def test_change_view_returns_200(self):
        """change password view returns 200"""
        User = get_user_model()
        test_user = User.objects.create_user('Bob', '[email protected]', 'Pass.123')

        response = self.client.get(
            reverse('misago:forgotten_password_change_form', kwargs={
                'user_id': test_user.id,
                'token': make_password_change_token(test_user)
            }))
        self.assertEqual(response.status_code, 200)

        # test invalid user
        response = self.client.get(
            reverse('misago:forgotten_password_change_form', kwargs={
                'user_id': 7681,
                'token': 'a7d8sa97d98sa798dsa'
            }))
        self.assertEqual(response.status_code, 200)

        # test invalid token
        response = self.client.get(
            reverse('misago:forgotten_password_change_form', kwargs={
                'user_id': test_user.id,
                'token': 'asd79as87ds9a8d7sa'
            }))
        self.assertEqual(response.status_code, 200)
Exemplo n.º 2
0
def send_password_form(request):
    form = ResetPasswordForm(request.data)
    if form.is_valid():
        requesting_user = form.user_cache

        mail_subject = _("Change %(user)s password on %(forum_name)s forums")
        subject_formats = {
            'user': requesting_user.username,
            'forum_name': settings.forum_name,
        }
        mail_subject = mail_subject % subject_formats

        confirmation_token = make_password_change_token(requesting_user)

        mail_user(request, requesting_user, mail_subject,
                  'misago/emails/change_password_form_link',
                  {'confirmation_token': confirmation_token})

        return Response({
                'username': form.user_cache.username,
                'email': form.user_cache.email
            })
    else:
        return Response(form.get_errors_dict(),
                        status=status.HTTP_400_BAD_REQUEST)
Exemplo n.º 3
0
def send_password_form(request):
    """
    POST /auth/send-password-form/ with CSRF token and email
    will mail change password form link to requester
    """
    form = ResetPasswordForm(request.data)
    if form.is_valid():
        requesting_user = form.user_cache

        mail_subject = _("Change %(user)s password on %(forum_name)s forums") % {
            'user': requesting_user.username,
            'forum_name': settings.forum_name,
        }

        confirmation_token = make_password_change_token(requesting_user)

        mail_user(
            request,
            requesting_user,
            mail_subject,
            'misago/emails/change_password_form_link',
            {
                'confirmation_token': confirmation_token,
            },
        )

        return Response({
            'username': form.user_cache.username,
            'email': form.user_cache.email,
        })
    else:
        return Response(
            form.get_errors_dict(),
            status=status.HTTP_400_BAD_REQUEST,
        )
    def test_inactive_user(self):
        """change password api errors for inactive users"""
        self.user.requires_activation = 1
        self.user.save()

        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user))
        )
        self.assertContains(response, "Your link has expired.", status_code=400)

        self.user.requires_activation = 2
        self.user.save()

        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user))
        )
        self.assertContains(response, "Your link has expired.", status_code=400)
Exemplo n.º 5
0
 def test_submit_empty(self):
     """submit change password form api errors for empty body"""
     response = self.client.post(self.link % (
             self.user.id,
             make_password_change_token(self.user)
         ))
     self.assertEqual(response.status_code, 400)
     self.assertIn('Valid password must', response.content)
Exemplo n.º 6
0
    def test_valid_link(self):
        """get validates link"""
        response = self.client.get(self.link % (
                self.user.id,
                make_password_change_token(self.user)
            ))

        self.assertEqual(response.status_code, 200)
        self.assertIn(self.user.username, response.content)
    def test_disabled_user(self):
        """change password api errors for disabled users"""
        self.user.is_active = False
        self.user.save()

        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user))
        )
        self.assertContains(response, "Form link is invalid.", status_code=400)
Exemplo n.º 8
0
    def test_invalid_user_id_link(self):
        """get errors on invalid user id link"""
        response = self.client.get(self.link % (
                123,
                make_password_change_token(self.user)
            ))

        self.assertEqual(response.status_code, 400)
        self.assertIn('Form link is invalid.', response.content)
 def setUp(self):
     User = get_user_model()
     self.user = User.objects.create_user('Bob', '[email protected]', 'Pass.123')
     self.link = reverse(
         'misago:api:change_password_validate_token',
         kwargs={
             'user_id': self.user.id,
             'token': make_password_change_token(self.user)
         })
Exemplo n.º 10
0
    def test_submit_valid(self):
        """submit change password form api errors for empty body"""
        response = self.client.post(self.link % (
                self.user.id,
                make_password_change_token(self.user)
            ), data={'password': 'n3wp4ss!'})
        self.assertEqual(response.status_code, 200)

