def test_should_sign_in_when_password_reset_is_successful_for_email_auth( app_, client, mock_get_user, mock_get_user_by_email_request_password_reset, mock_login, mock_send_verify_code, mock_reset_failed_login_count, mock_update_user_password): user = mock_get_user_by_email_request_password_reset.return_value user['auth_type'] = 'email_auth' data = json.dumps({ 'email': user['email_address'], 'created_at': str(datetime.utcnow()) }) token = generate_token(data, app_.config['SECRET_KEY'], app_.config['DANGEROUS_SALT']) response = client.post(url_for_endpoint_with_token('.new_password', token=token), data={'new_password': '******'}) assert response.status_code == 302 assert response.location == url_for('.show_accounts_or_dashboard', _external=True) assert mock_get_user_by_email_request_password_reset.called assert mock_reset_failed_login_count.called # the log-in flow makes a couple of calls mock_get_user.assert_called_once_with(user['id']) mock_update_user_password.assert_called_once_with(user['id'], 'a-new_password') assert not mock_send_verify_code.called
def test_two_factor_email_link_used_when_user_already_logged_in( logged_in_client, valid_token): response = logged_in_client.get( url_for_endpoint_with_token('main.two_factor_email', token=valid_token)) assert response.status_code == 302 assert response.location == url_for('main.show_accounts_or_dashboard', _external=True)
def test_should_return_404_when_email_address_does_not_exist( app_, client, mock_get_user_by_email_not_found, ): data = json.dumps({'email': '*****@*****.**', 'created_at': str(datetime.utcnow())}) token = generate_token(data, app_.config['SECRET_KEY'], app_.config['DANGEROUS_SALT']) response = client.get(url_for_endpoint_with_token('.new_password', token=token)) assert response.status_code == 404
def test_should_redirect_to_forgot_password_with_flash_message_when_token_is_expired( app_, client, mock_login, mocker): mocker.patch('app.main.views.new_password.check_token', side_effect=SignatureExpired('expired')) token = generate_token('*****@*****.**', app_.config['SECRET_KEY'], app_.config['DANGEROUS_SALT']) response = client.get( url_for_endpoint_with_token('.new_password', token=token)) assert response.status_code == 302 assert response.location == url_for('.forgot_password', _external=True)
def test_valid_two_factor_email_link_logs_in_user( client, valid_token, mock_get_user, mock_get_services_with_one_service, mocker, mock_create_event, mock_get_security_keys, mock_get_login_events): mocker.patch('app.user_api_client.check_verify_code', return_value=(True, '')) response = client.get( url_for_endpoint_with_token('main.two_factor_email', token=valid_token), ) assert response.status_code == 302 assert response.location == url_for('main.show_accounts_or_dashboard', _external=True)
def test_two_factor_email_link_is_already_used(client, valid_token, mocker, mock_send_verify_code): mocker.patch('app.user_api_client.check_verify_code', return_value=(False, 'Code has expired')) response = client.get(url_for_endpoint_with_token('main.two_factor_email', token=valid_token), follow_redirects=True) page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser') assert response.status_code == 200 assert page.h1.text.strip() == 'The link has expired' mock_send_verify_code.assert_not_called
def test_should_redirect_to_forgot_password_with_flash_message_when_token_is_expired( app_, client, mock_login, mocker): mocker.patch( "app.main.views.new_password.check_token", side_effect=SignatureExpired("expired"), ) token = generate_token("*****@*****.**", app_.config["SECRET_KEY"], app_.config["DANGEROUS_SALT"]) response = client.get( url_for_endpoint_with_token(".new_password", token=token)) assert response.status_code == 302 assert response.location == url_for(".forgot_password", _external=True)
def test_should_redirect_to_user_profile_when_user_confirms_email_link( app_, logged_in_client, api_user_active, mock_update_user_attribute, ): token = generate_token(payload=json.dumps({'user_id': api_user_active['id'], 'email': '*****@*****.**'}), secret=app_.config['SECRET_KEY'], salt=app_.config['DANGEROUS_SALT']) response = logged_in_client.get(url_for_endpoint_with_token('main.user_profile_email_confirm', token=token)) assert response.status_code == 302 assert response.location == url_for('main.user_profile', _external=True)
def test_two_factor_email_link_has_expired(app_, valid_token, client, mock_send_verify_code, fake_uuid): with set_config(app_, 'EMAIL_2FA_EXPIRY_SECONDS', -1): response = client.get( url_for_endpoint_with_token('main.two_factor_email', token=valid_token), follow_redirects=True, ) assert response.status_code == 200 page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser') assert page.h1.text.strip() == 'The link has expired' mock_send_verify_code.assert_not_called
def test_should_render_new_password_template( app_, client, api_user_active, mock_login, mock_send_verify_code, mock_get_user_by_email_request_password_reset, ): data = json.dumps({'email': api_user_active['email_address'], 'created_at': str(datetime.utcnow())}) token = generate_token(data, app_.config['SECRET_KEY'], app_.config['DANGEROUS_SALT']) response = client.get(url_for_endpoint_with_token('.new_password', token=token)) assert response.status_code == 200 assert 'You can now create a new password for your account.' in response.get_data(as_text=True)
