def test_inactive_user(self): """change password api errors for inactive users""" self.user.requires_activation = 1 self.user.save() response = self.client.post( self.link % self.user.pk, data={ 'password': '******', 'token': make_password_change_token(self.user), }, ) self.assertContains(response, "You have to activate your account", status_code=400) self.user.requires_activation = 2 self.user.save() response = self.client.post( self.link % self.user.pk, data={ 'password': '******', 'token': make_password_change_token(self.user), }, ) self.assertContains(response, "Administrator has to activate your account", status_code=400)
def send_password_form(request): """ POST /auth/send-password-form/ with CSRF token and email will mail change password form link to requester """ form = ResetPasswordForm(request.data) if form.is_valid(): requesting_user = form.user_cache mail_subject = _("Change %(user)s password on %(forum_name)s forums") % { 'user': requesting_user.username, 'forum_name': settings.forum_name, } confirmation_token = make_password_change_token(requesting_user) mail_user( request, requesting_user, mail_subject, 'misago/emails/change_password_form_link', { 'confirmation_token': confirmation_token, }, ) return Response({ 'username': form.user_cache.username, 'email': form.user_cache.email, }) else: return Response( form.get_errors_dict(), status=status.HTTP_400_BAD_REQUEST, )
def test_valid_link(self): """get validates link""" response = self.client.get( self.link % (self.user.id, make_password_change_token(self.user))) self.assertEqual(response.status_code, 200) self.assertIn(self.user.username, response.content)
def test_invalid_user_id_link(self): """get errors on invalid user id link""" response = self.client.get( self.link % (123, make_password_change_token(self.user))) self.assertEqual(response.status_code, 400) self.assertIn('Form link is invalid.', response.content)
def send_link(request): form = ResetPasswordForm(request.DATA) if form.is_valid(): requesting_user = form.user_cache mail_subject = _("Change %(user)s password " "on %(forum_title)s forums") subject_formats = { 'user': requesting_user.username, 'forum_title': settings.forum_name } mail_subject = mail_subject % subject_formats confirmation_token = make_password_change_token(requesting_user) mail_user(request, requesting_user, mail_subject, 'misago/emails/change_password_form_link', {'confirmation_token': confirmation_token}) return Response({ 'username': form.user_cache.username, 'email': form.user_cache.email }) else: return Response(form.get_errors_dict(), status=status.HTTP_400_BAD_REQUEST)
def test_change_view_returns_200(self): """change password view returns 200""" User = get_user_model() test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123') response = self.client.get( reverse('misago:forgotten_password_change_form', kwargs={ 'user_id': test_user.id, 'token': make_password_change_token(test_user) })) self.assertEqual(response.status_code, 200) # test invalid user response = self.client.get( reverse('misago:forgotten_password_change_form', kwargs={ 'user_id': 7681, 'token': 'a7d8sa97d98sa798dsa' })) self.assertEqual(response.status_code, 200) # test invalid token response = self.client.get( reverse('misago:forgotten_password_change_form', kwargs={ 'user_id': test_user.id, 'token': 'asd79as87ds9a8d7sa' })) self.assertEqual(response.status_code, 200)
def send_password_form(request): form = ResetPasswordForm(request.data) if form.is_valid(): requesting_user = form.user_cache mail_subject = _("Change %(user)s password on %(forum_name)s forums") subject_formats = { 'user': requesting_user.username, 'forum_name': settings.forum_name, } mail_subject = mail_subject % subject_formats confirmation_token = make_password_change_token(requesting_user) mail_user(request, requesting_user, mail_subject, 'misago/emails/change_password_form_link', {'confirmation_token': confirmation_token}) return Response({ 'username': form.user_cache.username, 'email': form.user_cache.email }) else: return Response(form.get_errors_dict(), status=status.HTTP_400_BAD_REQUEST)
def send_password_form(request): """ POST /auth/send-password-form/ with CSRF token and email will mail change password form link to requester """ serializer = SendPasswordFormSerializer(data=request.data) serializer.is_valid(raise_exception=True) serializer.raise_if_banned() user = serializer.validated_data['user'] mail_subject = _("Change %(user)s password on %(forum_name)s forums") % { 'user': user.username, 'forum_name': settings.forum_name, } confirmation_token = make_password_change_token(user) mail_user( request, user, mail_subject, 'misago/emails/change_password_form_link', { 'confirmation_token': confirmation_token, }, ) return Response({ 'username': user.username, 'email': user.email, })
