Exemplo n.º 1
0
    def test_reset_password(self, client, db, user):
        # Requests password reset
        client.post(url_for('auth.forgot_password'),
                          dict(email=user.email)).follow()

        # User has valid UserPasswordToken
        valid_token = UserPasswordToken.valid_token(user.id)
        assert valid_token

        # Invalid user/token combo does not display reset form
        res = client.get(url_for('auth.reset_password', userid=user.id, reset="moop"))
        assert not res.forms.get('reset-form')

        # Valid user/token combo displays reset form
        res = client.get(url_for('auth.reset_password', userid=user.id, value=valid_token.value))
        assert res.forms.get('reset-form')

        # Password is changed on form submit
        reset_form = res.forms.get('reset-form')
        reset_form['password'] = '******'
        reset_form['confirm'] = 'joejoe'
        reset_form.submit()
        assert user.verify_password('joejoe')

        # User has no more valid UserPasswordToken
        assert not UserPasswordToken.valid_token(user.id)

        # Previous valid token no longer works. Does not display reset form
        res = client.get(url_for('auth.reset_password', userid=user.id, value=valid_token.value))
        assert not res.forms.get('reset-form')
    def test_get_or_create_token(self, user, db):
        user_tokens_query = db.session.query(UserPasswordToken).filter_by(user_id=user.id)

        # No tokens are present for a newly created user
        user_tokens_query.all() == []

        # A new token is created when none are present
        token = UserPasswordToken.get_or_create_token(user.id)
        assert user_tokens_query.all() == [token]

        # The same token is returned while it is still valid.
        assert UserPasswordToken.get_or_create_token(user.id) == token
        assert user_tokens_query.count() == 1

        # A new token is created once the old one is used. This new token is the only token for that user.
        token.update(used=True)
        unused_token = UserPasswordToken.get_or_create_token(user.id)
        assert unused_token != token
        assert user_tokens_query.count() == 1

        # A new token is created once the old one is expired. This new token is the only token for that user.
        unused_token.update(expiration_dt=expired_date())
        unexpired_token = UserPasswordToken.get_or_create_token(user.id)
        assert unexpired_token != token
        assert unexpired_token != unused_token
        assert user_tokens_query.count() == 1
    def test_used_token_is_not_valid(self, user, db):
        # Newly generated token is valid
        token = UserPasswordToken(user=user).save(db.session)
        assert token.invalid is False

        # Used token is not valid
        token.update(used=True)
        assert token.invalid is True
Exemplo n.º 4
0
    def test_forgot_password(self, client, db, user):
        # User has no valid reset tokens initially
        assert not UserPasswordToken.valid_token(user.id)

        # Go to forgot password page
        res = client.get(url_for('auth.forgot_password'), status=200)

        # Submits bad email, forgot-form is still displayed
        res.forms['forgot-form']['email'] = 'moop'
        res = res.forms['forgot-form'].submit()
        assert res.forms.get('forgot-form')

        # Submits good email, forgot-form is no longer displayed
        res.forms['forgot-form']['email'] = user.email
        res = res.forms['forgot-form'].submit()
        assert not res.forms.get('forgot-form')

        # User now has a valid UserPasswordToken
        assert UserPasswordToken.valid_token(user.id)
Exemplo n.º 5
0
    def test_forgot_password(self, client, db, user):
        # User has no valid reset tokens initially
        assert not UserPasswordToken.valid_token(user.id)

        # Go to forgot password page
        res = client.get(url_for('auth.forgot_password'), status=200)

        # Submits bad email, forgot-form is still displayed
        res.forms['forgot-form']['email'] = 'moop'
        res = res.forms['forgot-form'].submit()
        assert res.forms.get('forgot-form')

        # Submits good email, forgot-form is no longer displayed
        res.forms['forgot-form']['email'] = user.email
        res = res.forms['forgot-form'].submit()
        assert not res.forms.get('forgot-form')

        # User now has a valid UserPasswordToken
        assert UserPasswordToken.valid_token(user.id)
    def test_invalid_tokens(self, user, db):
        # Invalid tokens
        used_token = UserPasswordToken(user=user, used=True).save()
        expired_token = UserPasswordToken(user=user, expiration_dt=expired_date()).save()

        # Valid token
        valid_token = UserPasswordToken(user=user, used=False).save()

        # All invalid tokens for a user are captured
        invalid_tokens = set(UserPasswordToken.invalid_tokens(user_id=user.id).all())
        assert invalid_tokens == set([used_token, expired_token])
Exemplo n.º 7
0
    def test_expired_token_is_not_valid(self, user, db):
        # Newly generated token is valid
        token = UserPasswordToken(user=user).save(db.session)
        assert token.invalid is False

        # Expired token is not valid
        token.update(expiration_dt=expired_date())
        token.save(db.session)
        assert token.invalid is True
Exemplo n.º 8
0
    def test_reset_password(self, client, db, user):
        # Requests password reset
        client.post(url_for('auth.forgot_password'),
                    dict(email=user.email)).follow()

        # User has valid UserPasswordToken
        valid_token = UserPasswordToken.valid_token(user.id)
        assert valid_token

        # Invalid user/token combo does not display reset form
        res = client.get(
            url_for('auth.reset_password', userid=user.id, reset="moop"))
        assert not res.forms.get('reset-form')

        # Valid user/token combo displays reset form
        res = client.get(
            url_for('auth.reset_password',
                    userid=user.id,
                    value=valid_token.value))
        assert res.forms.get('reset-form')

        # Password is changed on form submit
        reset_form = res.forms.get('reset-form')
        reset_form['password'] = '******'
        reset_form['confirm'] = 'joejoe'
        reset_form.submit()
        assert user.verify_password('joejoe')

        # User has no more valid UserPasswordToken
        assert not UserPasswordToken.valid_token(user.id)

        # Previous valid token no longer works. Does not display reset form
        res = client.get(
            url_for('auth.reset_password',
                    userid=user.id,
                    value=valid_token.value))
        assert not res.forms.get('reset-form')
Exemplo n.º 9
0
 def test_unique_expiration_dt(self, user, db):
     # Tokens created at different times have different expiration dates
     t1 = UserPasswordToken(user=user).save()
     t2 = UserPasswordToken(user=user).save()
     assert t1.expiration_dt != t2.expiration_dt
Exemplo n.º 10
0
 def test_token_values_unique(self, user, db):
     # Tokens have different values
     t1 = UserPasswordToken(user=user).save()
     t2 = UserPasswordToken(user=user).save()
     assert t1.value != t2.value
Exemplo n.º 11
0
 def test_valid_token(self, user, db):
     # Valid token is found
     invalid_token = UserPasswordToken(user=user, used=True).save()
     valid_token = UserPasswordToken(user=user).save()
     assert UserPasswordToken.valid_token(user.id) == valid_token