class RegisterSerializerTestCase(TestCase): def test_ok(self): serializer_class = registration_settings.REGISTER_SERIALIZER_CLASS serializer = serializer_class(data={}) field_names = set(serializer.get_fields()) self.assertEqual( field_names, { 'id', 'username', 'first_name', 'last_name', 'email', 'password', 'password_confirm' }, ) @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_VERIFICATION, { 'REGISTER_SERIALIZER_PASSWORD_CONFIRM': False, }, ), ) def test_no_password_ok(self): serializer_class = registration_settings.REGISTER_SERIALIZER_CLASS serializer = serializer_class(data={}) field_names = set(serializer.get_fields()) self.assertEqual( field_names, {'id', 'username', 'first_name', 'last_name', 'email', 'password'}, )
class SendResetPasswordLinkViewTestCase(BaseResetPasswordViewTestCase): VIEW_NAME = 'send-reset-password-link' def test_send_link_ok(self): user = self.create_test_user(username='******') request = self.create_post_request({ 'login': user.username, }) with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self.view_func(request) self.assert_valid_response(response, status.HTTP_200_OK) sent_email = sent_emails[0] self._assert_valid_send_link_email(sent_email, user, timer) @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_RESET_PASSWORD, { 'USER_VERIFICATION_ID_FIELD': 'username', }, ), ) def test_send_link_with_username_as_verification_id_ok(self): user = self.create_test_user(username='******') request = self.create_post_request({ 'login': user.username, }) with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self.view_func(request) self.assert_valid_response(response, status.HTTP_200_OK) sent_email = sent_emails[0] verification_data = self._assert_valid_verification_email( sent_email, user) self.assertEqual(verification_data['user_id'], user.username) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, timer.start_time) self.assertLessEqual(url_sig_timestamp, timer.end_time) signer = ResetPasswordSigner(verification_data) signer.verify() def test_send_link_but_email_not_in_login_fields(self): user = self.create_test_user(username='******', email='*****@*****.**') request = self.create_post_request({ 'login': user.email, }) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_valid_response(response, status.HTTP_404_NOT_FOUND) @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_RESET_PASSWORD, { 'USER_LOGIN_FIELDS': ['username', 'email'], }), ) def test_send_link_via_login_username_ok(self): user = self.create_test_user(username='******') request = self.create_post_request({ 'login': user.username, }) with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self.view_func(request) self.assert_valid_response(response, status.HTTP_200_OK) sent_email = sent_emails[0] self._assert_valid_send_link_email(sent_email, user, timer) @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_RESET_PASSWORD, { 'USER_LOGIN_FIELDS': ['username', 'email'], }), ) def test_send_link_via_login_email_ok(self): user = self.create_test_user(username='******', email='*****@*****.**') request = self.create_post_request({ 'login': user.email, }) with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self.view_func(request) self.assert_valid_response(response, status.HTTP_200_OK) sent_email = sent_emails[0] self._assert_valid_send_link_email(sent_email, user, timer) @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_RESET_PASSWORD, { 'USER_LOGIN_FIELDS': ['username', 'email'], 'SEND_RESET_PASSWORD_LINK_SERIALIZER_USE_EMAIL': True, }), ) def test_send_link_via_email_ok(self): user = self.create_test_user(username='******', email='*****@*****.**') request = self.create_post_request({ 'email': user.email, }) with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self.view_func(request) self.assert_valid_response(response, status.HTTP_200_OK) sent_email = sent_emails[0] self._assert_valid_send_link_email(sent_email, user, timer) @skip("TODO: Issue #35") def test_send_link_disabled_user(self): pass def test_send_link_unverified_user(self): user = self.create_test_user(username='******', is_active=False) request = self.create_post_request({ 'login': user.username, }) with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self.view_func(request) self.assert_valid_response(response, status.HTTP_200_OK) sent_email = sent_emails[0] self._assert_valid_send_link_email(sent_email, user, timer) @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_RESET_PASSWORD, { 'RESET_PASSWORD_VERIFICATION_ONE_TIME_USE': True, }), ) def test_send_link_unverified_user_one_time_use(self): user = self.create_test_user(username='******', is_active=False) request = self.create_post_request({ 'login': user.username, }) with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self.view_func(request) self.assert_valid_response(response, status.HTTP_200_OK) sent_email = sent_emails[0] self._assert_valid_send_link_email(sent_email, user, timer) @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_RESET_PASSWORD, { 'RESET_PASSWORD_VERIFICATION_ENABLED': False, }), ) def test_reset_password_disabled(self): user = self.create_test_user(username='******') request = self.create_post_request({ 'login': user.username, }) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_response_is_not_found(response) @override_settings( TEMPLATES=(), REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_RESET_PASSWORD, { 'RESET_PASSWORD_VERIFICATION_ENABLED': False, }), ) def test_no_templates_reset_password_disabled(self): user = self.create_test_user(username='******') request = self.create_post_request({ 'login': user.username, }) with self.capture_sent_emails() as sent_emails: response = self.view_func(request) self.assert_len_equals(sent_emails, 0) self.assert_response_is_not_found(response) def test_send_link_invalid_login(self): user = self.create_test_user(username='******') request = self.create_post_request({ 'login': user.username + 'b', }) with self.assert_mails_sent(0): response = self.view_func(request) self.assert_response_is_not_found(response) def _assert_valid_send_link_email(self, sent_email, user, timer): verification_data = self._assert_valid_verification_email( sent_email, user) self._assert_valid_verification_data(verification_data, user, timer) def _assert_valid_verification_email(self, sent_email, user): self.assertEqual( sent_email.from_email, REST_REGISTRATION_WITH_RESET_PASSWORD['VERIFICATION_FROM_EMAIL'], ) self.assertListEqual(sent_email.to, [user.email]) url = self.assert_one_url_line_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=RESET_PASSWORD_VERIFICATION_URL, expected_fields={'signature', 'user_id', 'timestamp'}, ) return verification_data def _assert_valid_verification_data(self, verification_data, user, timer): self.assertEqual(int(verification_data['user_id']), user.id) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, timer.start_time) self.assertLessEqual(url_sig_timestamp, timer.end_time) signer = ResetPasswordSigner(verification_data) signer.verify()
class ResetPasswordViewTestCase(BaseResetPasswordViewTestCase): VIEW_NAME = 'reset-password' def test_reset_ok(self): old_password = '******' new_password = '******' user = self.create_test_user(password=old_password) signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_password request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_ok(response) user.refresh_from_db() self.assertTrue(user.check_password(new_password)) @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_RESET_PASSWORD, { 'USER_VERIFICATION_ID_FIELD': 'username', }, ), ) def test_reset_with_username_as_verification_id_ok(self): old_password = '******' new_password = '******' user = self.create_test_user(password=old_password) signer = ResetPasswordSigner({'user_id': user.username}) data = signer.get_signed_data() data['password'] = new_password request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_ok(response) user.refresh_from_db() self.assertTrue(user.check_password(new_password)) def test_reset_twice_ok(self): old_password = '******' new_first_password = '******' new_second_password = '******' user = self.create_test_user(password=old_password) signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_first_password request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_ok(response) user.refresh_from_db() self.assertTrue(user.check_password(new_first_password)) data['password'] = new_second_password request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_ok(response) user.refresh_from_db() self.assertTrue(user.check_password(new_second_password)) @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_RESET_PASSWORD, { 'RESET_PASSWORD_VERIFICATION_ONE_TIME_USE': True, }), ) def test_one_time_reset_twice_fail(self): old_password = '******' new_first_password = '******' new_second_password = '******' user = self.create_test_user(password=old_password) signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_first_password request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_ok(response) user.refresh_from_db() self.assertTrue(user.check_password(new_first_password)) data['password'] = new_second_password request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_bad_request(response) user.refresh_from_db() self.assertTrue(user.check_password(new_first_password)) @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_RESET_PASSWORD, { 'RESET_PASSWORD_VERIFICATION_ENABLED': False, }), ) def test_reset_password_disabled(self): old_password = '******' new_password = '******' user = self.create_test_user(password=old_password) signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_password request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_not_found(response) user.refresh_from_db() self.assertTrue(user.check_password(old_password)) @skip("TODO: Issue #35") def test_reset_disabled_user(self): pass def test_reset_unverified_user(self): old_password = '******' new_password = '******' user = self.create_test_user(password=old_password, is_active=False) signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_password request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_ok(response) user.refresh_from_db() self.assertTrue(user.check_password(new_password)) def test_reset_short_password(self): old_password = '******' new_password = '******' user = self.create_test_user(password=old_password) signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_password request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_bad_request(response) user.refresh_from_db() self.assertTrue(user.check_password(old_password)) def test_reset_numeric_password(self): old_password = '******' new_password = '******' user = self.create_test_user(password=old_password) signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_password request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_bad_request(response) user.refresh_from_db() self.assertTrue(user.check_password(old_password)) def test_reset_password_same_as_username(self): username = '******' old_password = '******' new_password = username user = self.create_test_user(username=username, password=old_password) signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_password request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_bad_request(response) user.refresh_from_db() self.assertTrue(user.check_password(old_password)) def test_reset_tampered_timestamp(self): old_password = '******' new_password = '******' user = self.create_test_user(password=old_password) signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['timestamp'] += 1 data['password'] = new_password request = self.create_post_request(data) response = self.view_func(request) self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST) user.refresh_from_db() self.assertTrue(user.check_password(old_password)) def test_reset_expired(self): timestamp = int(time.time()) old_password = '******' new_password = '******' user = self.create_test_user(password=old_password) with patch('time.time', side_effect=lambda: timestamp): signer = ResetPasswordSigner({'user_id': user.pk}) data = signer.get_signed_data() data['password'] = new_password request = self.create_post_request(data) with patch('time.time', side_effect=lambda: timestamp + 3600 * 24 * 8): response = self.view_func(request) self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST) user.refresh_from_db() self.assertTrue(user.check_password(old_password))
