From d881ea2a07d88d1e6ed735492a75b5a1007e8439 Mon Sep 17 00:00:00 2001 From: Holger Frey Date: Tue, 24 Oct 2017 11:16:31 +0200 Subject: [PATCH] bugfixes --- tests/__init__.py | 7 +++--- tests/_functional/reset_password.py | 13 +++++++++++ tests/models/account.py | 4 +--- tests/resources/account.py | 8 +++---- tests/views/account.py | 36 ++++++++++++++++------------- 5 files changed, 41 insertions(+), 27 deletions(-) diff --git a/tests/__init__.py b/tests/__init__.py index 48fb794..d2ea71c 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -101,16 +101,15 @@ def create_users(db): db.add(user) -def set_deform_data(request, form_data, extra_data=None, **kwargs): +def set_deform_data(request, form_data, modifyer=None): ''' augments the request to include post data as provided by deform ''' post_dict = MultiDict() post_dict['__formid__'] = 'deform' post_dict['_charset_'] = 'UTF-8' post_dict['csrf_token'] = get_csrf_token(request) post_dict.update(form_data) - if extra_data: - post_dict.update(extra_data) - post_dict.update(kwargs) + if modifyer: + post_dict.update(modifyer) request.POST = post_dict diff --git a/tests/_functional/reset_password.py b/tests/_functional/reset_password.py index dc4a105..834973c 100644 --- a/tests/_functional/reset_password.py +++ b/tests/_functional/reset_password.py @@ -27,6 +27,7 @@ def test_reset_password(testapp): email = mailer.outbox[-1] assert email.subject == '[ordr] Password Reset' + # set a new password token_link = get_token_url(email) response = testapp.get(token_link) form = response.forms[1] @@ -39,6 +40,18 @@ def test_reset_password(testapp): assert 'consider a longer password' in response assert 'Your password was changed' in response + # logging in with the old password should not work + response = testapp.get('/account/logout') + response = testapp.get('/account/login') + form = response.forms[1] + form['username'] = 'TerryGilliam' + form['password'] = 'Terry' + response = form.submit() + assert '' not in response + + # logging in with the old password should work + response = testapp.get('/account/logout') + response = testapp.get('/account/login') form = response.forms[1] form['username'] = 'TerryGilliam' form['password'] = 'Nudge Nudge' diff --git a/tests/models/account.py b/tests/models/account.py index b075dbc..bdf193b 100644 --- a/tests/models/account.py +++ b/tests/models/account.py @@ -151,8 +151,7 @@ def test_user_issue_token(app_config): request.registry.settings['token_expiry.change_email'] = 10 user = get_user('user') payload = {'test-key': 'test-data'} - hash = user.issue_token(request, TokenSubject.CHANGE_EMAIL, payload) - token = user.tokens[0] + token = user.issue_token(request, TokenSubject.CHANGE_EMAIL, payload) expected_expires = datetime.utcnow() + timedelta(minutes=10) # one second drift is still considered ok @@ -160,7 +159,6 @@ def test_user_issue_token(app_config): expected_expires.timestamp(), abs=1 ) - assert token.hash == hash assert token.owner == user assert token.payload == payload assert token.subject == TokenSubject.CHANGE_EMAIL diff --git a/tests/resources/account.py b/tests/resources/account.py index d4aa5d0..c8c3092 100644 --- a/tests/resources/account.py +++ b/tests/resources/account.py @@ -103,14 +103,14 @@ def test_account_resource_getitem_token_ok(app_config, dbsession): root = get_root_resource('user', dbsession=dbsession) user = root.request.user dbsession.add(user) - hash = user.issue_token(root.request, TokenSubject.CHANGE_EMAIL) + token = user.issue_token(root.request, TokenSubject.CHANGE_EMAIL) account = AccountResource(None, root) - resource = account[hash] + resource = account[token.hash] assert isinstance(resource, EmailVerificationToken) - assert resource.__name__ == hash + assert resource.__name__ == token.hash assert resource.__parent__ == account - assert resource.model.hash == hash + assert resource.model.hash == token.hash assert resource.model.owner == root.request.user diff --git a/tests/views/account.py b/tests/views/account.py index 64baa3b..472b60d 100644 --- a/tests/views/account.py +++ b/tests/views/account.py @@ -22,6 +22,13 @@ REGISTRATION_FORM_DATA = MultiDict([ ('__end__', 'password:mapping'), ]) +PASSWORD_RESET_FORM_DATA = MultiDict([ + ('__start__', 'password:mapping'), + ('password', 'Nudge'), + ('password-confirm', 'Nudge'), + ('__end__', 'password:mapping'), + ]) + @pytest.mark.parametrize('rolename', ['user', 'purchaser', 'admin']) def test_account_login_active_users(dbsession, rolename): @@ -297,30 +304,28 @@ def test_reset_password_form(): assert isinstance(result['form'], deform.Form) -def reset_password_form_processing_ok(): +def test_reset_password_form_processing_ok(dbsession): ''' reset password form processing is ok ''' - from ordr2.models.account import TokenSubject + from ordr2.models.account import Token, TokenSubject, User from ordr2.views.account import reset_password_form_processing + request = DummyRequest(dbsession=dbsession) + set_deform_data(request, REGISTRATION_FORM_DATA) account = get_user('user') - token = user.issue_token(request, TokenSubject.RESET_PASSWORD) + token = account.issue_token(request, TokenSubject.RESET_PASSWORD) dbsession.add(account) dbsession.flush() context = DummyResource(model=token) - request = DummyRequest( - dbsession=dbsession, - POST={'password': 'Nudge', 'password-confirmation': 'Nudge'} - ) result = reset_password_form_processing(context, request) assert isinstance(result, HTTPFound) - assert result.location == 'http://example.com/account/login' - assert account.check_password('Nudge') + assert result.location == 'http://example.com//login' + assert account.check_password(REGISTRATION_FORM_DATA['password']) assert dbsession.query(Token).count() == 0 assert dbsession.query(User).count() == 1 -def reset_password_form_processing_cancel(): +def test_reset_password_form_processing_cancel(): ''' reset password form processing is canceled ''' from ordr2.views.account import reset_password_form_processing @@ -339,14 +344,13 @@ def reset_password_form_processing_cancel(): ('', 'one is empty'), ] ) -def reset_password_form_processing_invalid(pw, confirm): +def test_reset_password_form_processing_invalid(pw, confirm): ''' validation error in reset password form ''' from ordr2.views.account import reset_password_form_processing - request = DummyRequest( - dbsession=dbsession, - POST={'password': pw, 'password-confirmation': confirm} - ) - result = reset_password_form_processing(context, request) + request = DummyRequest(dbsession=dbsession) + modifier = {'password': pw, 'password-confim': confirm} + set_deform_data(request, REGISTRATION_FORM_DATA, modifier) + result = reset_password_form_processing(None, request) assert isinstance(result['form'], deform.Form)