        user = get_user_model().objects.get(id=self.user.id)
        self.assertTrue(user.check_password('n3wp4ss!'))
    def test_submit_with_whitespaces(self):
        """submit change password form api changes password with whitespaces"""
        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user)),
            data={
                'password': ' n3wp4ss! ',
            },
        )
        self.assertEqual(response.status_code, 200)

        user = UserModel.objects.get(id=self.user.pk)
        self.assertTrue(user.check_password(' n3wp4ss! '))
Exemplo n.º 12
0
    def test_banned_user_link(self):
        """get errors because user is banned"""
        Ban.objects.create(check_type=BAN_USERNAME,
                           banned_value=self.user.username,
                           user_message='Nope!')

        response = self.client.get(self.link % (
                self.user.id,
                make_password_change_token(self.user)
            ))
        self.assertEqual(response.status_code, 400)
        self.assertIn('Your link has expired.', response.content)
Exemplo n.º 13
0
    def test_inactive_user(self):
        """request change password form link api errors for inactive users"""
        self.user.requires_activation = 1
        self.user.save()

        response = self.client.get(self.link % (
                self.user.id,
                make_password_change_token(self.user)
            ))
        self.assertEqual(response.status_code, 400)
        self.assertIn('Your link has expired.', response.content)

        self.user.requires_activation = 2
        self.user.save()

        response = self.client.get(self.link % (
                self.user.id,
                make_password_change_token(self.user)
            ))
        self.assertEqual(response.status_code, 400)
        self.assertIn('Your link has expired.', response.content)
    def test_banned_user_link(self):
        """request errors because user is banned"""
        Ban.objects.create(
            check_type=Ban.USERNAME,
            banned_value=self.user.username,
            user_message='Nope!',
        )

        response = self.client.post(
            self.link % (self.user.pk, make_password_change_token(self.user))
        )
        self.assertContains(response, "Your link has expired.", status_code=400)
    def test_change_password_form(self):
        """change user password form displays for valid token"""
        User = get_user_model()
        test_user = User.objects.create_user('Bob', '[email protected]', 'Pass.123')

        password_token = make_password_change_token(test_user)

        response = self.client.get(
            reverse('misago:forgotten_password_change_form',
                    kwargs={'user_id': test_user.pk, 'token': password_token}))
        self.assertEqual(response.status_code, 200)
        self.assertIn(password_token, response.content)
    def test_change_password_invalid_token(self):
        """invalid form token errors"""
        User = get_user_model()
        test_user = User.objects.create_user('Bob', '[email protected]', 'Pass.123')

        password_token = make_password_change_token(test_user)

        response = self.client.get(
            reverse('misago:forgotten_password_change_form',
                    kwargs={'user_id': test_user.pk, 'token': 'abcdfghqsads'}))
        self.assertEqual(response.status_code, 400)
        self.assertIn('your link is invalid', response.content)
    def test_change_password_on_other_user(self):
        """change other user password errors"""
        User = get_user_model()
        test_user = User.objects.create_user('Bob', '[email protected]', 'Pass.123')

        password_token = make_password_change_token(test_user)

        self.login_user(self.get_authenticated_user())

        response = self.client.get(
            reverse('misago:forgotten_password_change_form',
                    kwargs={'user_id': test_user.pk, 'token': password_token}))
        self.assertEqual(response.status_code, 400)
        self.assertIn('your link has expired', response.content)
    def test_change_password_on_banned(self):
        """change banned user password errors"""
        User = get_user_model()
        test_user = User.objects.create_user('Bob', '[email protected]', 'Pass.123')

        Ban.objects.create(check_type=BAN_USERNAME,
                           banned_value='bob',
                           user_message='Nope!')

        password_token = make_password_change_token(test_user)

        response = self.client.get(
            reverse('misago:forgotten_password_change_form',
                    kwargs={'user_id': test_user.pk, 'token': password_token}))
        self.assertEqual(response.status_code, 403)
        self.assertIn('<p>Nope!</p>', response.content)
 def test_submit_empty(self):
     """change password api errors for empty body"""
     response = self.client.post(
         self.link % (self.user.pk, make_password_change_token(self.user))
     )
     self.assertContains(response, "This password is too shor", status_code=400)