def test_user_cannot_change_password_with_wrong_old_password( self, mock_object): mock_object.return_value = {} self._user.is_active = True self._user.save() # this should perform login res_login = self.client.post(self._url_login, data=self._data) token = res_login.data['token'] data = { "old_password": faker.password(), "new_password": faker.password(), } # this should perform change password self.client.credentials(HTTP_AUTHORIZATION='{0:s} {1:s}'.format( api_settings.JWT_AUTH_HEADER_PREFIX, token)) change_password_response = self.client.post( self._url_change_password, data=data, ) self.assertEqual(change_password_response.status_code, 400)
def test_user_login_wrong_password(self): data = { 'username': self._username, 'password': faker.password() } res = self.client.post(self._url_login, data=data) self.assertEqual(res.status_code, status.HTTP_400_BAD_REQUEST)
def test_active_user_can_change_password_with_valid_token( self, mock1, mock2): mock1.return_value = {} self._user.is_active = True self._user.save() # this should perform login login_response = self.client.post(self._url_login, data=self._data) token = login_response.data['token'] data = { "old_password": self._password, "new_password": faker.password(), } # this should perform change password self.client.credentials(HTTP_AUTHORIZATION='{0:s} {1:s}'.format( api_settings.JWT_AUTH_HEADER_PREFIX, token)) change_password_response = self.client.post( self._url_change_password, data=data, ) self.assertTrue(mock2.called) self.assertEqual(change_password_response.status_code, 202)
def setUp(self): self._password = faker.password() self._user = BaseUserFactory() self._user.set_password(self._password) self._user.is_active = True self._user.save() self._init_secret_key = self._user.secret_key
def setUp(self): self._username = faker.user_name() self._password = faker.password() self._user = BaseUserFactory(username=self._username) self._user.set_password(self._password) self._user.is_active = True self._user.save() self._url_login = reverse('api:auth:login')
def test_user_cannot_change_password_if_account_is_inactive(self): self._user.is_active = False self._user.save() with self.assertRaises(ValidationError): change_user_password(user=self._user, old_password=self._password, new_password=faker.password())
def setUp(self): self._username = faker.user_name() self._password = faker.password() self._user = BaseUserFactory(username=self._username) self._user.set_password(self._password) self._user.is_active = True self._user.save() self._url_login = reverse('api:auth:login') self._url_logout = reverse('api:auth:logout') self._url_change_password = reverse('api:auth:change-password') self._data = {'username': self._username, 'password': self._password}
def setUp(self): self._username = faker.user_name() self._password = faker.password() self._user = BaseUserFactory(username=self._username) self._user.set_password(self._password) self._user.is_active = True self._user.save() self._init_secret_key = self._user.secret_key self._url_login = reverse('api:auth:login') self._url_logout = reverse('api:auth:logout') self._url_user_detail_url = reverse('api:auth:user-detail') self._data = {'username': self._username, 'password': self._password}
def test_user_can_change_password_with_valid_old_and_new_password_when_active( self): new_password = faker.password() change_user_password( user=self._user, old_password=self._password, new_password=new_password, ) self._user.refresh_from_db() self.assertNotEqual(self._init_secret_key, self._user.secret_key) self.assertTrue(self._user.check_password(new_password))
def test_user_can_decode_only_own_tokens(self): response1 = self.client.post(self._url_login, data=self._data) user = BaseUserFactory() user.is_active = True password = faker.password() user.set_password(password) user.save() data = { 'username': user.username, 'password': password, } response2 = self.client.post(self._url_login, data=data) token_user1 = response1.data['token'] token_user2 = response2.data['token'] self.assertNotEqual(token_user1, token_user2) self.assertNotEqual(self._user.secret_key, user.secret_key) with self.assertRaises(InvalidSignatureError): jwt.decode(token_user1, key=str(user.secret_key)) with self.assertRaises(InvalidSignatureError): jwt.decode(token_user2, key=str(self._user.secret_key)) self.assertEqual( self._user.username, jwt.decode(token_user1, key=str(self._user.secret_key))['username']) self.assertEqual( user.username, jwt.decode(token_user2, key=str(user.secret_key))['username'])
def test_user_cannot_change_password_with_empty_old_password(self): with self.assertRaises(ValidationError): change_user_password(user=self._user, old_password='', new_password=faker.password())
def setUp(self): self._username = faker.user_name() self._password = faker.password()