def test_valid_submit(self, user, client, security_service,
password_resets, outbox, templates):
security_service.send_reset_password_instructions(user)
token = password_resets[0]['token']
r = client.post('security_controller.reset_password',
token=token,
data=dict(password='******',
password_confirm='new password'))
assert r.status_code == 302
assert r.path == '/'
# user should be logged in
assert current_user == user
assert len(outbox) == len(templates) == 2
# first email is for the valid reset request
assert templates[0].template.name == \
'security/email/reset_password_instructions.html'
assert templates[0].context.get('reset_link')
# second email is to notify of the changed password
assert templates[
1].template.name == 'security/email/password_reset_notice.html'
# make sure the password got updated in the database
client.logout()
assert isinstance(current_user._get_current_object(), AnonymousUser)
client.login_with_creds(user.email, 'new password')
assert current_user == user
def test_create_confirmable(self, api_client, outbox, templates):
r = api_client.post('user_resource.create', data=NEW_USER_DATA)
assert r.status_code == 201, r.json
assert 'user' in r.json
assert 'token' not in r.json
assert isinstance(current_user._get_current_object(), AnonymousUser)
assert len(outbox) == 1
assert templates[0].template.name == 'security/email/welcome.html'
assert templates[0].context.get('confirmation_link')
def test_invalid_token(self, client, registrations, confirmations, outbox,
templates, user_manager: UserManager,
security_service: SecurityService):
user = self.register(user_manager, security_service)
assert len(registrations) == 1
r = client.get('security.confirm_email', token='fail')
assert r.status_code == 302
assert r.path == url_for('frontend.resend_confirmation_email')
assert len(confirmations) == 0
assert len(outbox) == len(templates) == 1
assert templates[0].template.name == 'security/email/welcome.html'
assert not user.active
assert not user.confirmed_at
assert isinstance(current_user._get_current_object(), AnonymousUser)
def test_expired_token(self, client, user, registrations, confirmations,
outbox, templates, security_service):
security_service.register_user(user)
assert len(registrations) == 1
confirm_token = registrations[0]['confirm_token']
r = client.get(
url_for('security_controller.confirm_email', token=confirm_token))
assert r.status_code == 302
assert r.path == url_for('security_controller.send_confirmation_email')
assert len(confirmations) == 0
assert len(outbox) == len(templates) == 2
assert templates[0].template.name == 'security/email/welcome.html'
assert templates[1].template.name == \
'security/email/email_confirmation_instructions.html'
assert templates[1].context.get('confirmation_link')
assert not user.active
assert not user.confirmed_at
assert isinstance(current_user._get_current_object(), AnonymousUser)
def test_html_logout(self, client):
client.login_user()
r = client.get('admin.logout')
assert r.status_code == 302
assert r.path == url_for('frontend.index')
assert isinstance(current_user._get_current_object(), AnonymousUser)
def test_api_logout(self, api_client):
api_client.login_user()
r = api_client.get('security.logout')
assert r.status_code == 204
assert isinstance(current_user._get_current_object(), AnonymousUser)
def test_html_get(self, client):
client.login_user()
r = client.get('security_controller.logout')
assert r.status_code == 302
assert r.path == url_for('SECURITY_POST_LOGOUT_REDIRECT_ENDPOINT')
assert isinstance(current_user._get_current_object(), AnonymousUser)