implement AppConfig.a2_hook_user_can_reset_password (fixes #25535)

It returns True if an user is linked to an FC account, it allows any
FC user to login to its account as long as it still has control of the
FC email even if he has lost its FC credentials.
This commit is contained in:
Benjamin Dauvergne 2018-07-30 15:51:01 +02:00
parent 5f77fbe75e
commit 681dcf3862
2 changed files with 24 additions and 0 deletions

View File

@ -66,5 +66,8 @@ class AppConfig(django.apps.AppConfig):
serializer.get_franceconnect = get_franceconnect
serializer.fields['franceconnect'] = serializers.SerializerMethodField()
def a2_hook_user_can_reset_password(self, user):
return user.fc_accounts.exists()
default_app_config = '%s.%s' % (__name__, 'AppConfig')

View File

@ -1,5 +1,6 @@
# -*- coding: utf-8 -*-
import pytest
import re
import urlparse
import httmock
import mock
@ -23,6 +24,11 @@ from authentic2_auth_fc.utils import requests_retry_session
User = get_user_model()
def get_links_from_mail(mail):
'''Extract links from mail sent by Django'''
return re.findall('https?://[^ \n]*', mail.body)
def hmac_jwt(payload, key):
header = {'alg': 'HS256'}
k = jwk.JWK(kty='oct', k=base64.b64encode(key.encode('utf-8')))
@ -252,3 +258,18 @@ def test_requests_proxies_support(app, fc_settings, caplog):
mocked_send.return_value = mock.Mock(status_code=200, content='whatever')
session.get('https://example.net/')
assert mocked_send.call_args[1]['proxies'] == {'https': 'http://pubproxy.com/api/proxy'}
def test_password_reset(app, mailoutbox):
user = User.objects.create(email='john.doe@example.com')
response = app.get('/login/')
response = response.click('Reset it!').maybe_follow()
response.form['email'] = user.email
assert len(mailoutbox) == 0
response = response.form.submit()
assert len(mailoutbox) == 1
url = get_links_from_mail(mailoutbox[0])[0]
app.get(url, status=302)
models.FcAccount.objects.create(user=user, sub='xxx', token='aaa')
response = app.get(url)
assert 'new_password1' in response.form.fields