class SendResetPasswordLinkViewTestCase(BaseResetPasswordViewTestCase): VIEW_NAME = 'send-reset-password-link' def test_send_link_ok(self): user = self.create_test_user(username='******') request = self.create_post_request({ 'login': user.username, }) time_before = math.floor(time.time()) with self.assert_one_mail_sent() as sent_emails: response = self.view_func(request) time_after = math.ceil(time.time()) self.assert_valid_response(response, status.HTTP_200_OK) sent_email = sent_emails[0] self._assert_valid_send_link_email(sent_email, user, time_before, time_after) @skip("TODO: Issue #35") def test_send_link_disabled_user(self): pass def test_send_link_unverified_user(self): user = self.create_test_user(username='******', is_active=False) request = self.create_post_request({ 'login': user.username, }) time_before = math.floor(time.time()) with self.assert_one_mail_sent() as sent_emails: response = self.view_func(request) time_after = math.ceil(time.time()) self.assert_valid_response(response, status.HTTP_200_OK) sent_email = sent_emails[0] self._assert_valid_send_link_email(sent_email, user, time_before, time_after) @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_RESET_PASSWORD, { 'RESET_PASSWORD_VERIFICATION_ENABLED': False, }), ) def test_reset_password_disabled(self): user = self.create_test_user(username='******') request = self.create_post_request({ 'login': user.username, }) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_response_is_not_found(response) def test_send_link_invalid_login(self): user = self.create_test_user(username='******') request = self.create_post_request({ 'login': user.username + 'b', }) with self.assert_mails_sent(0): response = self.view_func(request) self.assert_response_is_not_found(response) def _assert_valid_send_link_email(self, sent_email, user, time_before, time_after): self.assertEqual( sent_email.from_email, REST_REGISTRATION_WITH_RESET_PASSWORD['VERIFICATION_FROM_EMAIL'], ) self.assertListEqual(sent_email.to, [user.email]) url = self.assert_one_url_line_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=RESET_PASSWORD_VERIFICATION_URL, expected_fields={'signature', 'user_id', 'timestamp'}, ) self.assertEqual(int(verification_data['user_id']), user.id) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, time_before) self.assertLessEqual(url_sig_timestamp, time_after) signer = ResetPasswordSigner(verification_data) signer.verify()
class VerifyRegistrationViewTestCase(APIViewTestCase): VIEW_NAME = 'verify-registration' def prepare_user(self): user = self.create_test_user(is_active=False) self.assertFalse(user.is_active) return user def prepare_request(self, user, session=False, data_to_sign=None): if data_to_sign is None: data_to_sign = {'user_id': user.pk} signer = RegisterSigner(data_to_sign) data = signer.get_signed_data() request = self.create_post_request(data) if session: self.add_session_to_request(request) return request def prepare_user_and_request(self, session=False): user = self.prepare_user() request = self.prepare_request(user, session=session) return user, request @override_settings(REST_REGISTRATION=REST_REGISTRATION_WITH_VERIFICATION) def test_verify_ok(self): user, request = self.prepare_user_and_request() response = self.view_func(request) self.assert_valid_response(response, status.HTTP_200_OK) user.refresh_from_db() self.assertTrue(user.is_active) @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_VERIFICATION, { 'USER_VERIFICATION_ID_FIELD': 'username', }, ), ) def test_verify_with_username_as_verification_id_ok(self): user = self.prepare_user() request = self.prepare_request(user, data_to_sign={'user_id': user.username}) response = self.view_func(request) self.assert_valid_response(response, status.HTTP_200_OK) user.refresh_from_db() self.assertTrue(user.is_active) @override_settings(REST_REGISTRATION=REST_REGISTRATION_WITH_VERIFICATION) def test_verify_ok_idempotent(self): user = self.prepare_user() request1 = self.prepare_request(user) request2 = self.prepare_request(user) self.view_func(request1) response = self.view_func(request2) self.assert_valid_response(response, status.HTTP_200_OK) user.refresh_from_db() self.assertTrue(user.is_active) @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_VERIFICATION, { 'REGISTER_VERIFICATION_ONE_TIME_USE': True, }, ), ) def test_verify_one_time_use(self): user = self.prepare_user() request1 = self.prepare_request(user) request2 = self.prepare_request(user) self.view_func(request1) response = self.view_func(request2) self.assert_valid_response(response, status.HTTP_400_BAD_REQUEST) user.refresh_from_db() self.assertTrue(user.is_active) @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_VERIFICATION, { 'REGISTER_VERIFICATION_AUTO_LOGIN': True, }, ), ) def test_verify_ok_login(self): with patch('django.contrib.auth.login') as login_mock: user, request = self.prepare_user_and_request() response = self.view_func(request) login_mock.assert_called_once_with(mock.ANY, user) self.assert_valid_response(response, status.HTTP_200_OK) user.refresh_from_db() self.assertTrue(user.is_active) @override_settings(REST_REGISTRATION=REST_REGISTRATION_WITH_VERIFICATION) def test_verify_tampered_timestamp(self): user = self.create_test_user(is_active=False) self.assertFalse(user.is_active) signer = RegisterSigner({'user_id': user.pk}) data = signer.get_signed_data() data['timestamp'] += 1 request = self.create_post_request(data) response = self.view_func(request) self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST) user.refresh_from_db() self.assertFalse(user.is_active) @override_settings(REST_REGISTRATION=REST_REGISTRATION_WITH_VERIFICATION) def test_verify_expired(self): timestamp = int(time.time()) user = self.create_test_user(is_active=False) self.assertFalse(user.is_active) with patch('time.time', side_effect=lambda: timestamp): signer = RegisterSigner({'user_id': user.pk}) data = signer.get_signed_data() request = self.create_post_request(data) with patch('time.time', side_effect=lambda: timestamp + 3600 * 24 * 8): response = self.view_func(request) self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST) user.refresh_from_db() self.assertFalse(user.is_active) @override_settings( REST_REGISTRATION={ 'REGISTER_VERIFICATION_ENABLED': False, 'REGISTER_VERIFICATION_URL': REGISTER_VERIFICATION_URL, }) def test_verify_disabled(self): user, request = self.prepare_user_and_request() response = self.view_func(request) self.assert_invalid_response(response, status.HTTP_404_NOT_FOUND) user.refresh_from_db() self.assertFalse(user.is_active)
