password.encode()).hexdigest()
# making sure new hashed password is stored
data = pickle.load(open("data.p", "rb"))
for user in data.get_users():
if user['u_id'] == result['u_id']:
assert user['password'] == hashed
clear()
def route_auth_passwordreset_request():
"""Given an email address, if the user is a registered user, send's them a
an email containing a specific secret code, that when entered in
auth_passwordreset_reset, shows that the user trying to reset the password
is the one who got sent this email.
Args:
email (string)
Returns:
(dict): {}
"""
payload = request.get_json()
email = payload['email']
try:
return dumps(auth.auth_passwordreset_request(email))
except (InputError, AccessError) as e:
return e
def test_request_multiple():
"""
Testing that a user can request multiple password resets.
"""
clear()
email_1 = '*****@*****.**'
result_1 = auth.auth_register(email_1, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email_1)
auth.auth_passwordreset_request(email_1)
auth.auth_passwordreset_request(email_1)
auth.auth_passwordreset_request(email_1)
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result_1['u_id']:
assert user['email'] == email_1
# the same user should be able to request multiple times,
# however it should not add the same user to reset_users
# multiple times
assert len(data.get_reset_users()) == 1
clear()
