ordr2/tests/views/account/forgotten_password.py

import deform
import pytest

from pyramid.httpexceptions import HTTPFound
from pyramid.testing import DummyRequest, DummyResource

from ... import (  # noqa: F401
    app_config,
    dbsession,
    get_example_user,
    get_post_request
    )


def test_forgotten_password_form():
    ''' test the view for the forgotten password form '''
    from ordr.resources.account import PasswordResetResource
    from ordr.views.account import forgotten_password_form

    request = DummyRequest()
    parent = DummyResource(request=request)
    context = PasswordResetResource(name=None, parent=parent)
    result = forgotten_password_form(context, None)

    assert result == {'formerror': False}


@pytest.mark.parametrize(  # noqa: F811
    'identifier',
    ['TerryGilliam', 'gilliam@example.com', 'Gilliam@Example.com']
    )
def test_forgotten_password_processing_ok(dbsession, identifier):
    ''' test the processing of the forgotten password form '''
    from ordr.models.account import Role, TokenSubject
    from ordr.resources.account import PasswordResetResource
    from ordr.views.account import (
        forgotten_password_form_processing
        )

    user = get_example_user(Role.USER)
    dbsession.add(user)
    dbsession.flush()

    post_data = {
        'identifier': identifier,
        'send_mail': 'send_mail',
        }
    request = DummyRequest(dbsession=dbsession, POST=post_data)
    parent = DummyResource(request=request)
    context = PasswordResetResource(name=None, parent=parent)
    result = forgotten_password_form_processing(context, request)

    assert isinstance(result, HTTPFound)
    assert result.location == 'http://example.com//verify'

    # a token should be created
    token = user.tokens[0]
    assert token.subject == TokenSubject.RESET_PASSWORD

    # a verification email should be sent
    # this is tested in the functional test since request.registry.notify
    # doesn't know about event subscribers in the unittest


@pytest.mark.parametrize(  # noqa: F811
    'identifier',
    ['', 'GrahamChapman', 'unknown@example.com']
    )
def test_forgotten_password_processing_not_ok(dbsession, identifier):
    ''' test error processing of the forgotten password form '''
    from ordr.models.account import Role, Token
    from ordr.resources.account import PasswordResetResource
    from ordr.views.account import (
        forgotten_password_form_processing
        )

    user = get_example_user(Role.UNVALIDATED)
    dbsession.add(user)
    dbsession.flush()

    post_data = {
        'identifier': identifier,
        'send_mail': 'send_mail',
        }
    request = DummyRequest(dbsession=dbsession, POST=post_data)
    parent = DummyResource(request=request)
    context = PasswordResetResource(name=None, parent=parent)
    result = forgotten_password_form_processing(context, request)

    assert result == {'formerror': True}
    assert dbsession.query(Token).count() == 0


def test_forgotten_password_processing_cancel(dbsession):  # noqa: F811
    ''' test the canceling of the forgotten password form '''
    from ordr.models.account import Token
    from ordr.resources.account import PasswordResetResource
    from ordr.views.account import (
        forgotten_password_form_processing
        )

    post_data = {
        'identifier': 'TerryGilliam',
        'cancel': 'cancel',
        }
    request = DummyRequest(dbsession=dbsession, POST=post_data)
    parent = DummyResource(request=request)
    context = PasswordResetResource(name=None, parent=parent)
    result = forgotten_password_form_processing(context, request)

    assert isinstance(result, HTTPFound)
    assert result.location == 'http://example.com//'
    assert dbsession.query(Token).count() == 0


def test_forgotten_password_verify_email():
    ''' test the message view for check your email '''
    from ordr.views.account import forgotten_password_verify_email
    result = forgotten_password_verify_email(None, None)
    assert result == {}


def test_forgotten_password_completed():
    ''' test the view for a completed reset process '''
    from ordr.views.account import forgotten_password_completed
    result = forgotten_password_completed(None, None)
    assert result == {}


