def test_password_reset_happy_path(self): """ Verify password reset with correct token and user works """ user_data = { 'username_or_email': '*****@*****.**', 'username': '******', 'password': '******' } user = self._create_user(**user_data) user_token = UserToken(user=user, token_type='reset') user_token.save() reset_request = self.client.get(user_token.path, follow=True) self.assertIn('form', str(reset_request.content)) post_data = {'user_id': user.pk, 'password': '******'} reset_request = self.client.post(user_token.path, post_data, follow=True) self.assertMessageInContext( reset_request, 'Password reset. Please log in to continue.') user_data = { 'username_or_email': '*****@*****.**', 'password': post_data['password'] } login_request = self._login_user(user_data) self.assertMessageInContext(login_request, 'Log in successful.')
def test_login_with_token_expired(self): """ Verify correct log in token error message when expired token given in URL """ user_data = {'email': '*****@*****.**', 'password': '******'} user = self._create_user(**user_data) user_token = UserToken(user=user, token_type='login', expiration=yesterday()) user_token.save() login_request = self.client.get(user_token.path, follow=True) self.assertMessageInContext(login_request, 'Token is expired.')
def test_login_with_token_not_found(self): """ Verify correct log in token error message when bad token given in URL """ user_data = {'email': '*****@*****.**', 'password': '******'} user = self._create_user(**user_data) user_token = UserToken(user=user, token_type='login') user_token.save() login_request = self.client.get(user_token.path.replace( user_token.token, 'asdf'), follow=True) self.assertMessageInContext(login_request, 'Token not found.')
def test_login_with_token_happy_path(self): """ Verify log in with token when valid token and username given in URL """ user_data = {'email': '*****@*****.**', 'password': '******'} user = self._create_user(**user_data) user_token = UserToken(user=user, token_type='login') user_token.save() token_str = user_token.token login_request = self.client.get(user_token.path, follow=True) self.assertMessageInContext(login_request, 'Log in successful.') user_token = UserToken.objects.filter(token=token_str) self.assertFalse(user_token.exists())
def post(self, request, *args, **kwargs): form = self.form(request.POST) if form.is_valid(): user_exists = SessionManager.get_user_by_username_or_email(strip_tags(request.POST['email'])) if user_exists: messages.error(request, '{} already has an account.'.format(user_exists.email)) else: new_app_user = AppUser() new_app_user.save() participant = ExchangeParticipant.get_or_create( appuser=new_app_user, giftexchange=self.giftexchange, status='pending' ) UserToken.clean(appuser=new_app_user, token_type='invitation') token = UserToken(appuser=new_app_user, token_type='invitation') token._generate_token() token.save() mailer = GifteratorMailer() mailer.send_exchange_invitation_email( request.POST['email'], self.giftexchange, existing_user=False, registration_token=token ) messages.success(request, 'An invitation has been sent to {}!'.format(request.POST['email'])) if settings.PREVIEW_EMAILS_IN_APP: self.context.update({'show_email': mailer}) self.context.update({'form': self.form()}) return HttpResponse(self.template.render(self.context, request))
def post(self, request, *args, **kwargs): form = PreRegisterUserForm(request.POST) if form.is_valid(): email_error = validate_email(request.POST['email'], 0) if email_error: error = '{}<p>Did you mean to <a href="{}">log in instead</a>?'.format( email_error, reverse('session_manager_login') ) messages.error(request, error) else: user = SessionManager.get_user_by_username_or_email(request.POST['email']) if not user: user, appuser = SessionManager.preregister_email(request.POST['email']) UserToken.clean(appuser=appuser, token_type='registration') token = UserToken(appuser=appuser, token_type='registration') token._generate_token() token.save() mailer = SessionManagerEmailer() mailer.send_app_registration_link(user, token) if settings.PREVIEW_EMAILS_IN_APP: self.context.update({'show_email': mailer}) messages.success(request, 'Thanks! To verify your email address, we have sent you a link to complete your registration.') return HttpResponse(self.template.render(self.context, request)) self.context.update({ 'form': form, }) return HttpResponse(self.template.render(self.context, request))
