api/tests: test get_or_create & force_password_reset jointly (#85363)

2024-01-09 10:56:25 +01:00 · 2024-01-09 10:56:25 +01:00 · 3f038a7519
parent 223f14e5a0
commit 3f038a7519
1 changed files with 71 additions and 0 deletions
--- a/tests/api/test_get_or_create.py
+++ b/tests/api/test_get_or_create.py
@ -20,6 +20,8 @@ from django.contrib.auth import get_user_model
 from authentic2.a2_rbac.models import OrganizationalUnit as OU
 from authentic2.a2_rbac.models import Role

+from ..utils import login
+
 pytestmark = pytest.mark.django_db

 User = get_user_model()
@ -162,6 +164,75 @@ def test_api_users_get_or_create(settings, app, admin):
    assert User.objects.get(id=id).check_password('secret')


+def test_api_users_get_or_create_force_password_reset(app, client, settings, superuser):
+    app.authorization = ('Basic', (superuser.username, superuser.username))
+    # test missing first_name
+    payload = {
+        'email': 'john.doe@example.net',
+        'first_name': 'John',
+        'last_name': 'Doe',
+        'force_password_reset': True,
+        'password': '1234',
+    }
+    resp = app.post_json('/api/users/?get_or_create=email', params=payload, status=201)
+    id = resp.json['id']
+    assert User.objects.get(id=id).first_name == 'John'
+    assert User.objects.get(id=id).last_name == 'Doe'
+    password = User.objects.get(id=id).password
+
+    resp = app.post_json('/api/users/?get_or_create=email', params=payload, status=200)
+    assert id == resp.json['id']
+    assert User.objects.get(id=id).first_name == 'John'
+    assert User.objects.get(id=id).last_name == 'Doe'
+    assert User.objects.get(id=id).password == password
+
+    # Verify password reset is enforced on next login
+    resp = login(app, 'john.doe@example.net', path='/', password='1234').follow()
+    resp.form.set('old_password', '1234')
+    resp.form.set('new_password1', '1234==aB')
+    resp.form.set('new_password2', '1234==aB')
+    resp = resp.form.submit('Submit').follow().maybe_follow()
+    assert 'Password changed' in resp
+
+
+def test_api_users_update_or_create_force_password_reset(app, client, settings, superuser):
+    app.authorization = ('Basic', (superuser.username, superuser.username))
+    user = User.objects.create(
+        first_name='John',
+        last_name='Doe',
+        email='john.doe@example.net',
+    )
+    id = user.id
+    user.set_password('1234')
+    user.save()
+    password = user.password
+
+    payload = {
+        'email': 'john.doe@example.net',
+        'first_name': 'Jane',
+        'force_password_reset': True,
+    }
+    resp = app.post_json('/api/users/?update_or_create=email', params=payload, status=200)
+    assert id == resp.json['id']
+    assert User.objects.get(id=id).first_name == 'Jane'
+    assert User.objects.get(id=id).last_name == 'Doe'
+    assert User.objects.get(id=id).password == password
+
+    payload['password'] = 'secret'
+    resp = app.post_json('/api/users/?update_or_create=email', params=payload, status=200)
+    assert User.objects.get(id=id).first_name == 'Jane'
+    assert User.objects.get(id=id).last_name == 'Doe'
+    assert User.objects.get(id=id).password != password
+    assert User.objects.get(id=id).check_password('secret')
+    # Verify password reset is enforced on next login
+    resp = login(app, 'john.doe@example.net', path='/', password='secret').follow()
+    resp.form.set('old_password', 'secret')
+    resp.form.set('new_password1', 'secret==aB1234!!')
+    resp.form.set('new_password2', 'secret==aB1234!!')
+    resp = resp.form.submit('Submit').follow().maybe_follow()
+    assert 'Password changed' in resp
+
+
 def test_api_users_get_or_create_email_is_unique(settings, app, admin):
    settings.A2_EMAIL_IS_UNIQUE = True
    app.authorization = ('Basic', (admin.username, admin.username))