def test_GIVEN_valid_id_and_invalid_uuid_WHEN_password_THEN_page_with_error(self): user_service = UserService() username = "******" user_service.create(username, "test", "test", "email", constants.USER_ACCESS_LEVEL_EXTERNAL) user = user_service.get_user_by_username(username) user_service.set_forgot_password(user.id) response = self.app.get( url=url(controller='home', action='password', id=user.id, uuid="not that uuid") ) assert_that(response.normal_body, contains_string("Invalid Password Request"), "Invalid password page")
def test_GIVEN_user_and_password_WHEN_password_set_THEN_password_call_made_to_crowd_and_forgotten_password_blanked(self): user = self.login() crowd_client = Mock(CrowdClient) crowd_client_factory = CrowdClientFactory() crowd_client_factory.get_client = Mock(return_value=crowd_client) user_service = UserService(crowd_client_factory=crowd_client_factory) user_service.set_forgot_password(user.id) password = "******" user_service.reset_password(user.id, password, password) assert_that(crowd_client.update_users_password.called, is_(True), "Crowd called to update user") user = user_service.get_user_by_id(user.id) assert_that(user.forgotten_password_uuid, is_(None), "uuid") assert_that(user.forgotten_password_expiry_date, is_(None), "expiry date")
def test_GIVEN_user_and_password_WHEN_password_set_and_crowd_client_raises_THEN_forgotten_password_not_blanked_error(self): user = self.login() crowd_client = Mock(CrowdClient) crowd_client.update_users_password = Mock(side_effect=ClientException()) crowd_client_factory = CrowdClientFactory() crowd_client_factory.get_client = Mock(return_value=crowd_client) user_service = UserService(crowd_client_factory=crowd_client_factory) user_service.set_forgot_password(user.id) password = "******" with self.assertRaises(ServiceException, msg="Service exception not raise"): user_service.reset_password(user.id, password, password) user = user_service.get_user_by_id(user.id) assert_that(user.forgotten_password_uuid, is_not(None), "uuid") assert_that(user.forgotten_password_expiry_date, is_not(None), "expiry date")
def test_GIVEN_valid_id_and_uuid_WHEN_password_THEN_page_with_no_error(self): user_service = UserService() username = "******" user_service.create(username, "test", "test", "email", constants.USER_ACCESS_LEVEL_EXTERNAL) user = user_service.get_user_by_username(username) user_service.set_forgot_password(user.id) user = user_service.get_user_by_username(username) response = self.app.get( url=url(controller='home', action='password', id=user.id, uuid=user.forgotten_password_uuid) ) assert_that(response.normal_body, contains_string("Password Request"), "Correct page") assert_that(response.normal_body, is_not(contains_string("Your new password")), "tooltip is rewriten") assert_that(response.normal_body, contains_string('title="Username"'), "Username tooltip") assert_that(response.normal_body, contains_string('title="New password"'), "Username tooltip") assert_that(response.normal_body, contains_string('title="Retype your new password"'), "Username tooltip")
def test_GIVEN_valid_id_and_uuid_non_matching_password_WHEN_post_new_password_THEN_error_message(self): user_service = UserService() username = "******" user_service.create(username, "test", "test", "email", constants.USER_ACCESS_LEVEL_EXTERNAL) user = user_service.get_user_by_username(username) user_service.set_forgot_password(user.id) user = user_service.get_user_by_username(username) new_password = '******' response = self.app.post( url=url(controller='home', action='password', id=user.id), params={ 'uuid': user.forgotten_password_uuid, 'password_one': new_password, 'password_two': "not new password"} ) assert_that(response.normal_body, contains_string("passwords are not the same"))
def test_GIVEN_valid_id_and_valid_uuid_which_has_expired_WHEN_password_THEN_reset_forgotten_password(self): user_service = UserService() username = "******" user_service.create(username, "test", "test", "email", constants.USER_ACCESS_LEVEL_EXTERNAL) user = user_service.get_user_by_username(username) user_service.set_forgot_password(user.id) with session_scope() as session: user = user_service.get_user_by_id(user.id) user.forgotten_password_expiry_date = datetime.datetime.now() - datetime.timedelta(minutes=1) session.add(user) original_uuid = user.forgotten_password_uuid response = self.app.get( url=url(controller='home', action='password', id=user.id, uuid=original_uuid) ) assert_that(response.normal_body, contains_string("Expired Password Request"), "Expired password page") with session_scope() as session: user = user_service.get_user_by_id(user.id) assert_that(user.forgotten_password_uuid, is_not(original_uuid), "uuid reset")
def test_GIVEN_valid_id_and_uuid_WHEN_post_new_password_THEN_login_page_with_message(self): user_service = UserService() username = "******" user_service.create(username, "test", "test", "email", constants.USER_ACCESS_LEVEL_EXTERNAL) user = user_service.get_user_by_username(username) user_service.set_forgot_password(user.id) user = user_service.get_user_by_username(username) new_password = '******' response = self.app.post( url=url(controller='home', action='password', id=user.id), params={ 'uuid': user.forgotten_password_uuid, 'password_one': new_password, 'password_two': new_password} ) assert_that(response.status_code, is_(302), "Response is redirect") assert_that(urlparse(response.response.location).path, is_(url(controller='account', action='login')), "url") with session_scope() as session: user = user_service.get_user_by_id(user.id) assert_that(user.forgotten_password_uuid, is_(None), "uuid blanked")
def test_GIVEN_user_WHEN_forget_password_THEN_password_forgotten_set(self): user = self.login() email_service = Mock(EmailService) user_service = UserService(email_service=email_service) link = user_service.set_forgot_password(user.id) with session_scope() as session: user = session.query(User).get(user.id) assert_that(user.forgotten_password_uuid, is_not(None), "forgotten password uuid set") assert_that(user.forgotten_password_expiry_date, is_not(None), "forgotten password expiry date set") assert_that(link, contains_string(user.forgotten_password_uuid), "UUID is in link") assert_that(email_service.send_email.called, is_(False), "email sent")