def test_accounts_reset_password( user: User, client: Client, mailoutbox: List[EmailMultiAlternatives], ): """Should be able to reset the user password.""" response = client.post( reverse("send-reset-password-link"), {"login": user.email}, content_type="application/json", ) assert response.status_code == 200 assert len(mailoutbox) == 1 query_params = _get_query_params_from_link_in_text(mailoutbox[0].body) response = client.post( reverse("reset-password"), { "user_id": query_params["user_id"][0], "timestamp": query_params["timestamp"][0], "signature": query_params["signature"][0], "password": "******", }, content_type="application/json", ) assert response.status_code == 200 user.refresh_from_db() assert user.check_password("new_password") assert not user.check_password(USER_PASSWORD)
def test_user_password_authenticated(self): password = gen_username() * 3 user = User(username=gen_username(), password_raw=password, role=self.role) user.save() self.assertTrue(user.check_password(password)) self.assertFalse(user.check_password(password * 2))
def create(self, validated_data): # validated_data表示验证后的数据 mobile = validated_data.get('mobile') openid = validated_data.get('openid') password = validated_data.get('password') # 1.查询手机号是否对应着一个用户 try: user = User.objects.get(mobile=mobile) except: # 3.如果没有对应着一个用户 # 3.1创建用户 user = User() user.username = mobile user.mobile = mobile user.set_password(password) user.save() else: # 2.如果对应着一个用户,进行密码对比 # 2.1如果密码错误则抛异常 if not user.check_password(password): raise serializers.ValidationError('此手机号已经被使用') # 绑定:创建QQUser对象 qquser = QQUser() qquser.openid = openid qquser.user = user qquser.save() return qquser
def create(self, validated_data): # validated_data 上方验证通过后,数据保存在这里 mobile = validated_data.get('mobile') openid = validated_data['openid'] password = validated_data['password'] # 查询用户是否存在 try: user = User.objects.get(mobile=mobile) except: # 如果用户不存在,创建用户,绑定openid(创建了OAuthQQUser数据) user = User() user.mobile = mobile user.username = mobile user.set_password(password) user.save() else: # 判断用户密码是否正确 if not user.check_password(password): raise serializers.ValidationError('密码错误') # 用户存在,创建QQUser用户对象 qquser = OAuthQQUser() qquser.openid = openid qquser.user = user qquser.save() # 向视图对象中补充user对象属性,以便在视图中使用user self.context['view'].user = qquser return qquser
def test_accounts_change_password(admin: User, admin_client: Client): """Should be able to change the user password.""" response = admin_client.post( reverse("change-password"), { "old_password": ADMIN_PASSWORD, "password": "******", "password_confirm": "new_password", }, content_type="application/json", ) admin.refresh_from_db() assert response.status_code == 200 assert response.accepted_media_type == "application/json" assert admin.check_password("new_password") assert not admin.check_password(ADMIN_PASSWORD)
def create(self, validated_data): """ 新用户,首次使用qq登录,则创建一个用户 :param validated_data: :return: """ # 获取填入的数据 mobile = validated_data.get('mobile') openid = validated_data.get('openid') password = validated_data.get('password') # 查询手机号是否对应着一个用户 try: user = User.objects.get(mobile=mobile) except Exception as e: logger.error(e) # 没有对应一个用户,所以创建一个用户 user = User() user.mobile = mobile user.username = mobile user.set_password(password) user.save() else: # 如果对应一个用户,则进行密码对比 if not user.check_password(password): raise serializers.ValidationError('此手机号已经被使用') # 绑定: 创建QQUser对象 qquser = QQUser() qquser.openid = openid qquser.user = user qquser.save() return qquser
def create(self, validated_data): # validated_data是一个字典 openid = validated_data.get('openid') mobile = validated_data.get('mobile') password = validated_data.get('password') try: user = User.objects.get(mobile=mobile) except: # 这里是手机号码没有对应用户的情况, 创建一个新的用户对象并保存进数据库 user = User() user.username = mobile user.mobile = mobile user.set_password(password) user.save() else: # 这里是手机号码对了一个用户的情况, 校验一下那个密码和对应的手机号码的用户密码有没有一致 if not user.check_password(password): raise serializers.ValidationError("当前手机号码已经被注册") qquser = QQUser() qquser.user = user qquser.openid = openid qquser.save() # 校验完后返回一个QQ授权的用户 return qquser
