def setUp(self): self.user_email = '*****@*****.**' self.user_password = '******' self.user = get_user_model().objects.create_user( self.user_email, self.user_password) self.middleware_auth = AuthenticationMiddleware() self.middleware_session_auth = SessionAuthenticationMiddleware() self.assertTrue( self.client.login( username=self.user_email, password=self.user_password, )) self.request = HttpRequest() self.request.session = self.client.session
def test_changed_password_invalidates_session(self): """ Test that changing a user's password invalidates the session.""" verification_middleware = SessionAuthenticationMiddleware() self.assertTrue( self.client.login( username=self.user_email, password=self.user_password, )) request = HttpRequest() request.session = self.client.session request.user = self.user verification_middleware.process_request(request) self.assertIsNotNone(request.user) self.assertFalse(request.user.is_anonymous()) # After password change, user should be anonymous request.user.set_password('new_password') request.user.save() verification_middleware.process_request(request) self.assertIsNotNone(request.user) self.assertTrue(request.user.is_anonymous())