def test_reset_password_enter_password_wrong_token_get(client):
# wrong token (GET)
success, user, message = User.create(email_address="*****@*****.**")
User._test_set_password_reset_token(user, token="abc123correct")
response = client.get('/password-reset-token/abc123wrong') # wrong token
assert b'Forbidden' in response.data
assert b"The password reset link is not valid or is expired." in response.data
def test_reset_password_enter_password_get(client):
# correct token (GET)
success, user, message = User.create(email_address="*****@*****.**")
User._test_set_password_reset_token(user, token="abc123def")
response = client.get('/password-reset-token/abc123def')
assert b'Reset password' in response.data
assert b"Enter your NEW password" in response.data
def test_reset_password_enter_password_post(client):
# correct token (POST)
success, user, message = User.create(email_address="*****@*****.**")
User._test_set_password_reset_token(user, token="abc123def")
assert user.password_hash is None # assert that user does not have a password yet
# set a password
data = {
"reset-password-new-password": "******",
"reset-password-repeat-password": "******",
}
response = client.post('/password-reset-token/abc123def',
data=data,
follow_redirects=True)
assert b'Success!' in response.data
assert b"Your password has been successfully (re)set." in response.data
user = User.get_user_by_email(email_address="*****@*****.**")
assert user.password_hash is not None # assert that the user now has a password