def test_submit_empty(self): """change password api errors for empty body""" response = self.client.post( self.link % (self.user.pk, make_password_change_token(self.user))) self.assertContains(response, "This password is too shor", status_code=400)
def test_inactive_user(self): """change password api errors for inactive users""" self.user.requires_activation = 1 self.user.save() response = self.client.post( self.link % (self.user.pk, make_password_change_token(self.user)) ) self.assertContains(response, "Your link has expired.", status_code=400) self.user.requires_activation = 2 self.user.save() response = self.client.post( self.link % (self.user.pk, make_password_change_token(self.user)) ) self.assertContains(response, "Your link has expired.", status_code=400)
def setUp(self): User = get_user_model() self.user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123') self.link = reverse('misago:api:change_password_validate_token', kwargs={ 'user_id': self.user.id, 'token': make_password_change_token(self.user) })
def test_inactive_user(self): """request change password form link api errors for inactive users""" self.user.requires_activation = 1 self.user.save() response = self.client.get( self.link % (self.user.id, make_password_change_token(self.user))) self.assertEqual(response.status_code, 400) self.assertIn('Your link has expired.', response.content) self.user.requires_activation = 2 self.user.save() response = self.client.get( self.link % (self.user.id, make_password_change_token(self.user))) self.assertEqual(response.status_code, 400) self.assertIn('Your link has expired.', response.content)
def test_submit_empty(self): """submit change password form api errors for empty body""" response = self.client.post(self.link % ( self.user.id, make_password_change_token(self.user) )) self.assertEqual(response.status_code, 400) self.assertIn('Valid password must', response.content)
def test_submit_invalid_data(self): """login api errors for invalid data""" response = self.client.post( self.link % (self.user.pk, make_password_change_token(self.user)), 'false', content_type="application/json", ) self.assertContains(response, "Invalid data.", status_code=400)
def test_disabled_user(self): """change password api errors for disabled users""" self.user.is_active = False self.user.save() response = self.client.post( self.link % (self.user.pk, make_password_change_token(self.user))) self.assertContains(response, "Form link is invalid.", status_code=400)
def test_submit_valid(self): """submit change password form api errors for empty body""" response = self.client.post( self.link % (self.user.id, make_password_change_token(self.user)), data={'password': '******'}) self.assertEqual(response.status_code, 200) user = get_user_model().objects.get(id=self.user.id) self.assertTrue(user.check_password('n3wp4ss!'))
def test_invalid_user_id_link(self): """get errors on invalid user id link""" response = self.client.get(self.link % ( 123, make_password_change_token(self.user) )) self.assertEqual(response.status_code, 400) self.assertIn('Form link is invalid.', response.content)
def test_disabled_user(self): """change password api errors for disabled users""" self.user.is_active = False self.user.save() response = self.client.post( self.link % (self.user.pk, make_password_change_token(self.user)) ) self.assertContains(response, "Form link is invalid.", status_code=400)
def test_submit_valid(self): """submit change password form api changes password""" response = self.client.post( self.link % (self.user.pk, make_password_change_token(self.user)), data={'password': '******'}) self.assertEqual(response.status_code, 200) user = UserModel.objects.get(id=self.user.pk) self.assertTrue(user.check_password('n3wp4ss!'))
def setUp(self): User = get_user_model() self.user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123') self.link = reverse( 'misago:api:change_password_validate_token', kwargs={ 'user_id': self.user.id, 'token': make_password_change_token(self.user) })
def test_valid_link(self): """get validates link""" response = self.client.get(self.link % ( self.user.id, make_password_change_token(self.user) )) self.assertEqual(response.status_code, 200) self.assertIn(self.user.username, response.content)
def test_disabled_user(self): """change password api errors for disabled users""" self.user.is_active = False self.user.save() response = self.client.post( self.link % (self.user.pk, make_password_change_token(self.user))) self.assertEqual(response.status_code, 400) self.assertEqual(response.json(), {'detail': 'Form link is invalid. Please try again.'})
def test_submit_valid(self): """submit change password form api errors for empty body""" response = self.client.post(self.link % ( self.user.id, make_password_change_token(self.user) ), data={'password': '******'}) self.assertEqual(response.status_code, 200) user = get_user_model().objects.get(id=self.user.id) self.assertTrue(user.check_password('n3wp4ss!'))