def post(self, request, *args, **kwargs): form = self.form(request.POST) if form.is_valid(): existing_user = SessionManager.get_user_by_username_or_email(request.POST['email_address']) if existing_user: messages.error(request, 'This user is already registered.') self.context.update({'form': form}) return HttpResponse(self.template.render(self.context, request)) else: new_appuser = AppUser(registration_source='invitation') new_appuser.save() mailer = SessionManagerEmailer() UserToken.clean(appuser=new_appuser, token_type='invitation') invitation_token = UserToken( appuser=new_appuser, token_type='invitation', ) invitation_token._generate_token() invitation_token.save() mailer.send_app_invitation_link( to_email=request.POST['email_address'], from_appuser=self.appuser, token=invitation_token ) messages.success( request, 'You sent an invitation to {}!'.format(request.POST['email_address']) ) if settings.PREVIEW_EMAILS_IN_APP: self.context.update({'show_email': mailer}) self.context.update({'form': form}) return HttpResponse(self.template.render(self.context, request))
def post(self, request, *args, **kwargs): template = loader.get_template('session_manager/default.html') context = {} form = LoginEmailForm(request.POST) if form.is_valid(): user = SessionManager.get_user_by_username(request.POST['email']) UserToken.clean( token_type='reset', user=user ) reset_token = UserToken( token_type='reset', user=user ) reset_token._generate_token() reset_token.save() mailer = SessionManagerEmailer() mailer.send_password_reset_link(reset_token) messages.success( request, 'A password reset link was sent to {}. You have 48 hours to use it.'.format(reset_token.user.email) ) if settings.PREVIEW_EMAILS_IN_APP: context.update({'show_email': mailer}) else: messages.error(request, 'Could not validate request.') return HttpResponse(template.render(context, request))
def post(self, request, *args, **kwargs): context = {} form = RegistrationLinkForm(request.POST) if form.is_valid(): user = SessionManager.get_user_by_username(request.POST['email']) UserToken.clean( token_type='registration', user=user ) registration_token = UserToken( token_type='registration', user=user ) registration_token._generate_token() registration_token.save() mailer = SessionManagerEmailer() mailer.send_app_registration_link(user, registration_token) messages.success( request, 'A registration link was sent to {}. Use the provided link to complete registration.'.format(registration_token.user.email) ) template = loader.get_template('session_manager/default.html') if settings.PREVIEW_EMAILS_IN_APP: context.update({'show_email': mailer}) return HttpResponse(template.render(context, request)) else: messages.error(request, 'Could not validate request.') return redirect(reverse('session_manager_login'))
def test_password_reset_expired(self): """ Verify correct error token password reset error message with expired token """ user_data = { 'username_or_email': '*****@*****.**', 'password': '******', 'username': '******', } user = self._create_user(**user_data) user_token = UserToken(user=user, token_type='reset', expiration=yesterday()) user_token.save() reset_request = self.client.post(user_token.path, follow=True) self.assertMessageInContext(reset_request, 'Token is expired.')
def test_password_reset_bad_token(self): """ Verify correct error token password reset error message with bad token """ user_data = { 'username_or_email': '*****@*****.**', 'password': '******', 'username': '******', } user = self._create_user(**user_data) user_token = UserToken(user=user, token_type='reset') user_token.save() reset_request = self.client.post(user_token.path.replace( user_token.token, 'asdf'), follow=True) self.assertMessageInContext(reset_request, 'Token not found.')