class RegisterViewTestCase(APIViewTestCase): VIEW_NAME = 'register' def test_register_ok(self): data = self._get_register_user_data(password='******') request = self.create_post_request(data) with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self.view_func(request) self.assert_valid_response(response, status.HTTP_201_CREATED) user_id = response.data['id'] # Check database state. user = self.user_class.objects.get(id=user_id) self.assertEqual(user.username, data['username']) self.assertTrue(user.check_password(data['password'])) self.assertFalse(user.is_active) # Check verification e-mail. sent_email = sent_emails[0] self.assertEqual(sent_email.from_email, VERIFICATION_FROM_EMAIL) self.assertListEqual(sent_email.to, [data['email']]) url = self.assert_one_url_line_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=REGISTER_VERIFICATION_URL, expected_fields={'signature', 'user_id', 'timestamp'}, ) url_user_id = int(verification_data['user_id']) self.assertEqual(url_user_id, user_id) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, timer.start_time) self.assertLessEqual(url_sig_timestamp, timer.end_time) signer = RegisterSigner(verification_data) signer.verify() @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_VERIFICATION, { 'USER_VERIFICATION_ID_FIELD': 'username', }, ), ) def test_register_with_username_as_verification_id_ok(self): # Using username is not recommended if it can change for a given user. data = self._get_register_user_data(password='******') request = self.create_post_request(data) with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self.view_func(request) self.assert_valid_response(response, status.HTTP_201_CREATED) user_id = response.data['id'] # Check database state. user = self.user_class.objects.get(id=user_id) self.assertEqual(user.username, data['username']) self.assertTrue(user.check_password(data['password'])) self.assertFalse(user.is_active) # Check verification e-mail. sent_email = sent_emails[0] self.assertEqual(sent_email.from_email, VERIFICATION_FROM_EMAIL) self.assertListEqual(sent_email.to, [data['email']]) url = self.assert_one_url_line_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=REGISTER_VERIFICATION_URL, expected_fields={'signature', 'user_id', 'timestamp'}, ) user_verification_id = verification_data['user_id'] self.assertEqual(user_verification_id, user.username) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, timer.start_time) self.assertLessEqual(url_sig_timestamp, timer.end_time) signer = RegisterSigner(verification_data) signer.verify() @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_VERIFICATION, { 'VERIFICATION_URL_BUILDER': build_custom_verification_url, }, ), ) def test_register_with_custom_verification_url_ok(self): data = self._get_register_user_data(password='******') request = self.create_post_request(data) with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self.view_func(request) self.assert_valid_response(response, status.HTTP_201_CREATED) user_id = response.data['id'] # Check database state. user = self.user_class.objects.get(id=user_id) self.assertEqual(user.username, data['username']) self.assertTrue(user.check_password(data['password'])) self.assertFalse(user.is_active) # Check verification e-mail. sent_email = sent_emails[0] self.assertEqual(sent_email.from_email, VERIFICATION_FROM_EMAIL) self.assertListEqual(sent_email.to, [data['email']]) url = self.assert_one_url_line_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=REGISTER_VERIFICATION_URL, expected_fields=['user_id', 'signature', 'timestamp'], url_parser=parse_custom_verification_url, ) url_user_id = int(verification_data['user_id']) self.assertEqual(url_user_id, user_id) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, timer.start_time) self.assertLessEqual(url_sig_timestamp, timer.end_time) signer = RegisterSigner(verification_data) signer.verify() @override_settings( REST_REGISTRATION=REST_REGISTRATION_WITH_HTML_EMAIL_VERIFICATION, ) def test_register_with_html_email_ok(self): data = self._get_register_user_data(password='******') request = self.create_post_request(data) with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self.view_func(request) self.assert_valid_response(response, status.HTTP_201_CREATED) user_id = response.data['id'] # Check database state. user = self.user_class.objects.get(id=user_id) self.assertEqual(user.username, data['username']) self.assertTrue(user.check_password(data['password'])) self.assertFalse(user.is_active) # Check verification e-mail. sent_email = sent_emails[0] self.assertEqual(sent_email.from_email, VERIFICATION_FROM_EMAIL) self.assertListEqual(sent_email.to, [data['email']]) url = self.assert_one_url_in_brackets_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=REGISTER_VERIFICATION_URL, expected_fields={'signature', 'user_id', 'timestamp'}, ) url_user_id = int(verification_data['user_id']) self.assertEqual(url_user_id, user_id) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, timer.start_time) self.assertLessEqual(url_sig_timestamp, timer.end_time) signer = RegisterSigner(verification_data) signer.verify() @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_VERIFICATION, { 'REGISTER_SERIALIZER_PASSWORD_CONFIRM': False, }, ), ) def test_register_no_password_confirm_ok(self): data = self._get_register_user_data(password='******') data.pop('password_confirm') request = self.create_post_request(data) with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self.view_func(request) self.assert_valid_response(response, status.HTTP_201_CREATED) user_id = response.data['id'] # Check database state. user = self.user_class.objects.get(id=user_id) self.assertEqual(user.username, data['username']) self.assertTrue(user.check_password(data['password'])) self.assertFalse(user.is_active) # Check verification e-mail. sent_email = sent_emails[0] self.assertEqual(sent_email.from_email, VERIFICATION_FROM_EMAIL) self.assertListEqual(sent_email.to, [data['email']]) url = self.assert_one_url_line_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=REGISTER_VERIFICATION_URL, expected_fields={'signature', 'user_id', 'timestamp'}, ) url_user_id = int(verification_data['user_id']) self.assertEqual(url_user_id, user_id) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, timer.start_time) self.assertLessEqual(url_sig_timestamp, timer.end_time) signer = RegisterSigner(verification_data) signer.verify() def test_register_same_username(self): self.create_test_user(username='******') data = self._get_register_user_data(username='******', password='******') request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST) @override_settings( REST_REGISTRATION=REST_REGISTRATION_WITHOUT_VERIFICATION, ) def test_register_without_verification_ok(self): data = self._get_register_user_data(password='******') request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_valid_response(response, status.HTTP_201_CREATED) user_id = response.data['id'] user = self.user_class.objects.get(id=user_id) self.assertEqual(user.username, data['username']) self.assertTrue(user.check_password(data['password'])) self.assertTrue(user.is_active) @override_settings( TEMPLATES=(), REST_REGISTRATION=REST_REGISTRATION_WITHOUT_VERIFICATION, ) def test_no_templates_without_verification_ok(self): data = self._get_register_user_data(password='******') request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_valid_response(response, status.HTTP_201_CREATED) user_id = response.data['id'] user = self.user_class.objects.get(id=user_id) self.assertEqual(user.username, data['username']) self.assertTrue(user.check_password(data['password'])) self.assertTrue(user.is_active) def test_register_missing_email(self): data = self._get_register_user_data(password='******') del data['email'] request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST) def test_register_empty_email(self): data = self._get_register_user_data(password='******', email='') request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_response_is_bad_request(response) def test_register_short_password(self): data = self._get_register_user_data(password='******') request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_response_is_bad_request(response) def test_register_password_numeric(self): data = self._get_register_user_data(password='******') request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_response_is_bad_request(response) def test_register_password_same_as_username(self): username = '******' data = self._get_register_user_data(username=username, password=username) request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_response_is_bad_request(response) def test_register_not_matching_password(self): data = self._get_register_user_data(password='******', password_confirm='testpassword2') request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_response_is_bad_request(response) @override_settings( EMAIL_BACKEND='tests.api.test_register.FailureEmailBackend', ) def test_when_notification_failure_then_user_not_created(self): data = self._get_register_user_data(password='******') request = self.create_post_request(data) user_ids_before = {u.pk for u in self.user_class.objects.all()} with self.capture_sent_emails() as sent_emails, \ pytest.raises(ConnectionRefusedError): self.view_func(request) self.assert_len_equals(sent_emails, 0) user_ids_after = {u.pk for u in self.user_class.objects.all()} self.assertSetEqual(user_ids_after, user_ids_before) def _get_register_user_data(self, password, password_confirm=None, **options): username = '******' email = '*****@*****.**' if password_confirm is None: password_confirm = password data = { 'username': username, 'password': password, 'password_confirm': password_confirm, 'email': email, } data.update(options) return data
class RegisterViewTestCase(APIViewTestCase): VIEW_NAME = 'register' def test_register_ok(self): data = self._get_register_user_data(password='******') request = self.create_post_request(data) time_before = math.floor(time.time()) with self.assert_one_mail_sent() as sent_emails: response = self.view_func(request) time_after = math.ceil(time.time()) self.assert_valid_response(response, status.HTTP_201_CREATED) user_id = response.data['id'] # Check database state. user = self.user_class.objects.get(id=user_id) self.assertEqual(user.username, data['username']) self.assertTrue(user.check_password(data['password'])) self.assertFalse(user.is_active) # Check verification e-mail. sent_email = sent_emails[0] self.assertEqual(sent_email.from_email, VERIFICATION_FROM_EMAIL) self.assertListEqual(sent_email.to, [data['email']]) url = self.assert_one_url_line_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=REGISTER_VERIFICATION_URL, expected_fields={'signature', 'user_id', 'timestamp'}, ) url_user_id = int(verification_data['user_id']) self.assertEqual(url_user_id, user_id) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, time_before) self.assertLessEqual(url_sig_timestamp, time_after) signer = RegisterSigner(verification_data) signer.verify() @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_VERIFICATION, { 'VERIFICATION_URL_BUILDER': build_custom_verification_url, }, ), ) def test_register_with_custom_verification_url_ok(self): data = self._get_register_user_data(password='******') request = self.create_post_request(data) time_before = math.floor(time.time()) with self.assert_one_mail_sent() as sent_emails: response = self.view_func(request) time_after = math.ceil(time.time()) self.assert_valid_response(response, status.HTTP_201_CREATED) user_id = response.data['id'] # Check database state. user = self.user_class.objects.get(id=user_id) self.assertEqual(user.username, data['username']) self.assertTrue(user.check_password(data['password'])) self.assertFalse(user.is_active) # Check verification e-mail. sent_email = sent_emails[0] self.assertEqual(sent_email.from_email, VERIFICATION_FROM_EMAIL) self.assertListEqual(sent_email.to, [data['email']]) url = self.assert_one_url_line_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=REGISTER_VERIFICATION_URL, expected_fields=['user_id', 'signature', 'timestamp'], url_parser=parse_custom_verification_url, ) url_user_id = int(verification_data['user_id']) self.assertEqual(url_user_id, user_id) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, time_before) self.assertLessEqual(url_sig_timestamp, time_after) signer = RegisterSigner(verification_data) signer.verify() @override_settings( REST_REGISTRATION=REST_REGISTRATION_WITH_HTML_EMAIL_VERIFICATION, ) def test_register_with_html_email_ok(self): data = self._get_register_user_data(password='******') request = self.create_post_request(data) time_before = math.floor(time.time()) with self.assert_one_mail_sent() as sent_emails: response = self.view_func(request) time_after = math.ceil(time.time()) self.assert_valid_response(response, status.HTTP_201_CREATED) user_id = response.data['id'] # Check database state. user = self.user_class.objects.get(id=user_id) self.assertEqual(user.username, data['username']) self.assertTrue(user.check_password(data['password'])) self.assertFalse(user.is_active) # Check verification e-mail. sent_email = sent_emails[0] self.assertEqual(sent_email.from_email, VERIFICATION_FROM_EMAIL) self.assertListEqual(sent_email.to, [data['email']]) url = self.assert_one_url_in_brackets_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=REGISTER_VERIFICATION_URL, expected_fields={'signature', 'user_id', 'timestamp'}, ) url_user_id = int(verification_data['user_id']) self.assertEqual(url_user_id, user_id) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, time_before) self.assertLessEqual(url_sig_timestamp, time_after) signer = RegisterSigner(verification_data) signer.verify() @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_VERIFICATION, { 'REGISTER_SERIALIZER_PASSWORD_CONFIRM': False, }, ), ) def test_register_no_password_confirm_ok(self): data = self._get_register_user_data(password='******') data.pop('password_confirm') request = self.create_post_request(data) time_before = math.floor(time.time()) with self.assert_one_mail_sent() as sent_emails: response = self.view_func(request) self.assert_valid_response(response, status.HTTP_201_CREATED) time_after = math.ceil(time.time()) user_id = response.data['id'] # Check database state. user = self.user_class.objects.get(id=user_id) self.assertEqual(user.username, data['username']) self.assertTrue(user.check_password(data['password'])) self.assertFalse(user.is_active) # Check verification e-mail. sent_email = sent_emails[0] self.assertEqual(sent_email.from_email, VERIFICATION_FROM_EMAIL) self.assertListEqual(sent_email.to, [data['email']]) url = self.assert_one_url_line_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=REGISTER_VERIFICATION_URL, expected_fields={'signature', 'user_id', 'timestamp'}, ) url_user_id = int(verification_data['user_id']) self.assertEqual(url_user_id, user_id) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, time_before) self.assertLessEqual(url_sig_timestamp, time_after) signer = RegisterSigner(verification_data) signer.verify() def test_register_same_username(self): self.create_test_user(username='******') data = self._get_register_user_data(username='******', password='******') request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST) @override_settings( REST_REGISTRATION=REST_REGISTRATION_WITHOUT_VERIFICATION, ) def test_register_without_verification_ok(self): data = self._get_register_user_data(password='******') request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_valid_response(response, status.HTTP_201_CREATED) user_id = response.data['id'] user = self.user_class.objects.get(id=user_id) self.assertEqual(user.username, data['username']) self.assertTrue(user.check_password(data['password'])) self.assertTrue(user.is_active) def test_register_missing_email(self): data = self._get_register_user_data(password='******') del data['email'] request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST) def test_register_empty_email(self): data = self._get_register_user_data(password='******', email='') request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_response_is_bad_request(response) def test_register_short_password(self): data = self._get_register_user_data(password='******') request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_response_is_bad_request(response) def test_register_password_numeric(self): data = self._get_register_user_data(password='******') request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_response_is_bad_request(response) def test_register_password_same_as_username(self): username = '******' data = self._get_register_user_data(username=username, password=username) request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_response_is_bad_request(response) def test_register_not_matching_password(self): data = self._get_register_user_data(password='******', password_confirm='testpassword2') request = self.create_post_request(data) with self.assert_no_mail_sent(): response = self.view_func(request) self.assert_response_is_bad_request(response) def _get_register_user_data(self, password, password_confirm=None, **options): username = '******' email = '*****@*****.**' if password_confirm is None: password_confirm = password data = { 'username': username, 'password': password, 'password_confirm': password_confirm, 'email': email, } data.update(options) return data