def create(self, request): pwd = False email = request.data.get("email") phone = request.data.get("phone") username = request.data.get("username") password = request.data.get("password") if (password is None): return Response( {'error': 'Please provide valid email/phone and password'}, status=HTTP_400_BAD_REQUEST) password_valid = User.check_password(password, "pbkdf2_sha256") # if password is None: # return Response({'error': 'Please provide valid email/phone and password'}, status=HTTP_400_BAD_REQUEST) # user = authenticate(username=username) if email is not None: user = User.objects.filter(email=email, password=password).values() elif phone is not None: user = User.objects.filter(phone=phone, password=password).values() else: user = User.objects.filter(username=username, password=password).values() # user = authenticate(username=username, password=password) if not user: return Response({'error': 'Invalid Credentials'}, status=HTTP_404_NOT_FOUND) return JsonResponse(list(user), status=HTTP_200_OK, safe=False)
def authenticate(self, reqeust, username=None, password=None, **kwargs): # 1.查询user user = User() # 2.校验密码是否正确 if user and user.check_password(password): # 3.返回user或None return user # TODO 查看桌面截图:改
def test_user_create(user_dict): user = User.create_new(**user_dict) assert user assert user.username == user_dict["username"] assert User.check_password(user.password, user_dict["password"])
class ResetPasswordTest(TestCase): def setUp(self): self.login_url = reverse("auth:login") self.user = User(username="******", email="*****@*****.**", first_name="Bruce", last_name="Wayne") self.user.save() self.user_password = "******" self.new_password = self.user_password + "_new_password" self.user.set_password(self.user_password) now = timezone.now() self.user.password_reset_token_expire = now + datetime.timedelta( seconds=5) self.user.save() def test_password_reset_wrong_user(self): url = reverse('auth:reset-password', kwargs={ 'user_id': 999, 'uuid': str(self.user.password_reset_token) }) body = { 'password': self.new_password, 'password2': self.new_password, } resp = self.client.post(url, body, follow=True) theme_template = "{0}/authorization/login.html".format( settings.WIGGUM_DEFAULT_THEME) self.assertEqual(theme_template, resp.template_name[0]) self.assertEqual(200, resp.status_code) messages = list(resp.context['messages']) self.assertEqual(1, len(messages)) self.assertEqual("Password reset denied", messages[0].message) def test_password_reset_wrong_token(self): url = reverse('auth:reset-password', kwargs={ 'user_id': self.user.id, 'uuid': str(uuid.uuid4()) }) body = { 'password': self.new_password, 'password2': self.new_password, } resp = self.client.post(url, body, follow=True) theme_template = "{0}/authorization/login.html".format( settings.WIGGUM_DEFAULT_THEME) self.assertEqual(theme_template, resp.template_name[0]) self.assertEqual(200, resp.status_code) messages = list(resp.context['messages']) self.assertEqual(1, len(messages)) self.assertEqual("Password reset denied", messages[0].message) def test_password_reset_wrong_expired(self): url = reverse('auth:reset-password', kwargs={ 'user_id': self.user.id, 'uuid': str(self.user.password_reset_token) }) # Set expiration in the past now = timezone.now() self.user.password_reset_token_expire = now - datetime.timedelta( seconds=5) self.user.save() body = { 'password': self.new_password, 'password2': self.new_password, } resp = self.client.post(url, body, follow=True) theme_template = "{0}/authorization/login.html".format( settings.WIGGUM_DEFAULT_THEME) self.assertEqual(theme_template, resp.template_name[0]) self.assertEqual(200, resp.status_code) messages = list(resp.context['messages']) self.assertEqual(1, len(messages)) self.assertEqual("Token for password reset expired", messages[0].message) @override_settings( LOGIN_ON_PASSWORD_RESET=False, FORCE_LOGIN_FORM=False ) def test_password_reset_not_login(self): url = reverse('auth:reset-password', kwargs={ 'user_id': self.user.id, 'uuid': str(self.user.password_reset_token) }) body = { 'password': self.new_password, 'password2': self.new_password, } resp = self.client.post(url, body, follow=True) theme_template = "{0}/authorization/login.html".format( settings.WIGGUM_DEFAULT_THEME) self.assertEqual(theme_template, resp.template_name[0]) self.assertEqual(200, resp.status_code) self.user.refresh_from_db() self.assertTrue(self.user.check_password(self.new_password)) self.assertIsNone(self.client.cookies.get(settings.JWT_COOKIE_NAME)) @override_settings( LOGIN_ON_PASSWORD_RESET=True, FORCE_LOGIN_FORM=False, JWT_COOKIE_CLONE=False, ) def test_password_reset_login(self): url = reverse('auth:reset-password', kwargs={ 'user_id': self.user.id, 'uuid': str(self.user.password_reset_token) }) body = { 'password': self.new_password, 'password2': self.new_password, } resp = self.client.post(url, body, follow=True) # This will be the login success final redirect (we are already loged) theme_template = "{0}/authorization/test_jwt.html".format( settings.WIGGUM_DEFAULT_THEME) self.assertEqual(theme_template, resp.template_name[0]) self.assertEqual(200, resp.status_code) self.user.refresh_from_db() self.assertTrue(self.user.check_password(self.new_password)) self.assertIsNotNone(self.client.cookies.get(settings.JWT_COOKIE_NAME))
