|
|
|
import deform
|
|
|
|
import pytest
|
|
|
|
|
|
|
|
from pyramid.httpexceptions import HTTPFound
|
|
|
|
from pyramid.testing import DummyRequest, DummyResource
|
|
|
|
|
|
|
|
from .. import ( # noqa: F401
|
|
|
|
app_config,
|
|
|
|
dbsession,
|
|
|
|
get_example_user,
|
|
|
|
get_post_request
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
def test_forgotten_password_form():
|
|
|
|
''' test the view for the forgotten password form '''
|
|
|
|
from ordr.resources.account import PasswordResetResource
|
|
|
|
from ordr.views.forgotten_password import forgotten_password_form
|
|
|
|
|
|
|
|
request = DummyRequest()
|
|
|
|
parent = DummyResource(request=request)
|
|
|
|
context = PasswordResetResource(name=None, parent=parent)
|
|
|
|
result = forgotten_password_form(context, None)
|
|
|
|
|
|
|
|
assert result == {'formerror': False}
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.parametrize( # noqa: F811
|
|
|
|
'identifier',
|
|
|
|
['TerryGilliam', 'gilliam@example.com', 'Gilliam@Example.com']
|
|
|
|
)
|
|
|
|
def test_forgotten_password_processing_ok(dbsession, identifier):
|
|
|
|
''' test the processing of the forgotten password form '''
|
|
|
|
from ordr.models.account import Role, TokenSubject
|
|
|
|
from ordr.resources.account import PasswordResetResource
|
|
|
|
from ordr.views.forgotten_password import (
|
|
|
|
forgotten_password_form_processing
|
|
|
|
)
|
|
|
|
|
|
|
|
user = get_example_user(Role.USER)
|
|
|
|
dbsession.add(user)
|
|
|
|
dbsession.flush()
|
|
|
|
|
|
|
|
post_data = {
|
|
|
|
'identifier': identifier,
|
|
|
|
'send_mail': 'send_mail',
|
|
|
|
}
|
|
|
|
request = DummyRequest(dbsession=dbsession, POST=post_data)
|
|
|
|
parent = DummyResource(request=request)
|
|
|
|
context = PasswordResetResource(name=None, parent=parent)
|
|
|
|
result = forgotten_password_form_processing(context, request)
|
|
|
|
|
|
|
|
assert isinstance(result, HTTPFound)
|
|
|
|
assert result.location == 'http://example.com//verify'
|
|
|
|
|
|
|
|
# a token should be created
|
|
|
|
token = user.tokens[0]
|
|
|
|
assert token.subject == TokenSubject.RESET_PASSWORD
|
|
|
|
|
|
|
|
# a verification email should be sent
|
|
|
|
# this is tested in the functional test since request.registry.notify
|
|
|
|
# doesn't know about event subscribers in the unittest
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.parametrize( # noqa: F811
|
|
|
|
'identifier',
|
|
|
|
['', 'GrahamChapman', 'unknown@example.com']
|
|
|
|
)
|
|
|
|
def test_forgotten_password_processing_not_ok(dbsession, identifier):
|
|
|
|
''' test error processing of the forgotten password form '''
|
|
|
|
from ordr.models.account import Role, Token
|
|
|
|
from ordr.resources.account import PasswordResetResource
|
|
|
|
from ordr.views.forgotten_password import (
|
|
|
|
forgotten_password_form_processing
|
|
|
|
)
|
|
|
|
|
|
|
|
user = get_example_user(Role.UNVALIDATED)
|
|
|
|
dbsession.add(user)
|
|
|
|
dbsession.flush()
|
|
|
|
|
|
|
|
post_data = {
|
|
|
|
'identifier': identifier,
|
|
|
|
'send_mail': 'send_mail',
|
|
|
|
}
|
|
|
|
request = DummyRequest(dbsession=dbsession, POST=post_data)
|
|