class VerifyEmailViewTestCase(BaseRegisterEmailViewTestCase): VIEW_NAME = 'verify-email' @override_settings( REST_REGISTRATION=REST_REGISTRATION_WITH_EMAIL_VERIFICATION, ) def test_ok(self): self.setup_user() signer = RegisterEmailSigner({ 'user_id': self.user.pk, 'email': self.new_email, }) data = signer.get_signed_data() request = self.create_post_request(data) response = self.view_func(request) self.assert_valid_response(response, status.HTTP_200_OK) self.user.refresh_from_db() self.assertEqual(self.user.email, self.new_email) @override_settings( REST_REGISTRATION=REST_REGISTRATION_WITH_EMAIL_VERIFICATION, ) def test_new_email_already_in_use_ok(self): self.setup_user() self.setup_user2_with_user_new_email() signer = self.build_signer() request = self.create_post_request(signer.get_signed_data()) response = self.view_func(request) self.assert_response_is_ok(response) self.assert_user_email_changed() @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_EMAIL_VERIFICATION, { 'USER_VERIFICATION_ID_FIELD': 'username', }, ), ) def test_with_username_as_verification_id_ok(self): self.setup_user() signer = RegisterEmailSigner({ 'user_id': self.user.username, 'email': self.new_email, }) data = signer.get_signed_data() request = self.create_post_request(data) response = self.view_func(request) self.assert_valid_response(response, status.HTTP_200_OK) self.user.refresh_from_db() self.assertEqual(self.user.email, self.new_email) @override_settings(REST_REGISTRATION={ 'REGISTER_EMAIL_VERIFICATION_URL': REGISTER_EMAIL_VERIFICATION_URL, }) def test_inactive_user(self): self.setup_user() old_email = self.user.email self.user.is_active = False self.user.save() signer = RegisterEmailSigner({ 'user_id': self.user.pk, 'email': self.new_email, }) data = signer.get_signed_data() request = self.create_post_request(data) response = self.view_func(request) self.assert_response_is_not_found(response) self.user.refresh_from_db() self.assertEqual(self.user.email, old_email) @override_settings(REST_REGISTRATION={ 'REGISTER_EMAIL_VERIFICATION_ENABLED': False, }) def test_noverify_not_found(self): self.setup_user() signer = RegisterEmailSigner( { 'user_id': self.user.pk, 'email': self.new_email, }, strict=False) data = signer.get_signed_data() request = self.create_post_request(data) response = self.view_func(request) self.assert_invalid_response(response, status.HTTP_404_NOT_FOUND) self.user.refresh_from_db() self.assertEqual(self.user.email, self.email) @override_settings(REST_REGISTRATION={ 'REGISTER_EMAIL_VERIFICATION_URL': REGISTER_EMAIL_VERIFICATION_URL, }) def test_tampered_timestamp(self): self.setup_user() signer = RegisterEmailSigner({ 'user_id': self.user.pk, 'email': self.new_email, }) data = signer.get_signed_data() data['timestamp'] += 1 request = self.create_post_request(data) response = self.view_func(request) self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST) self.user.refresh_from_db() self.assertEqual(self.user.email, self.email) @override_settings(REST_REGISTRATION={ 'REGISTER_EMAIL_VERIFICATION_URL': REGISTER_EMAIL_VERIFICATION_URL, }) def test_tampered_email(self): self.setup_user() signer = RegisterEmailSigner({ 'user_id': self.user.pk, 'email': self.new_email, }) data = signer.get_signed_data() data['email'] = 'p' + data['email'] request = self.create_post_request(data) response = self.view_func(request) self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST) self.user.refresh_from_db() self.assertEqual(self.user.email, self.email) @override_settings(REST_REGISTRATION={ 'REGISTER_EMAIL_VERIFICATION_URL': REGISTER_EMAIL_VERIFICATION_URL, }) def test_expired(self): self.setup_user() timestamp = time.time() with patch('time.time', side_effect=lambda: timestamp): signer = RegisterEmailSigner({ 'user_id': self.user.pk, 'email': self.new_email, }) data = signer.get_signed_data() request = self.create_post_request(data) with patch('time.time', side_effect=lambda: timestamp + 3600 * 24 * 8): response = self.view_func(request) self.assert_invalid_response(response, status.HTTP_400_BAD_REQUEST) self.user.refresh_from_db() self.assertEqual(self.user.email, self.email) @override_settings( AUTH_USER_MODEL='custom_users.UserWithUniqueEmail', REST_REGISTRATION=REST_REGISTRATION_WITH_EMAIL_VERIFICATION, ) def test_user_with_unique_email_user_email_already_exists(self): self.setup_user() self.setup_user2_with_user_new_email() signer = self.build_signer() request = self.create_post_request(signer.get_signed_data()) response = self.view_func(request) self.assert_response_is_bad_request(response) self.assert_user_email_not_changed()
class RegisterEmailViewTestCase(BaseRegisterEmailViewTestCase): VIEW_NAME = 'register-email' def _test_authenticated(self, data): request = self.create_authenticated_post_request(data) response = self.view_func(request) return response @override_settings( REST_REGISTRATION=REST_REGISTRATION_WITH_EMAIL_VERIFICATION, ) def test_ok(self): self.setup_user() data = { 'email': self.new_email, } with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self._test_authenticated(data) self.assert_valid_response(response, status.HTTP_200_OK) # Check database state. self.user.refresh_from_db() self.assertEqual(self.user.email, self.email) # Check verification e-mail. sent_email = sent_emails[0] self.assertEqual( sent_email.from_email, REST_REGISTRATION_WITH_EMAIL_VERIFICATION[ 'VERIFICATION_FROM_EMAIL'], # noqa: E501 ) self.assertListEqual(sent_email.to, [self.new_email]) url = self.assert_one_url_line_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=REGISTER_EMAIL_VERIFICATION_URL, expected_fields={'signature', 'user_id', 'timestamp', 'email'}, ) self.assertEqual(verification_data['email'], self.new_email) self.assertEqual(int(verification_data['user_id']), self.user.id) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, timer.start_time) self.assertLessEqual(url_sig_timestamp, timer.end_time) signer = RegisterEmailSigner(verification_data) signer.verify() @override_settings( REST_REGISTRATION=REST_REGISTRATION_WITH_EMAIL_VERIFICATION, ) def