def test_send_link_ok(self): user = self.create_test_user(username='******') request = self.factory.post('', { 'login': user.username, }) time_before = math.floor(time.time()) with self.assert_one_mail_sent() as sent_emails: response = send_reset_password_link(request) time_after = math.ceil(time.time()) self.assert_valid_response(response, status.HTTP_200_OK) sent_email = sent_emails[0] self.assertEqual( sent_email.from_email, REST_REGISTRATION_WITH_RESET_PASSWORD['VERIFICATION_FROM_EMAIL'], ) self.assertListEqual(sent_email.to, [user.email]) url = self.assert_one_url_line_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=RESET_PASSWORD_VERIFICATION_URL, expected_query_keys={'signature', 'user_id', 'timestamp'}, ) self.assertEqual(int(verification_data['user_id']), user.id) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, time_before) self.assertLessEqual(url_sig_timestamp, time_after) signer = ResetPasswordSigner(verification_data) signer.verify()
def _assert_valid_verification_data(self, verification_data, user, timer): self.assertEqual(int(verification_data['user_id']), user.id) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, timer.start_time) self.assertLessEqual(url_sig_timestamp, timer.end_time) signer = ResetPasswordSigner(verification_data) signer.verify()
def _assert_valid_reset_password_verification_data(verification_data, user, timer): assert int(verification_data['user_id']) == user.id url_sig_timestamp = int(verification_data['timestamp']) assert url_sig_timestamp >= timer.start_time assert url_sig_timestamp <= timer.end_time signer = ResetPasswordSigner(verification_data) signer.verify()
def test_reset_short_password(self): old_password = '******' new_password = '******' user = self.create_test_user(password=old_password) signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_password request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_bad_request(response) user.refresh_from_db() self.assertTrue(user.check_password(old_password))
def test_reset_unverified_user(self): old_password = '******' new_password = '******' user = self.create_test_user(password=old_password, is_active=False) signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_password request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_ok(response) user.refresh_from_db() self.assertTrue(user.check_password(new_password))
def test_reset_with_username_as_verification_id_ok(self): old_password = '******' new_password = '******' user = self.create_test_user(password=old_password) signer = ResetPasswordSigner({'user_id': user.username}) data = signer.get_signed_data() data['password'] = new_password request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_ok(response) user.refresh_from_db() self.assertTrue(user.check_password(new_password))
def test_ok(self): old_password = '******' new_password = '******' user = self.create_test_user(password=old_password) signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_password response = self.client.post(self.view_url, data=data) self.assertEqual(response.status_code, 302) self.assertEqual(response.url, SUCCESS_URL) user.refresh_from_db() self.assertTrue(user.check_password(new_password))
def test_reset_numeric_password(self): old_password = '******' new_password = '******' user = self.create_test_user(password=old_password) signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_password request = self.factory.post('', data) response = reset_password(request) self.assert_response_is_bad_request(response) user.refresh_from_db() self.assertTrue(user.check_password(old_password))
def test_reset_tampered_timestamp(self): old_password = '******' new_password = '******' user = self.create_test_user(password=old_password) signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['timestamp'] += 1 data['password'] = new_password request = self.factory.post('', data) response = reset_password(request) self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST) user.refresh_from_db() self.assertTrue(user.check_password(old_password))
def test_reset_password_same_as_username(self): username = '******' old_password = '******' new_password = username user = self.create_test_user(username=username, password=old_password) signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_password request = self.factory.post('', data) response = reset_password(request) self.assert_response_is_bad_request(response) user.refresh_from_db() self.assertTrue(user.check_password(old_password))
def test_when_confirm_enabled_and_no_password_confirm_field_then_reset_password_fails( # noqa: E501 settings_with_reset_password_verification, user, password_change, api_view_provider, api_factory): old_password = password_change.old_value new_password = password_change.new_value signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_password request = api_factory.create_post_request(data) response = api_view_provider.view_func(request) assert_response_is_bad_request(response) user.refresh_from_db() assert user.check_password(old_password)
def test_signer_with_different_secret_keys(self): user = self.create_test_user(is_active=False) data_to_sign = {'user_id': user.pk} secrets = [ '#0ka!t#6%28imjz+2t%l(()yu)tg93-1w%$du0*po)*@l+@+4h', 'feb7tjud7m=91$^mrk8dq&nz(0^!6+1xk)%gum#oe%(n)8jic7', ] signatures = [] for secret in secrets: with override_settings(SECRET_KEY=secret): signer = ResetPasswordSigner(data_to_sign) data = signer.get_signed_data() signatures.append(data[signer.SIGNATURE_FIELD]) assert signatures[0] != signatures[1]
def test_reset_expired(self): timestamp = int(time.time()) old_password = '******' new_password = '******' user = self.create_test_user(password=old_password) with patch('time.time', side_effect=lambda: timestamp): signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_password request = self.factory.post('', data) with patch('time.time', side_effect=lambda: timestamp + 3600 * 24 * 8): response = reset_password(request) self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST) user.refresh_from_db() self.assertTrue(user.check_password(old_password))
def test_send_link_with_username_as_verification_id_ok(self): user = self.create_test_user(username='******') request = self.create_post_request({ 'login': user.username, }) with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self.view_func(request) self.assert_valid_response(response, status.HTTP_200_OK) sent_email = sent_emails[0] verification_data = self._assert_valid_verification_email( sent_email, user) self.assertEqual(verification_data['user_id'], user.username) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, timer.start_time) self.assertLessEqual(url_sig_timestamp, timer.end_time) signer = ResetPasswordSigner(verification_data) signer.verify()
def _assert_valid_send_link_email(self, sent_email, user, timer): self.assertEqual( sent_email.from_email, REST_REGISTRATION_WITH_RESET_PASSWORD['VERIFICATION_FROM_EMAIL'], ) self.assertListEqual(sent_email.to, [user.email]) url = self.assert_one_url_line_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=RESET_PASSWORD_VERIFICATION_URL, expected_fields={'signature', 'user_id', 'timestamp'}, ) self.assertEqual(int(verification_data['user_id']), user.id) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, timer.start_time) self.assertLessEqual(url_sig_timestamp, timer.end_time) signer = ResetPasswordSigner(verification_data) signer.verify()
def test_one_time_reset_twice_fail(self): old_password = '******' new_first_password = '******' new_second_password = '******' user = self.create_test_user(password=old_password) signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_first_password request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_ok(response) user.refresh_from_db() self.assertTrue(user.check_password(new_first_password)) data['password'] = new_second_password request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_bad_request(response) user.refresh_from_db() self.assertTrue(user.check_password(new_first_password))
def user_signed_data(user): user_reset_password_signer = ResetPasswordSigner({'user_id': user.pk}) return user_reset_password_signer.get_signed_data()