Exemplo n.º 1
0
class ConfirmResetPasswordSerializer(serializers.Serializer):

    password = serializers.CharField(max_length=128,
                                     write_only=True,
                                     style={"input_type": "password"})
    signature = serializers.CharField(max_length=71, write_only=True)

    def __init__(self, *args, **kwargs):
        super(ConfirmResetPasswordSerializer, self).__init__(*args, **kwargs)
        self.password_service = PasswordService()

    def validate_password(self, password):
        try:
            self.password_service.validate_password(password)
        except InvalidPasswordError as e:
            raise ValidationError(e) from e
        return password

    def save(self, **kwargs):
        new_password = self.validated_data["password"]
        signature = self.validated_data["signature"]
        try:
            self.password_service.reset_password(signature, new_password)
        except InvalidResetPasswordSignatureError as e:
            raise ValidationError({"signature": e.message}) from e

    def create(self, validated_data):
        assert False, "Do not use update directly"

    def update(self, instance, validated_data):
        assert False, "Do not use update directly"
Exemplo n.º 2
0
def test_reset_password_success(user_account, mocker):
    new_password = "******"  # nosec
    user = user_account()
    reset_password_signature = TimestampSigner().sign(user.pk)
    mocked_change_password = mocker.patch(
        f"{PASSWORD_SERVICE_PATH}.change_password")

    PasswordService.reset_password(reset_password_signature, new_password)

    mocked_change_password.assert_called_once_with(user, new_password)
Exemplo n.º 3
0
def test_reset_password_user_failure(mocker):
    new_password = "******"  # nosec
    assert UserAccount.objects.count() == 0
    reset_password_signature = TimestampSigner().sign(uuid.uuid4())
    mocked_change_password = mocker.patch(
        f"{PASSWORD_SERVICE_PATH}.change_password")

    with pytest.raises(InvalidResetPasswordSignatureError):
        PasswordService.reset_password(reset_password_signature, new_password)

    assert mocked_change_password.call_count == 0
Exemplo n.º 4
0
def test_reset_password_signature_failure(mocker, settings, exception):
    new_password = "******"  # nosec
    reset_password_signature = "reset_password_signature"  # nosec
    mocker.patch("django.core.signing.TimestampSigner.unsign",
                 side_effect=exception("Some message"))
    settings.HONEY_MONEY_RESET_PASSWORD_EXPIRATION_DELTA = 42
    mocked_change_password = mocker.patch(
        f"{PASSWORD_SERVICE_PATH}.change_password")

    with pytest.raises(InvalidResetPasswordSignatureError):
        PasswordService.reset_password(reset_password_signature, new_password)

    assert mocked_change_password.call_count == 0