def test_banned_user_link(self): """get errors because user is banned""" Ban.objects.create(check_type=BAN_USERNAME, banned_value=self.user.username, user_message='Nope!') response = self.client.get( self.link % (self.user.id, make_password_change_token(self.user))) self.assertEqual(response.status_code, 400) self.assertIn('Your link has expired.', response.content)
def test_submit_empty(self): """change password api errors for empty body""" response = self.client.post( self.link % (self.user.pk, make_password_change_token(self.user))) self.assertEqual(response.status_code, 400) self.assertEqual( response.json(), { 'detail': "This password is too short. It must contain at least 7 characters." })
def test_banned_user_link(self): """request errors because user is banned""" Ban.objects.create( check_type=Ban.USERNAME, banned_value=self.user.username, user_message='Nope!', ) response = self.client.post( self.link % (self.user.pk, make_password_change_token(self.user)) ) self.assertContains(response, "Your link has expired.", status_code=400)
def test_submit_with_whitespaces(self): """submit change password form api changes password with whitespaces""" response = self.client.post( self.link % (self.user.pk, make_password_change_token(self.user)), data={ 'password': '******', }, ) self.assertEqual(response.status_code, 200) user = UserModel.objects.get(id=self.user.pk) self.assertTrue(user.check_password(' n3wp4ss! '))
def test_change_password_form(self): """change user password form displays for valid token""" User = get_user_model() test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123') password_token = make_password_change_token(test_user) response = self.client.get( reverse('misago:forgotten_password_change_form', kwargs={'user_id': test_user.pk, 'token': password_token})) self.assertEqual(response.status_code, 200) self.assertIn(password_token, response.content)
def test_inactive_user(self): """change password api errors for inactive users""" self.user.requires_activation = 1 self.user.save() response = self.client.post( self.link % (self.user.pk, make_password_change_token(self.user))) self.assertEqual(response.status_code, 400) self.assertEqual( response.json(), {'detail': 'Your link has expired. Please request new one.'}) self.user.requires_activation = 2 self.user.save() response = self.client.post( self.link % (self.user.pk, make_password_change_token(self.user))) self.assertEqual(response.status_code, 400) self.assertEqual( response.json(), {'detail': 'Your link has expired. Please request new one.'})
def test_inactive_user(self): """request change password form link api errors for inactive users""" self.user.requires_activation = 1 self.user.save() response = self.client.get(self.link % ( self.user.id, make_password_change_token(self.user) )) self.assertEqual(response.status_code, 400) self.assertIn('Your link has expired.', response.content) self.user.requires_activation = 2 self.user.save() response = self.client.get(self.link % ( self.user.id, make_password_change_token(self.user) )) self.assertEqual(response.status_code, 400) self.assertIn('Your link has expired.', response.content)
def test_change_password_invalid_token(self): """invalid form token errors""" User = get_user_model() test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123') password_token = make_password_change_token(test_user) response = self.client.get( reverse('misago:forgotten_password_change_form', kwargs={'user_id': test_user.pk, 'token': 'abcdfghqsads'})) self.assertEqual(response.status_code, 400) self.assertIn('your link is invalid', response.content)
def test_banned_user_link(self): """get errors because user is banned""" Ban.objects.create(check_type=BAN_USERNAME, banned_value=self.user.username, user_message='Nope!') response = self.client.get(self.link % ( self.user.id, make_password_change_token(self.user) )) self.assertEqual(response.status_code, 400) self.assertIn('Your link has expired.', response.content)
def test_submit_with_whitespaces(self): """submit change password form api changes password with whitespaces""" response = self.client.post( self.link % self.user.pk, data={ 'password': '******', 'token': make_password_change_token(self.user), }, ) self.assertEqual(response.status_code, 200) user = UserModel.objects.get(id=self.user.pk) self.assertTrue(user.check_password(' n3wp4ss! '))
def test_inactive_user(self): """change password api errors for inactive users""" self.user.requires_activation = 1 self.user.save() response = self.client.post( self.link % self.user.pk, data={ 'password': '******', 'token': make_password_change_token(self.user), }, ) self.assertEqual(response.status_code, 400) self.assertEqual( response.json(), { 'non_field_errors': [ "You have to activate your account before you will " "be able to change your password.", ], }) self.user.requires_activation = 2 self.user.save() response = self.client.post( self.link % self.user.pk, data={ 'password': '******', 'token': make_password_change_token(self.user), }, ) self.assertEqual(response.status_code, 400) self.assertEqual( response.json(), { 'non_field_errors': [ "Administrator has to activate your account before you " "will be able to change your password.", ], })
