def test_reset_password_expired_token(app, user):
# Given: user with matching reset_token and password
assert services.request_password_reset(user)
# Then: no update b/c the reset_token is expired
with freeze_time(datetime.utcnow() +
timedelta(hours=services.RESET_TOKEN_EXPIRATION_HOURS +
1)), pytest.raises(ValueError):
services.reset_password(user, A_PASSWORD, user.reset_token)
utils.verify_hash(A_PASSWORD, user.password_hash, user.password_salt)
def test_change_password(app, user):
# Given: user with matching reset_token and password
services.change_password(user, USER_PASSWORD, A_PASSWORD)
# Then: the user's password is updated and the reset_token cannot be reused.
assert utils.verify_hash(A_PASSWORD, user.password_hash,
user.password_salt)
def test_hashing():
# Encrypted password generate different hashes/salts every time
hashed_pw, salt = utils.make_hash(A_PASSWORD)
hashed_pw2, salt2 = utils.make_hash(A_PASSWORD)
assert hashed_pw != hashed_pw2
assert salt != salt2
# Both hashes are valid
assert utils.verify_hash(A_PASSWORD, hashed_pw, salt)
assert utils.verify_hash(A_PASSWORD, hashed_pw2, salt2)
# Mixed hashes are not valid:
assert not utils.verify_hash(A_PASSWORD, hashed_pw2, salt)
# Strings are acceptable parameters
assert utils.verify_hash(A_PASSWORD, hashed_pw2, salt2)
def test_reset_password(app, user):
# Given: user with matching reset_token and password
assert services.request_password_reset(user)
services.reset_password(user, A_PASSWORD, user.reset_token)
# Then: the user's password is updated and the reset_token cannot be reused.
assert utils.verify_hash(A_PASSWORD, user.password_hash,
user.password_salt)
assert user.reset_token == ""
def test_create_user(app, organization):
# Given: good email/passwords are provided, a user is saved
user = services.create_user(USER1_EMAIL, A_PASSWORD, A_FIRST, A_LAST)
# Then: a user is created, with email and password hash.
assert user.email == USER1_EMAIL
assert user.password_hash != A_PASSWORD
assert user.first_name == A_FIRST
assert user.last_name == A_LAST
assert len(user.password_salt) > 0
# and the hash would return true if verified
assert utils.verify_hash(A_PASSWORD, user.password_hash,
user.password_salt)
def test_verify_hash():
pw = "password"
hash_p, hash_s = make_hash(pw)
assert verify_hash(pw, hash_p, hash_s) is True