class ResetPasswordTest(TestCase): def setUp(self): self.login_url = reverse("auth:login") self.user = User(username="******", email="*****@*****.**", first_name="Bruce", last_name="Wayne") self.user.save() self.user_password = "******" self.new_password = self.user_password + "_new_password" self.user.set_password(self.user_password) now = timezone.now() self.user.password_reset_token_expire = now + datetime.timedelta( seconds=5) self.user.save() def test_password_reset_wrong_user(self): url = reverse('auth:reset-password', kwargs={ 'user_id': 999, 'uuid': str(self.user.password_reset_token) }) body = { 'password': self.new_password, 'password2': self.new_password, } resp = self.client.post(url, body, follow=True) theme_template = "{0}/authorization/login.html".format( settings.WIGGUM_DEFAULT_THEME) self.assertEqual(theme_template, resp.template_name[0]) self.assertEqual(200, resp.status_code) messages = list(resp.context['messages']) self.assertEqual(1, len(messages)) self.assertEqual("Password reset denied", messages[0].message) def test_password_reset_wrong_token(self): url = reverse('auth:reset-password', kwargs={ 'user_id': self.user.id, 'uuid': str(uuid.uuid4()) }) body = { 'password': self.new_password, 'password2': self.new_password, } resp = self.client.post(url, body, follow=True) theme_template = "{0}/authorization/login.html".format( settings.WIGGUM_DEFAULT_THEME) self.assertEqual(theme_template, resp.template_name[0]) self.assertEqual(200, resp.status_code) messages = list(resp.context['messages']) self.assertEqual(1, len(messages)) self.assertEqual("Password reset denied", messages[0].message) def test_password_reset_wrong_expired(self): url = reverse('auth:reset-password', kwargs={ 'user_id': self.user.id, 'uuid': str(self.user.password_reset_token) }) # Set expiration in the past now = timezone.now() self.user.password_reset_token_expire = now - datetime.timedelta( seconds=5) self.user.save() body = { 'password': self.new_password, 'password2': self.new_password, } resp = self.client.post(url, body, follow=True) theme_template = "{0}/authorization/login.html".format( settings.WIGGUM_DEFAULT_THEME) self.assertEqual(theme_template, resp.template_name[0]) self.assertEqual(200, resp.status_code) messages = list(resp.context['messages']) self.assertEqual(1, len(messages)) self.assertEqual("Token for password reset expired", messages[0].message) @override_settings(LOGIN_ON_PASSWORD_RESET=False, FORCE_LOGIN_FORM=False) def test_password_reset_not_login(self): url = reverse('auth:reset-password', kwargs={ 'user_id': self.user.id, 'uuid': str(self.user.password_reset_token) }) body = { 'password': self.new_password, 'password2': self.new_password, } resp = self.client.post(url, body, follow=True) theme_template = "{0}/authorization/login.html".format( settings.WIGGUM_DEFAULT_THEME) self.assertEqual(theme_template, resp.template_name[0]) self.assertEqual(200, resp.status_code) self.user.refresh_from_db() self.assertTrue(self.user.check_password(self.new_password)) self.assertIsNone(self.client.cookies.get(settings.JWT_COOKIE_NAME)) @override_settings( LOGIN_ON_PASSWORD_RESET=True, FORCE_LOGIN_FORM=False, JWT_COOKIE_CLONE=False, ) def test_password_reset_login(self): url = reverse('auth:reset-password', kwargs={ 'user_id': self.user.id, 'uuid': str(self.user.password_reset_token) }) body = { 'password': self.new_password, 'password2': self.new_password, } resp = self.client.post(url, body, follow=True) # This will be the login success final redirect (we are already loged) theme_template = "{0}/authorization/test_jwt.html".format( settings.WIGGUM_DEFAULT_THEME) self.assertEqual(theme_template, resp.template_name[0]) self.assertEqual(200, resp.status_code) self.user.refresh_from_db() self.assertTrue(self.user.check_password(self.new_password)) self.assertIsNotNone(self.client.cookies.get(settings.JWT_COOKIE_NAME))