|
|
parent = DummyResource(request=request)
|
|
|
|
context = PasswordResetResource(name=None, parent=parent)
|
|
|
|
result = forgotten_password_form_processing(context, request)
|
|
|
|
|
|
|
|
assert result == {'formerror': True}
|
|
|
|
assert dbsession.query(Token).count() == 0
|
|
|
|
|
|
|
|
|
|
|
|
def test_forgotten_password_processing_cancel(dbsession): # noqa: F811
|
|
|
|
''' test the canceling of the forgotten password form '''
|
|
|
|
from ordr.models.account import Token
|
|
|
|
from ordr.resources.account import PasswordResetResource
|
|
|
|
from ordr.views.forgotten_password import (
|
|
|
|
forgotten_password_form_processing
|
|
|
|
)
|
|
|
|
|
|
|
|
post_data = {
|
|
|
|
'identifier': 'TerryGilliam',
|
|
|
|
'cancel': 'cancel',
|
|
|
|
}
|
|
|
|
request = DummyRequest(dbsession=dbsession, POST=post_data)
|
|
|
|
parent = DummyResource(request=request)
|
|
|
|
context = PasswordResetResource(name=None, parent=parent)
|
|
|
|
result = forgotten_password_form_processing(context, request)
|
|
|
|
|
|
|
|
assert isinstance(result, HTTPFound)
|
|
|
|
assert result.location == 'http://example.com//'
|
|
|
|
assert dbsession.query(Token).count() == 0
|
|
|
|
|
|
|
|
|
|
|
|
def test_verify():
|
|
|
|
''' test the message view for check your email '''
|
|
|
|
from ordr.views.forgotten_password import verify
|
|
|
|
result = verify(None, None)
|
|
|
|
assert result == {}
|
|
|
|
|
|
|
|
|
|
|
|
def test_completed():
|
|
|
|
''' test the view for a completed reset process '''
|
|
|
|
from ordr.views.forgotten_password import completed
|
|
|
|
result = completed(None, None)
|
|
|
|
assert result == {}
|
|
|
|
|
|
|
|
|
|
|
|
def test_reset_password_form():
|
|
|
|
''' test reset password form view '''
|
|
|
|
from ordr.resources.account import PasswordResetTokenResource
|
|
|
|
from ordr.schemas.account import ResetPasswordSchema
|
|
|
|
from ordr.views.forgotten_password import reset_password_form
|
|
|
|
|
|
|
|
request = DummyRequest()
|
|
|
|
parent = DummyResource(request=request)
|
|
|
|
context = PasswordResetTokenResource(name=None, parent=parent)
|
|
|
|
result = reset_password_form(context, None)
|
|
|
|
form = result['form']
|
|
|
|
|
|
|
|
assert isinstance(form, deform.Form)
|
|
|
|
assert isinstance(form.schema, ResetPasswordSchema)
|
|
|
|
|
|
|
|
|
|
|
|
def test_reset_password_form_processing_valid(dbsession): # noqa: F811
|
|
|
|
''' test reset password form processing '''
|
|
|
|
from ordr.models.account import User, Role, Token, TokenSubject
|
|
|
|
from ordr.resources.account import PasswordResetTokenResource
|
|
|
|
from ordr.views.forgotten_password import reset_password_form_processing
|
|
|
|
|
|
|
|
data = {
|
|
|
|
'__start__': 'password:mapping',
|
|
|
|
'password': 'Lost in La Mancha',
|
|
|
|
'password-confirm': 'Lost in La Mancha',
|
|
|
|
'__end__': 'password:mapping',
|
|
|
|
'change': 'Set New Password'
|
|
|
|
}
|
|
|
|
request = get_post_request(dbsession, data)
|
|
|
|
|
|
|
|
user = get_example_user(Role.USER)
|
|
|
|
dbsession.add(user)
|
|
|
|
user.issue_token(request, TokenSubject.RESET_PASSWORD)
|
|
|
|
dbsession.flush()
|
|
|
|
