entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 32 Releases Activity
authentic/tests/test_password_reset.py

101 lines
3.9 KiB
Python
Raw Blame History

# authentic2 - versatile identity manager
# Copyright (C) 2010-2020 Entr'ouvert
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from django.test.utils import override_settings
from django.urls import reverse
from . import utils
def test_send_password_reset_email(app, simple_user, mailoutbox):
from authentic2.utils import send_password_reset_mail
assert len(mailoutbox) == 0
with utils.run_on_commit_hooks():
send_password_reset_mail(
simple_user,
legacy_subject_templates=['registration/password_reset_subject.txt'],
legacy_body_templates=['registration/password_reset_email.html'],
context={
'base_url': 'http://testserver',
})
assert len(mailoutbox) == 1
utils.assert_event('user.password.reset.request', user=simple_user, email=simple_user.email)
url = utils.get_link_from_mail(mailoutbox[0])
relative_url = url.split('testserver')[1]
resp = app.get(relative_url, status=200)
resp.form.set('new_password1', '1234==aA')
resp.form.set('new_password2', '1234==aA')
resp = resp.form.submit().follow()
assert str(app.session['_auth_user_id']) == str(simple_user.pk)
utils.assert_event('user.password.reset', user=simple_user, session=app.session)
def test_view(app, simple_user, mailoutbox, settings):
url = reverse('password_reset')
resp = app.get(url, status=200)
resp.form.set('email', simple_user.email)
assert len(mailoutbox) == 0
settings.DEFAULT_FROM_EMAIL = 'show only addr <noreply@example.net>'
resp = resp.form.submit()
utils.assert_event('user.password.reset.request', user=simple_user, email=simple_user.email)
assert resp['Location'].endswith('/instructions/')
resp = resp.follow()
assert simple_user.email in resp.text
assert '"noreply@example.net"' in resp.text
assert 'show only addr' not in resp.text
assert len(mailoutbox) == 1
url = utils.get_link_from_mail(mailoutbox[0])
relative_url = url.split('testserver')[1]
resp = app.get(relative_url, status=200)
resp.form.set('new_password1', '1234==aA')
resp.form.set('new_password2', '1234==aA')
resp = resp.form.submit()
# verify user is logged
assert str(app.session['_auth_user_id']) == str(simple_user.pk)
with override_settings(A2_USER_CAN_RESET_PASSWORD=False):
url = reverse('password_reset')
app.get(url, status=404)
def test_user_filter(app, simple_user, mailoutbox, settings):
settings.A2_USER_FILTER = {'username': 'xxx'} # will not match simple_user
url = reverse('password_reset')
resp = app.get(url, status=200)
resp.form.set('email', simple_user.email)
assert len(mailoutbox) == 0
resp = resp.form.submit()
assert len(mailoutbox) == 0
def test_user_exclude(app, simple_user, mailoutbox, settings):
settings.A2_USER_EXCLUDE = {'username': simple_user.username} # will not match simple_user
url = reverse('password_reset')
resp = app.get(url, status=200)
resp.form.set('email', simple_user.email)
assert len(mailoutbox) == 0
resp = resp.form.submit()
assert len(mailoutbox) == 0
def test_old_url_redirect(app):
response = app.get('/accounts/password/reset/whatever')
assert response.location == '/accounts/password/reset/'
response = response.follow()
assert 'please reset your password again' in response
View Git Blame Copy Permalink