def test_accounts_reset_password(
user: User,
client: Client,
mailoutbox: List[EmailMultiAlternatives],
):
"""Should be able to reset the user password."""
response = client.post(
reverse("send-reset-password-link"),
{"login": user.email},
content_type="application/json",
)
assert response.status_code == 200
assert len(mailoutbox) == 1
query_params = _get_query_params_from_link_in_text(mailoutbox[0].body)
response = client.post(
reverse("reset-password"),
{
"user_id": query_params["user_id"][0],
"timestamp": query_params["timestamp"][0],
"signature": query_params["signature"][0],
"password": "******",
},
content_type="application/json",
)
assert response.status_code == 200
user.refresh_from_db()
assert user.check_password("new_password")
assert not user.check_password(USER_PASSWORD)
def test_user_password_authenticated(self):
password = gen_username() * 3
user = User(username=gen_username(),
password_raw=password,
role=self.role)
user.save()
self.assertTrue(user.check_password(password))
self.assertFalse(user.check_password(password * 2))
def create(self, validated_data):
# validated_data表示验证后的数据
mobile = validated_data.get('mobile')
openid = validated_data.get('openid')
password = validated_data.get('password')
# 1.查询手机号是否对应着一个用户
try:
user = User.objects.get(mobile=mobile)
except:
# 3.如果没有对应着一个用户
# 3.1创建用户
user = User()
user.username = mobile
user.mobile = mobile
user.set_password(password)
user.save()
else:
# 2.如果对应着一个用户,进行密码对比
# 2.1如果密码错误则抛异常
if not user.check_password(password):
raise serializers.ValidationError('此手机号已经被使用')
# 绑定:创建QQUser对象
qquser = QQUser()
qquser.openid = openid
qquser.user = user
qquser.save()
return qquser
def create(self, validated_data): # validated_data 上方验证通过后,数据保存在这里
mobile = validated_data.get('mobile')
openid = validated_data['openid']
password = validated_data['password']
# 查询用户是否存在
try:
user = User.objects.get(mobile=mobile)
except:
# 如果用户不存在,创建用户,绑定openid(创建了OAuthQQUser数据)
user = User()
user.mobile = mobile
user.username = mobile
user.set_password(password)
user.save()
else:
# 判断用户密码是否正确
if not user.check_password(password):
raise serializers.ValidationError('密码错误')
# 用户存在,创建QQUser用户对象
qquser = OAuthQQUser()
qquser.openid = openid
qquser.user = user
qquser.save()
# 向视图对象中补充user对象属性,以便在视图中使用user
self.context['view'].user = qquser
return qquser
def test_accounts_change_password(admin: User, admin_client: Client):
"""Should be able to change the user password."""
response = admin_client.post(
reverse("change-password"),
{
"old_password": ADMIN_PASSWORD,
"password": "******",
"password_confirm": "new_password",
},
content_type="application/json",
)
admin.refresh_from_db()
assert response.status_code == 200
assert response.accepted_media_type == "application/json"
assert admin.check_password("new_password")
assert not admin.check_password(ADMIN_PASSWORD)
def create(self, validated_data):
"""
新用户,首次使用qq登录,则创建一个用户
:param validated_data:
:return:
"""
# 获取填入的数据
mobile = validated_data.get('mobile')
openid = validated_data.get('openid')
password = validated_data.get('password')
# 查询手机号是否对应着一个用户
try:
user = User.objects.get(mobile=mobile)
except Exception as e:
logger.error(e)
# 没有对应一个用户,所以创建一个用户
user = User()
user.mobile = mobile
user.username = mobile
user.set_password(password)
user.save()
else:
# 如果对应一个用户,则进行密码对比
if not user.check_password(password):
raise serializers.ValidationError('此手机号已经被使用')
# 绑定: 创建QQUser对象
qquser = QQUser()
qquser.openid = openid
qquser.user = user
qquser.save()
return qquser
def create(self, validated_data):
# validated_data是一个字典
openid = validated_data.get('openid')
mobile = validated_data.get('mobile')
password = validated_data.get('password')
try:
user = User.objects.get(mobile=mobile)
except:
# 这里是手机号码没有对应用户的情况, 创建一个新的用户对象并保存进数据库
user = User()
user.username = mobile
user.mobile = mobile
user.set_password(password)
user.save()
else:
# 这里是手机号码对了一个用户的情况, 校验一下那个密码和对应的手机号码的用户密码有没有一致
if not user.check_password(password):
raise serializers.ValidationError("当前手机号码已经被注册")
qquser = QQUser()
qquser.user = user
qquser.openid = openid
qquser.save()
# 校验完后返回一个QQ授权的用户
return qquser
def create(self, request):
pwd = False
email = request.data.get("email")
phone = request.data.get("phone")
username = request.data.get("username")
password = request.data.get("password")
if (password is None):
return Response(
{'error': 'Please provide valid email/phone and password'},
status=HTTP_400_BAD_REQUEST)