token = dbsession.query(Token).first()
|
|
|
|
|
|
|
|
parent = DummyResource(request=request)
|
|
|
|
context = PasswordResetTokenResource(name=None, parent=parent, model=token)
|
|
|
|
result = reset_password_form_processing(context, request)
|
|
|
|
|
|
|
|
# return value of function call
|
|
|
|
assert isinstance(result, HTTPFound)
|
|
|
|
assert result.location == 'http://example.com/completed'
|
|
|
|
|
|
|
|
# password of the user should be updated
|
|
|
|
user = dbsession.query(User).filter_by(username='TerryGilliam').first()
|
|
|
|
assert user.check_password('Lost in La Mancha')
|
|
|
|
|
|
|
|
token_count = dbsession.query(Token).count()
|
|
|
|
assert token_count == 0
|
|
|
|
|
|
|
|
|
|
|
|
def test_reset_password_form_processing_invalid_data(dbsession): # noqa: F811
|
|
|
|
''' test reset password form processing '''
|
|
|
|
from ordr.models.account import Role, Token, TokenSubject
|
|
|
|
from ordr.resources.account import PasswordResetTokenResource
|
|
|
|
from ordr.schemas.account import ResetPasswordSchema
|
|
|
|
from ordr.views.forgotten_password import reset_password_form_processing
|
|
|
|
|
|
|
|
data = {
|
|
|
|
'__start__': 'password:mapping',
|
|
|
|
'password': 'does not match',
|
|
|
|
'password-confirm': 'the confirmation',
|
|
|
|
'__end__': 'password:mapping',
|
|
|
|
'change': 'Set New Password'
|
|
|
|
}
|
|
|
|
request = get_post_request(dbsession, data)
|
|
|
|
|
|
|
|
user = get_example_user(Role.USER)
|
|
|
|
dbsession.add(user)
|
|
|
|
user.issue_token(request, TokenSubject.RESET_PASSWORD)
|
|
|
|
dbsession.flush()
|
|
|
|
token = dbsession.query(Token).first()
|
|
|
|
|
|
|
|
parent = DummyResource(request=request)
|
|
|
|
context = PasswordResetTokenResource(name=None, parent=parent, model=token)
|
|
|
|
result = reset_password_form_processing(context, request)
|
|
|
|
|
|
|
|
form = result['form']
|
|
|
|
|
|
|
|
assert isinstance(form, deform.Form)
|
|
|
|
assert isinstance(form.schema, ResetPasswordSchema)
|
|
|
|
|
|
|
|
|
|
|
|
def test_reset_password_form_processing_cancel(dbsession): # noqa: F811
|
|
|
|
''' test reset password form processing '''
|
|
|
|
from ordr.models.account import Role, Token, TokenSubject
|
|
|
|
from ordr.resources.account import PasswordResetTokenResource
|
|
|
|
from ordr.views.forgotten_password import reset_password_form_processing
|
|
|
|
|
|
|
|
data = {
|
|
|
|
'__start__': 'password:mapping',
|
|
|
|
'password': 'Lost in La Mancha',
|
|
|
|
'password-confirm': 'Lost in La Mancha',
|
|
|
|
'__end__': 'password:mapping',
|
|
|
|
'cancel': 'Cancel'
|
|
|
|
}
|
|
|
|
request = get_post_request(dbsession, data)
|
|
|
|
|
|
|
|
user = get_example_user(Role.USER)
|
|
|
|
dbsession.add(user)
|
|
|
|
user.issue_token(request, TokenSubject.RESET_PASSWORD)
|
|
|
|
dbsession.flush()
|
|
|
|
token = dbsession.query(Token).first()
|
|
|
|
|
|
|
|
parent = DummyResource(request=request)
|
|
|
|
context = PasswordResetTokenResource(name=None, parent=parent, model=token)
|
|
|
|
result = reset_password_form_processing(context, request)
|
|
|
|
|
|
|
|
assert isinstance(result, HTTPFound)
|
|
|
|
assert result.location == 'http://example.com//'
|