def test_submit_invalid_data(self): """login api errors for invalid data""" response = self.client.post( self.link % (self.user.pk, make_password_change_token(self.user)), 'false', content_type="application/json", ) self.assertEqual(response.status_code, 400) self.assertEqual( response.json(), { 'non_field_errors': ['Invalid data. Expected a dictionary, but got bool.'] })
def test_banned_user_link(self): """request errors because user is banned""" Ban.objects.create( check_type=Ban.USERNAME, banned_value=self.user.username, user_message='Nope!', ) response = self.client.post( self.link % (self.user.pk, make_password_change_token(self.user))) self.assertEqual(response.status_code, 400) self.assertEqual( response.json(), {'detail': 'Your link has expired. Please request new one.'})
def test_change_password_on_other_user(self): """change other user password errors""" User = get_user_model() test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123') password_token = make_password_change_token(test_user) self.login_user(self.get_authenticated_user()) response = self.client.get( reverse('misago:forgotten_password_change_form', kwargs={'user_id': test_user.pk, 'token': password_token})) self.assertEqual(response.status_code, 400) self.assertIn('your link has expired', response.content)
def test_change_password_form(self): """change user password form displays for valid token""" test_user = UserModel.objects.create_user('Bob', '*****@*****.**', 'Pass.123') password_token = make_password_change_token(test_user) response = self.client.get( reverse('misago:forgotten-password-change-form', kwargs={ 'pk': test_user.pk, 'token': password_token, })) self.assertContains(response, password_token)
def test_change_password_invalid_token(self): """invalid form token errors""" test_user = UserModel.objects.create_user('Bob', '*****@*****.**', 'Pass.123') password_token = make_password_change_token(test_user) response = self.client.get( reverse('misago:forgotten-password-change-form', kwargs={ 'pk': test_user.pk, 'token': 'abcdfghqsads', })) self.assertContains(response, 'your link is invalid', status_code=400)
def test_change_password_form(self): """change user password form displays for valid token""" User = get_user_model() test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123') password_token = make_password_change_token(test_user) response = self.client.get( reverse('misago:forgotten_password_change_form', kwargs={ 'user_id': test_user.pk, 'token': password_token })) self.assertEqual(response.status_code, 200) self.assertIn(password_token, response.content)
def test_change_password_invalid_token(self): """invalid form token errors""" User = get_user_model() test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123') password_token = make_password_change_token(test_user) response = self.client.get( reverse('misago:forgotten_password_change_form', kwargs={ 'user_id': test_user.pk, 'token': 'abcdfghqsads' })) self.assertEqual(response.status_code, 400) self.assertIn('your link is invalid', response.content)
def test_change_password_on_banned(self): """change banned user password errors""" User = get_user_model() test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123') Ban.objects.create(check_type=BAN_USERNAME, banned_value='bob', user_message='Nope!') password_token = make_password_change_token(test_user) response = self.client.get( reverse('misago:forgotten_password_change_form', kwargs={'user_id': test_user.pk, 'token': password_token})) self.assertEqual(response.status_code, 403) self.assertIn('<p>Nope!</p>', response.content)
def test_change_password_on_other_user(self): """change other user password errors""" test_user = UserModel.objects.create_user('Bob', '*****@*****.**', 'Pass.123') password_token = make_password_change_token(test_user) self.login_user(self.get_authenticated_user()) response = self.client.get( reverse('misago:forgotten-password-change-form', kwargs={ 'pk': test_user.pk, 'token': password_token, })) self.assertContains(response, 'your link has expired', status_code=400)
def test_change_password_on_other_user(self): """change other user password errors""" User = get_user_model() test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123') password_token = make_password_change_token(test_user) self.login_user(self.get_authenticated_user()) response = self.client.get( reverse('misago:forgotten_password_change_form', kwargs={ 'user_id': test_user.pk, 'token': password_token })) self.assertEqual(response.status_code, 400) self.assertIn('your link has expired', response.content)
def test_submit_empty(self): """change password api errors for empty body""" response = self.client.post( self.link % (self.user.pk, make_password_change_token(self.user)) ) self.assertContains(response, "This password is too shor", status_code=400)