password_valid = User.check_password(password, "pbkdf2_sha256")
# if password is None:
# return Response({'error': 'Please provide valid email/phone and password'}, status=HTTP_400_BAD_REQUEST)
# user = authenticate(username=username)
if email is not None:
user = User.objects.filter(email=email, password=password).values()
elif phone is not None:
user = User.objects.filter(phone=phone, password=password).values()
else:
user = User.objects.filter(username=username,
password=password).values()
# user = authenticate(username=username, password=password)
if not user:
return Response({'error': 'Invalid Credentials'},
status=HTTP_404_NOT_FOUND)
return JsonResponse(list(user), status=HTTP_200_OK, safe=False)
def authenticate(self, reqeust, username=None, password=None, **kwargs):
# 1.查询user
user = User()
# 2.校验密码是否正确
if user and user.check_password(password):
# 3.返回user或None
return user
# TODO 查看桌面截图:改
def test_user_create(user_dict):
user = User.create_new(**user_dict)
assert user
assert user.username == user_dict["username"]
assert User.check_password(user.password, user_dict["password"])
class ResetPasswordTest(TestCase):
def setUp(self):
self.login_url = reverse("auth:login")
self.user = User(username="******",
email="*****@*****.**",
first_name="Bruce",
last_name="Wayne")
self.user.save()
self.user_password = "******"
self.new_password = self.user_password + "_new_password"
self.user.set_password(self.user_password)
now = timezone.now()
self.user.password_reset_token_expire = now + datetime.timedelta(
seconds=5)
self.user.save()
def test_password_reset_wrong_user(self):
url = reverse('auth:reset-password', kwargs={
'user_id': 999,
'uuid': str(self.user.password_reset_token)
})
body = {
'password': self.new_password,
'password2': self.new_password,
}
resp = self.client.post(url, body, follow=True)
theme_template = "{0}/authorization/login.html".format(
settings.WIGGUM_DEFAULT_THEME)
self.assertEqual(theme_template,
resp.template_name[0])
self.assertEqual(200, resp.status_code)
messages = list(resp.context['messages'])
self.assertEqual(1, len(messages))
self.assertEqual("Password reset denied", messages[0].message)
def test_password_reset_wrong_token(self):
url = reverse('auth:reset-password', kwargs={
'user_id': self.user.id,
'uuid': str(uuid.uuid4())
})
body = {
'password': self.new_password,
'password2': self.new_password,
}
resp = self.client.post(url, body, follow=True)
theme_template = "{0}/authorization/login.html".format(
settings.WIGGUM_DEFAULT_THEME)
self.assertEqual(theme_template,
resp.template_name[0])
self.assertEqual(200, resp.status_code)
messages = list(resp.context['messages'])
self.assertEqual(1, len(messages))
self.assertEqual("Password reset denied", messages[0].message)
def test_password_reset_wrong_expired(self):
url = reverse('auth:reset-password', kwargs={
'user_id': self.user.id,
'uuid': str(self.user.password_reset_token)
})
# Set expiration in the past
now = timezone.now()
self.user.password_reset_token_expire = now - datetime.timedelta(
seconds=5)
self.user.save()
body = {
'password': self.new_password,
'password2': self.new_password,
}
resp = self.client.post(url, body, follow=True)
theme_template = "{0}/authorization/login.html".format(
settings.WIGGUM_DEFAULT_THEME)
self.assertEqual(theme_template,
resp.template_name[0])
self.assertEqual(200, resp.status_code)
messages = list(resp.context['messages'])
self.assertEqual(1, len(messages))
self.assertEqual("Token for password reset expired", messages[0].message)
@override_settings(
LOGIN_ON_PASSWORD_RESET=False,
FORCE_LOGIN_FORM=False
)
def test_password_reset_not_login(self):
url = reverse('auth:reset-password', kwargs={
'user_id': self.user.id,
'uuid': str(self.user.password_reset_token)
})
body = {
'password': self.new_password,
'password2': self.new_password,
}
resp = self.client.post(url, body, follow=True)
theme_template = "{0}/authorization/login.html".format(
settings.WIGGUM_DEFAULT_THEME)
self.assertEqual(theme_template,
resp.template_name[0])
self.assertEqual(200, resp.status_code)
self.user.refresh_from_db()
self.assertTrue(self.user.check_password(self.new_password))
self.assertIsNone(self.client.cookies.get(settings.JWT_COOKIE_NAME))
@override_settings(
LOGIN_ON_PASSWORD_RESET=True,
FORCE_LOGIN_FORM=False,
JWT_COOKIE_CLONE=False,
)
def test_password_reset_login(self):
url = reverse('auth:reset-password', kwargs={
'user_id': self.user.id,
'uuid': str(self.user.password_reset_token)