def test_should_redirect_index_if_user_has_already_changed_password( app_, client, mock_get_user_by_email_user_changed_password, mock_login, mock_send_verify_code, mock_reset_failed_login_count ): user = mock_get_user_by_email_user_changed_password.return_value data = json.dumps({'email': user['email_address'], 'created_at': str(datetime.utcnow())}) token = generate_token(data, app_.config['SECRET_KEY'], app_.config['DANGEROUS_SALT']) response = client.post(url_for_endpoint_with_token('.new_password', token=token), data={'new_password': '******'}) assert response.status_code == 302 assert response.location == url_for('.index', _external=True) mock_get_user_by_email_user_changed_password.assert_called_once_with(user['email_address'])
def test_should_redirect_to_two_factor_when_password_reset_is_successful( app_, client, mock_get_user_by_email_request_password_reset, mock_login, mock_send_verify_code, mock_reset_failed_login_count): user = mock_get_user_by_email_request_password_reset.return_value data = json.dumps({ 'email': user.email_address, 'created_at': str(datetime.utcnow()) }) token = generate_token(data, app_.config['SECRET_KEY'], app_.config['DANGEROUS_SALT']) response = client.post(url_for_endpoint_with_token('.new_password', token=token), data={'new_password': '******'}) assert response.status_code == 302 assert response.location == url_for('.two_factor', _external=True) mock_get_user_by_email_request_password_reset.assert_called_once_with( user.email_address)
def test_two_factor_email_link_is_already_used(client, valid_token, mocker, mock_send_verify_code, redirect_url): mocker.patch('app.user_api_client.check_verify_code', return_value=(False, 'Code has expired')) response = client.post(url_for_endpoint_with_token('main.two_factor_email', token=valid_token, next=redirect_url), follow_redirects=True) page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser') assert response.status_code == 200 assert page.h1.text.strip() == 'The link has expired' assert page.select_one('a:contains("Sign in again")')['href'] == url_for( 'main.sign_in', next=redirect_url) assert mock_send_verify_code.called is False
def test_two_factor_email_link_has_expired(app_, valid_token, client, mock_send_verify_code, fake_uuid, redirect_url): with set_config(app_, 'EMAIL_2FA_EXPIRY_SECONDS', -1): response = client.post( url_for_endpoint_with_token('main.two_factor_email', token=valid_token, next=redirect_url), follow_redirects=True, ) assert response.status_code == 200 page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser') assert page.h1.text.strip() == 'The link has expired' assert page.select_one('a:contains("Sign in again")')['href'] == url_for( 'main.sign_in', next=redirect_url) assert mock_send_verify_code.called is False
def test_should_render_new_password_template( app_, client, api_user_active, mock_login, mock_send_verify_code, mock_get_user_by_email_request_password_reset, ): data = json.dumps({ "email": api_user_active["email_address"], "created_at": str(datetime.utcnow()), }) token = generate_token(data, app_.config["SECRET_KEY"], app_.config["DANGEROUS_SALT"]) response = client.get( url_for_endpoint_with_token(".new_password", token=token)) assert response.status_code == 200 assert "You can now create a new password for your account." in response.get_data( as_text=True)
def test_should_redirect_to_user_profile_when_user_confirms_email_link( app_, logged_in_client, api_user_active, mock_update_user_attribute, ): token = generate_token( payload=json.dumps({ "user_id": api_user_active["id"], "email": "*****@*****.**" }), secret=app_.config["SECRET_KEY"], salt=app_.config["DANGEROUS_SALT"], ) response = logged_in_client.get( url_for_endpoint_with_token("main.user_profile_email_confirm", token=token)) assert response.status_code == 302 assert response.location == url_for("main.user_profile", _external=True)
def test_should_redirect_index_if_user_has_already_changed_password( app_, client, mock_get_user_by_email_user_changed_password, mock_login, mock_send_verify_code, mock_reset_failed_login_count, ): user = mock_get_user_by_email_user_changed_password.return_value data = json.dumps({ "email": user["email_address"], "created_at": str(datetime.utcnow()) }) token = generate_token(data, app_.config["SECRET_KEY"], app_.config["DANGEROUS_SALT"]) response = client.post( url_for_endpoint_with_token(".new_password", token=token), data={"new_password": "******"}, ) assert response.status_code == 302 assert response.location == url_for(".index", _external=True) mock_get_user_by_email_user_changed_password.assert_called_once_with( user["email_address"])
def test_should_sign_in_when_password_reset_is_successful_for_email_auth( app_, client, mock_get_user, mock_get_user_by_email_request_password_reset, mock_login, mock_send_verify_code, mock_reset_failed_login_count, mock_update_user_password, mock_get_login_events, ): user = mock_get_user_by_email_request_password_reset.return_value user["auth_type"] = "email_auth" data = json.dumps({ "email": user["email_address"], "created_at": str(datetime.utcnow()) }) token = generate_token(data, app_.config["SECRET_KEY"], app_.config["DANGEROUS_SALT"]) response = client.post( url_for_endpoint_with_token(".new_password", token=token), data={"new_password": "******"}, ) assert response.status_code == 302 assert response.location == url_for(".show_accounts_or_dashboard", _external=True) assert mock_get_user_by_email_request_password_reset.called assert mock_reset_failed_login_count.called # the log-in flow makes a couple of calls mock_get_user.assert_called_once_with(user["id"]) mock_update_user_password.assert_called_once_with(user["id"], "a-new_password") assert not mock_send_verify_code.called
def test_two_factor_email_link_used_when_user_already_logged_in( logged_in_client, valid_token, mock_get_login_events_with_data): response = logged_in_client.get( url_for_endpoint_with_token('main.two_factor_email', token=valid_token)) assert response.status_code == 200