def test_passwordreset_reset_valid_code(): ''' test passwordreset with a valid code ''' clear() # register a user u_id = auth.auth_register('*****@*****.**', 'password', 'Mate', 'Old').get('u_id') # send the password reset auth.passwordreset_request('*****@*****.**') code = get_reset_code(u_id).get('code') now = datetime.datetime.utcnow() # reset the password assert auth.passwordreset_reset(code, 'passwordTime') is not None new_hash = auth.hash_('passwordTime') # check the password valid = False for user in data.return_users(): if (user.get('password') == new_hash and abs((now - user.get('password_reset').get('origin')).total_seconds()) < 500): valid = True break # if new password wasn't stored, assert assert valid
def test_passwordreset_not_real_user(): ''' Given an email address, if the user is a registered user, send's them a an email containing a specific secret code, that when entered in auth_passwordreset_reset, shows that the user trying to reset the password is the one who got sent this email. This will test what happens when user is not real ''' clear() # no users registered with pytest.raises(InputError): auth.passwordreset_request('*****@*****.**')
def test_passwordreset_reset_invalid_new_password(): ''' Given a reset code for a user, set that user's new password to the password provided ''' clear() # register a user u_id = auth.auth_register('*****@*****.**', 'password', 'Mate', 'Old').get('u_id') # send the password reset auth.passwordreset_request('*****@*****.**') code = get_reset_code(u_id).get('code') # if password doesn't pass new password checks with pytest.raises(InputError): auth.passwordreset_reset(code, 'f')
def passwordreset_request(): """Requests a reset email.""" # get the user from json user = request.json success = auth.passwordreset_request(user.get('email')) # return token object as json return jsonify(success)
def test_passwordreset_reset_invalid_code(): ''' Given a reset code for a user, set that user's new password to the password provided ''' clear() # register a user u_id = auth.auth_register('*****@*****.**', 'password', 'Mate', 'Old').get('u_id') # send the password reset auth.passwordreset_request('*****@*****.**') code = get_reset_code(u_id).get('code') # make sure new code is incorrect new_code = 'hahagetcooked' if code == new_code: raise Exception('This is the same code coincidentally') with pytest.raises(InputError): auth.passwordreset_reset(new_code, 'passwordTime')
def test_passwordreset_real_user(): ''' This will test what happens when user is real ''' clear() # register a user u_id = auth.auth_register('*****@*****.**', 'password', 'Mate', 'Old').get('u_id') auth.passwordreset_request('*****@*****.**') code = get_reset_code(u_id).get('code') now = datetime.datetime.utcnow() # check that the code stored was the same as given code valid = False for user in data.return_users(): if (user.get('password_reset').get('code') == code and abs((now - user.get('password_reset').get('origin')).total_seconds()) < 500): valid = True break # if code wasn't stored, or it was an incorrect code, it's not valid # if password_reset doesn't have an acceptable time delta, it is not valid assert valid
def test_passwordreset_reset_invalid_time(): ''' Given a reset code for a user, set that user's new password to the password provided ''' clear() # register a user u_id = auth.auth_register('*****@*****.**', 'password', 'Mate', 'Old').get('u_id') # send the password reset auth.passwordreset_request('*****@*****.**') code = get_reset_code(u_id).get('code') # make the time an hour before now = datetime.datetime.utcnow() before = now - datetime.timedelta(hours=2) data.update_user(u_id, 'password_reset', { 'origin': before, 'code': code }) # check there's an inputerror with pytest.raises(InputError): auth.passwordreset_reset(code, 'passwordTime')