def get(self, request, *args, **kwargs): # check if a login token was provided if request.GET.get('token') and request.GET.get('user'): token, token_error_message = UserToken.get_token( token=request.GET['token'], username=request.GET['user'], token_type='login') if token: if token.is_valid: # a valid token/user combination was given, so log in and delete the token login(request, token.user) messages.success(request, 'Log in successful.') token.delete() request.session['user_is_authenticated'] = True return redirect(reverse(settings.LOGIN_SUCCESS_REDIRECT)) else: # provided token was found, but it is expired # clean up the token token.delete() messages.error(request, 'Token is expired.') else: # no matching token was found for provided user/token messages.error(request, token_error_message) # no token was provided, or it was invalid, so just render the login form form = LoginUserForm() self.context.update({ 'form': form, }) return HttpResponse(self.template.render(self.context, request))
def setup(self, request, *args, **kwargs): super(ResetPasswordWithTokenView, self).setup(request, *args, **kwargs) self.template = loader.get_template( 'session_manager/reset_password.html') self.context = {} # get the token and error message, needed for both GET and POST self.token, self.token_error_message = UserToken.get_token( token=request.GET.get('token'), username=request.GET.get('user'), token_type='reset')
def test_password_reset_bad_user(self): """ Verify correct error token password reset error message with bad user """ user_data = { 'username_or_email': '*****@*****.**', 'username': '******', 'password': '******' } user = self._create_user(**user_data) user_token = UserToken(user=user, token_type='reset') user_token.save() reset_request = self.client.get(user_token.path, follow=True) self.assertIn('form', str(reset_request.content)) post_data = {'user_id': user.pk, 'password': '******'} reset_request = self.client.post(user_token.path.replace( user_token.user.username, 'asdf'), post_data, follow=True) self.assertMessageInContext(reset_request, 'User matching username not found.')
def setup(self, request, *args, **kwargs): super(RegisterUser, self).setup(request, *args, **kwargs) self.template = loader.get_template('session_manager/register.html') self.appuser = AppUser.objects.get(uuid=request.GET.get('id')) self.registration_token, self.token_error_message = UserToken.get_token( token=request.GET.get('token'), appuser=self.appuser, token_type=['registration', 'invitation'] ) if self.registration_token: if self.registration_token.token_type == 'registration': self.registration_type = 'website' else: self.registration_type = 'invitation' self.context = {}
def post(self, request, *args, **kwargs): # we should only get here if they submitted the form instead of a token in the URL # standard Django form handling here if 'password' in request.POST: form = LoginUserPasswordForm(request.POST) if form.is_valid(): user = SessionManager.get_user_by_id(request.POST['user_id']) if SessionManager.check_password(user, request.POST['password']): login(request, user) request.session['user_is_authenticated'] = True # messages.success(request, 'Log in successful.') if request.session.get('login_redirect_from'): return redirect(request.session['login_redirect_from']) return redirect(reverse(settings.LOGIN_SUCCESS_REDIRECT)) else: messages.error(request, 'Password incorrect.') else: messages.error(request, 'Something went wrong. Please correct errors below.') elif 'send_token' in request.POST: user = SessionManager.get_user_by_id(request.session['user_id']) token = UserToken( user=user, token_type='login', ) token.save() token.send_login_email() messages.success( request, 'An email has been sent to {} containing a temporary log in token. It will expire in 24 hours.'.format(user.email) ) form = LoginUserTokenForm(initial={'user_id': user.pk}) self.context.update({'form_step': 2}) elif 'login_token' in request.POST: token, token_error_message = UserToken.get_token( token=request.POST['login_token'], username=SessionManager.get_user_by_id(request.session['user_id']).username, token_type='login' ) if token: if token.is_valid: # a valid token/user combination was given, so log in and delete the token login(request, token.user) request.session['user_is_authenticated'] = True request.session['user_id'] = token.user.pk # messages.success(request, 'Log in successful.') token.delete() return redirect(reverse('bogames_landingpage')) else: # provided token was found, but it is expired # clean up the token token.delete() messages.error(request, 'Token is expired.') else: messages.error(request, 'Token not found. Perhaps you already used it?') return redirect(reverse('session_manager_login')) else: form = LoginUserNameForm(request.POST) self.context.update({'form_step': 1}) if form.is_valid(): if '@' in request.POST['username_or_email']: user = SessionManager.get_user_by_email(username=request.POST['username_or_email']) else: user = SessionManager.get_user_by_username(username=request.POST['username_or_email']) if not user: messages.error(request, error_reason) self.context.update({ 'form': form, }) messages.error(request, 'Something went wrong. Please correct errors below.') else: request.session['user_id'] = user.pk form = LoginUserPasswordForm(initial={'user_id': user.pk}) self.context.update({'form_step': 2}) self.context.update({ 'form': form, }) return HttpResponse(self.template.render(self.context, request))