# -*- coding: utf-8 -*- # # ITerativ GmbH # http://www.iterativ.ch/ # # Copyright (c) 2019 ITerativ GmbH. All rights reserved. # # Created on 2019-10-02 # @author: chrigu from django.contrib.auth.tokens import PasswordResetTokenGenerator from django.contrib.sessions.middleware import SessionMiddleware from django.core import mail from django.test import TestCase, RequestFactory from django.utils.encoding import force_bytes from django.utils.http import urlsafe_base64_encode from graphene.test import Client from api.schema_public import schema from core.factories import UserFactory class PasswordResetTests(TestCase): def setUp(self): self.user = UserFactory(username='aschi') request = RequestFactory().post('/') # adding session middleware = SessionMiddleware() middleware.process_request(request) request.session.save() self.client = Client(schema=schema, context_value=request) def make_reset_mutation(self, email): mutation = ''' mutation PasswordReset($input: PasswordResetInput!){ passwordReset(input: $input) { success errors { field } } } ''' return self.client.execute(mutation, variables={ 'input': { 'emailInput': email } }) def make_set_verify_mutation(self, uidb64, token): mutation = ''' mutation PasswordResetVerify($input: PasswordResetVerifyInput!){ passwordResetVerify(input: $input) { success errors { field } } } ''' return self.client.execute(mutation, variables={ 'input': { 'uidb64Input': uidb64, 'tokenInput': token } }) def make_set_password_mutation(self, uidb64, new_password, new_password_confirm): mutation = ''' mutation PasswordResetSetPassword($input: PasswordResetSetPasswordInput!){ passwordResetSetPassword(input: $input) { success errors { field } } } ''' return self.client.execute(mutation, variables={ 'input': { 'uidb64Input': uidb64, 'newPasswordInput': new_password, 'confirmNewPasswordInput': new_password_confirm, } }) def test_user_can_initiate_password(self): result = self.make_reset_mutation(self.user.email) self.assertEqual(len(mail.outbox), 1) self.assertTrue(mail.outbox[0].subject.startswith('Passwort auf')) self.assertTrue(result.get('data').get('passwordReset').get('success')) def test_user_can_verify_and_set_password(self): token_generator = PasswordResetTokenGenerator() token = token_generator.make_token(self.user) uidb64 = urlsafe_base64_encode(force_bytes(self.user.pk)).decode() result = self.make_set_verify_mutation(uidb64, token) self.assertTrue(result.get('data').get('passwordResetVerify').get('success')) new_password = 'Abcd1234!' set_result = self.make_set_password_mutation(uidb64, new_password, new_password) self.assertTrue(set_result.get('data').get('passwordResetSetPassword').get('success')) def test_user_cannot_use_unsafe_password(self): token_generator = PasswordResetTokenGenerator() token = token_generator.make_token(self.user) uidb64 = urlsafe_base64_encode(force_bytes(self.user.pk)).decode() result = self.make_set_verify_mutation(uidb64, token) self.assertTrue(result.get('data').get('passwordResetVerify').get('success')) new_password = 'test' set_result = self.make_set_password_mutation(uidb64, new_password, new_password) self.assertFalse(set_result.get('data').get('passwordResetSetPassword').get('success'),) def test_new_passwords_must_match(self): token_generator = PasswordResetTokenGenerator() token = token_generator.make_token(self.user) uidb64 = urlsafe_base64_encode(force_bytes(self.user.pk)).decode() result = self.make_set_verify_mutation(uidb64, token) self.assertTrue(result.get('data').get('passwordResetVerify').get('success')) new_password = 'Abcd1234!' new_password_confirm = 'Abcd1234!1' set_result = self.make_set_password_mutation(uidb64, new_password, new_password_confirm) self.assertFalse(set_result.get('data').get('passwordResetSetPassword').get('success'))