test_email_already_in_use_ok(self): self.setup_user() self.setup_user2_with_user_new_email() request = self.create_authenticated_post_request({ 'email': self.new_email, }) with self.capture_sent_emails() as sent_emails, self.timer() as timer: response = self.view_func(request) self.assert_response_is_ok(response) self.assert_user_email_not_changed() self.assert_valid_verification_email_sent(sent_emails, timer=timer) @override_settings( AUTH_USER_MODEL='custom_users.UserWithUniqueEmail', REST_REGISTRATION=REST_REGISTRATION_WITH_EMAIL_VERIFICATION, ) def test_user_with_unique_email_ok_but_notification_already_exists(self): self.setup_user() self.setup_user2_with_user_new_email() request = self.create_authenticated_post_request({ 'email': self.new_email, }) with self.capture_sent_emails() as sent_emails: response = self.view_func(request) self.assert_response_is_ok(response) self.assert_user_email_not_changed() self.assert_notification_already_exists_sent(sent_emails) @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_EMAIL_VERIFICATION, { 'USER_VERIFICATION_ID_FIELD': 'username', }, ), ) def test_with_username_as_verification_id_ok(self): self.setup_user() data = { 'email': self.new_email, } with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self._test_authenticated(data) self.assert_valid_response(response, status.HTTP_200_OK) # Check database state. self.user.refresh_from_db() self.assertEqual(self.user.email, self.email) # Check verification e-mail. sent_email = sent_emails[0] self.assertEqual( sent_email.from_email, REST_REGISTRATION_WITH_EMAIL_VERIFICATION[ 'VERIFICATION_FROM_EMAIL'], # noqa: E501 ) self.assertListEqual(sent_email.to, [self.new_email]) url = self.assert_one_url_line_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=REGISTER_EMAIL_VERIFICATION_URL, expected_fields={'signature', 'user_id', 'timestamp', 'email'}, ) self.assertEqual(verification_data['email'], self.new_email) self.assertEqual(verification_data['user_id'], self.user.username) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, timer.start_time) self.assertLessEqual(url_sig_timestamp, timer.end_time) signer = RegisterEmailSigner(verification_data) signer.verify() @override_settings( REST_REGISTRATION={'REGISTER_EMAIL_VERIFICATION_ENABLED': False}) def test_noverify_ok(self): self.setup_user() data = { 'email': self.new_email, } with self.assert_no_mail_sent(): response = self._test_authenticated(data) self.assert_valid_response(response, status.HTTP_200_OK) self.user.refresh_from_db() self.assertEqual(self.user.email, self.new_email) @override_settings( TEMPLATES=(), REST_REGISTRATION={'REGISTER_EMAIL_VERIFICATION_ENABLED': False}) def test_no_templates_without_verification_ok(self): self.setup_user() with self.capture_sent_emails() as sent_emails: response = self._test_authenticated({ 'email': self.new_email, }) self.assert_response_is_ok(response) self.assert_len_equals(sent_emails, 0) self.assert_user_email_changed()
class RegisterEmailViewTestCase(BaseRegisterEmailViewTestCase): VIEW_NAME = 'register-email' def _test_authenticated(self, data): request = self.create_post_request(data) force_authenticate(request, user=self.user) response = self.view_func(request) return response @override_settings( REST_REGISTRATION=REST_REGISTRATION_WITH_EMAIL_VERIFICATION, ) def test_ok(self): data = { 'email': self.new_email, } with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self._test_authenticated(data) self.assert_valid_response(response, status.HTTP_200_OK) # Check database state. self.user.refresh_from_db() self.assertEqual(self.user.email, self.email) # Check verification e-mail. sent_email = sent_emails[0] self.assertEqual( sent_email.from_email, REST_REGISTRATION_WITH_EMAIL_VERIFICATION[ 'VERIFICATION_FROM_EMAIL'], # noqa: E501 ) self.assertListEqual(sent_email.to, [self.new_email]) url = self.assert_one_url_line_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=REGISTER_EMAIL_VERIFICATION_URL, expected_fields={'signature', 'user_id', 'timestamp', 'email'}, ) self.assertEqual(verification_data['email'], self.new_email) self.assertEqual(int(verification_data['user_id']), self.user.id) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, timer.start_time) self.assertLessEqual(url_sig_timestamp, timer.end_time) signer = RegisterEmailSigner(verification_data) signer.verify() @override_settings( REST_REGISTRATION=shallow_merge_dicts( REST_REGISTRATION_WITH_EMAIL_VERIFICATION, { 'USER_VERIFICATION_ID_FIELD': 'username', }, ), ) def test_with_username_as_verification_id_ok(self): data = { 'email': self.new_email, } with self.assert_one_mail_sent() as sent_emails, self.timer() as timer: response = self._test_authenticated(data) self.assert_valid_response(response, status.HTTP_200_OK) # Check database state. self.user.refresh_from_db() self.assertEqual(self.user.email, self.email) # Check verification e-mail. sent_email = sent_emails[0] self.assertEqual( sent_email.from_email, REST_REGISTRATION_WITH_EMAIL_VERIFICATION[ 'VERIFICATION_FROM_EMAIL'], # noqa: E501 ) self.assertListEqual(sent_email.to, [self.new_email]) url = self.assert_one_url_line_in_text(sent_email.body) verification_data = self.assert_valid_verification_url( url, expected_path=REGISTER_EMAIL_VERIFICATION_URL, expected_fields={'signature', 'user_id', 'timestamp', 'email'}, ) self.assertEqual(verification_data['email'], self.new_email) self.assertEqual(verification_data['user_id'], self.user.username) url_sig_timestamp = int(verification_data['timestamp']) self.assertGreaterEqual(url_sig_timestamp, timer.start_time) self.assertLessEqual(url_sig_timestamp, timer.end_time) signer = RegisterEmailSigner(verification_data) signer.verify() @override_settings( REST_REGISTRATION={'REGISTER_EMAIL_VERIFICATION_ENABLED': False}) def test_noverify_ok(self): data = { 'email': self.new_email, } with self.assert_no_mail_sent(): response = self._test_authenticated(data) self.assert_valid_response(response, status.HTTP_200_OK) self.user.refresh_from_db() self.assertEqual(self.user.email, self.new_email)