def test_reset_password_form():
    ''' test reset password form view '''
    from ordr.resources.account import PasswordResetTokenResource
    from ordr.schemas.account import ResetPasswordSchema
    from ordr.views.account import reset_password_form

    request = DummyRequest()
    parent = DummyResource(request=request)
    context = PasswordResetTokenResource(name=None, parent=parent)
    result = reset_password_form(context, None)
    form = result['form']

    assert isinstance(form, deform.Form)
    assert isinstance(form.schema, ResetPasswordSchema)


def test_reset_password_form_processing_valid(dbsession):  # noqa: F811
    ''' test reset password form processing '''
    from ordr.models.account import User, Role, Token, TokenSubject
    from ordr.resources.account import PasswordResetTokenResource
    from ordr.views.account import reset_password_form_processing

    data = {
        '__start__': 'password:mapping',
        'password': 'Lost in La Mancha',
        'password-confirm': 'Lost in La Mancha',
        '__end__': 'password:mapping',
        'change': 'Set New Password'
        }
    request = get_post_request(data, dbsession=dbsession)

    user = get_example_user(Role.USER)
    dbsession.add(user)
    user.issue_token(request, TokenSubject.RESET_PASSWORD)
    dbsession.flush()
    token = dbsession.query(Token).first()

    parent = DummyResource(request=request)
    context = PasswordResetTokenResource(name=None, parent=parent, model=token)
    result = reset_password_form_processing(context, request)

    # return value of function call
    assert isinstance(result, HTTPFound)
    assert result.location == 'http://example.com/completed'

    # password of the user should be updated
    user = dbsession.query(User).filter_by(username='TerryGilliam').first()
    assert user.check_password('Lost in La Mancha')

    token_count = dbsession.query(Token).count()
    assert token_count == 0


def test_reset_password_form_processing_invalid_data(dbsession):  # noqa: F811
    ''' test reset password form processing '''
    from ordr.models.account import Role, Token, TokenSubject
    from ordr.resources.account import PasswordResetTokenResource
    from ordr.schemas.account import ResetPasswordSchema
    from ordr.views.account import reset_password_form_processing

    data = {
        '__start__': 'password:mapping',
        'password': 'does not match',
        'password-confirm': 'the confirmation',
        '__end__': 'password:mapping',
        'change': 'Set New Password'
        }
    request = get_post_request(data, dbsession=dbsession)

    user = get_example_user(Role.USER)
    dbsession.add(user)
    user.issue_token(request, TokenSubject.RESET_PASSWORD)
    dbsession.flush()
    token = dbsession.query(Token).first()

    parent = DummyResource(request=request)
    context = PasswordResetTokenResource(name=None, parent=parent, model=token)
    result = reset_password_form_processing(context, request)

    form = result['form']

    assert isinstance(form, deform.Form)
    assert isinstance(form.schema, ResetPasswordSchema)


def test_reset_password_form_processing_cancel(dbsession):  # noqa: F811
    ''' test reset password form processing '''
    from ordr.models.account import Role, Token, TokenSubject
    from ordr.resources.account import PasswordResetTokenResource
    from ordr.views.account import reset_password_form_processing

    data = {
        '__start__': 'password:mapping',
        'password': 'Lost in La Mancha',
        'password-confirm': 'Lost in La Mancha',
        '__end__': 'password:mapping',
        'cancel': 'Cancel'
        }
    request = get_post_request(data, dbsession=dbsession)

    user = get_example_user(Role.USER)
    dbsession.add(user)
    user.issue_token(request, TokenSubject.RESET_PASSWORD)
    dbsession.flush()
    token = dbsession.query(Token).first()

    parent = DummyResource(request=request)
    context = PasswordResetTokenResource(name=None, parent=parent, model=token)
    result = reset_password_form_processing(context, request)

    assert isinstance(result, HTTPFound)
    assert result.location == 'http://example.com//'