})
body = {
'password': self.new_password,
'password2': self.new_password,
}
resp = self.client.post(url, body, follow=True)
# This will be the login success final redirect (we are already loged)
theme_template = "{0}/authorization/test_jwt.html".format(
settings.WIGGUM_DEFAULT_THEME)
self.assertEqual(theme_template,
resp.template_name[0])
self.assertEqual(200, resp.status_code)
self.user.refresh_from_db()
self.assertTrue(self.user.check_password(self.new_password))
self.assertIsNotNone(self.client.cookies.get(settings.JWT_COOKIE_NAME))
class ResetPasswordTest(TestCase):
def setUp(self):
self.login_url = reverse("auth:login")
self.user = User(username="******",
email="*****@*****.**",
first_name="Bruce",
last_name="Wayne")
self.user.save()
self.user_password = "******"
self.new_password = self.user_password + "_new_password"
self.user.set_password(self.user_password)
now = timezone.now()
self.user.password_reset_token_expire = now + datetime.timedelta(
seconds=5)
self.user.save()
def test_password_reset_wrong_user(self):
url = reverse('auth:reset-password',
kwargs={
'user_id': 999,
'uuid': str(self.user.password_reset_token)
})
body = {
'password': self.new_password,
'password2': self.new_password,
}
resp = self.client.post(url, body, follow=True)
theme_template = "{0}/authorization/login.html".format(
settings.WIGGUM_DEFAULT_THEME)
self.assertEqual(theme_template, resp.template_name[0])
self.assertEqual(200, resp.status_code)
messages = list(resp.context['messages'])
self.assertEqual(1, len(messages))
self.assertEqual("Password reset denied", messages[0].message)
def test_password_reset_wrong_token(self):
url = reverse('auth:reset-password',
kwargs={
'user_id': self.user.id,
'uuid': str(uuid.uuid4())
})
body = {
'password': self.new_password,
'password2': self.new_password,
}
resp = self.client.post(url, body, follow=True)
theme_template = "{0}/authorization/login.html".format(
settings.WIGGUM_DEFAULT_THEME)
self.assertEqual(theme_template, resp.template_name[0])
self.assertEqual(200, resp.status_code)
messages = list(resp.context['messages'])
self.assertEqual(1, len(messages))
self.assertEqual("Password reset denied", messages[0].message)
def test_password_reset_wrong_expired(self):
url = reverse('auth:reset-password',
kwargs={
'user_id': self.user.id,
'uuid': str(self.user.password_reset_token)
})
# Set expiration in the past
now = timezone.now()
self.user.password_reset_token_expire = now - datetime.timedelta(
seconds=5)
self.user.save()
body = {
'password': self.new_password,
'password2': self.new_password,
}
resp = self.client.post(url, body, follow=True)
theme_template = "{0}/authorization/login.html".format(
settings.WIGGUM_DEFAULT_THEME)
self.assertEqual(theme_template, resp.template_name[0])
self.assertEqual(200, resp.status_code)
messages = list(resp.context['messages'])
self.assertEqual(1, len(messages))
self.assertEqual("Token for password reset expired",
messages[0].message)
@override_settings(LOGIN_ON_PASSWORD_RESET=False, FORCE_LOGIN_FORM=False)
def test_password_reset_not_login(self):
url = reverse('auth:reset-password',
kwargs={
'user_id': self.user.id,
'uuid': str(self.user.password_reset_token)
})
body = {
'password': self.new_password,
'password2': self.new_password,
}
resp = self.client.post(url, body, follow=True)
theme_template = "{0}/authorization/login.html".format(
settings.WIGGUM_DEFAULT_THEME)
self.assertEqual(theme_template, resp.template_name[0])
self.assertEqual(200, resp.status_code)
self.user.refresh_from_db()
self.assertTrue(self.user.check_password(self.new_password))
self.assertIsNone(self.client.cookies.get(settings.JWT_COOKIE_NAME))
@override_settings(
LOGIN_ON_PASSWORD_RESET=True,
FORCE_LOGIN_FORM=False,
JWT_COOKIE_CLONE=False,
)
def test_password_reset_login(self):
url = reverse('auth:reset-password',
kwargs={
'user_id': self.user.id,
'uuid': str(self.user.password_reset_token)
})
body = {
'password': self.new_password,
'password2': self.new_password,
}
resp = self.client.post(url, body, follow=True)
# This will be the login success final redirect (we are already loged)
theme_template = "{0}/authorization/test_jwt.html".format(
settings.WIGGUM_DEFAULT_THEME)
self.assertEqual(theme_template, resp.template_name[0])
self.assertEqual(200, resp.status_code)
self.user.refresh_from_db()
self.assertTrue(self.user.check_password(self.new_password))
self.assertIsNotNone(self.client.cookies.get(settings.JWT_COOKIE_NAME))
