diff options
| author | Hasan Ramezani <hasan.r67@gmail.com> | 2019-08-23 17:14:07 +0200 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2019-09-20 13:52:04 +0200 |
| commit | 226ebb17290b604ef29e82fb5c1fbac3594ac163 (patch) | |
| tree | 6845abde1e47ec7f5d295ab609becce3c7f492a8 /tests | |
| parent | 0719edcd5fed56157ffb3323a8f634aa5e8f9a80 (diff) | |
Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/auth_tests/test_password_reset_timeout_days.py | 88 | ||||
| -rw-r--r-- | tests/auth_tests/test_tokens.py | 25 |
2 files changed, 102 insertions, 11 deletions
diff --git a/tests/auth_tests/test_password_reset_timeout_days.py b/tests/auth_tests/test_password_reset_timeout_days.py new file mode 100644 index 0000000000..db9aa62726 --- /dev/null +++ b/tests/auth_tests/test_password_reset_timeout_days.py @@ -0,0 +1,88 @@ +import sys +from datetime import datetime, timedelta +from types import ModuleType + +from django.conf import ( + PASSWORD_RESET_TIMEOUT_DAYS_DEPRECATED_MSG, Settings, settings, +) +from django.contrib.auth.models import User +from django.contrib.auth.tokens import PasswordResetTokenGenerator +from django.core.exceptions import ImproperlyConfigured +from django.test import TestCase, ignore_warnings +from django.utils.deprecation import RemovedInDjango40Warning + + +class DeprecationTests(TestCase): + msg = PASSWORD_RESET_TIMEOUT_DAYS_DEPRECATED_MSG + + @ignore_warnings(category=RemovedInDjango40Warning) + def test_timeout(self): + """The token is valid after n days, but no greater.""" + # Uses a mocked version of PasswordResetTokenGenerator so we can change + # the value of 'now'. + class Mocked(PasswordResetTokenGenerator): + def __init__(self, now): + self._now_val = now + + def _now(self): + return self._now_val + + user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw') + p0 = PasswordResetTokenGenerator() + tk1 = p0.make_token(user) + p1 = Mocked(datetime.now() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS)) + self.assertTrue(p1.check_token(user, tk1)) + p2 = Mocked(datetime.now() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1)) + self.assertFalse(p2.check_token(user, tk1)) + with self.settings(PASSWORD_RESET_TIMEOUT_DAYS=1): + self.assertEqual(settings.PASSWORD_RESET_TIMEOUT, 60 * 60 * 24) + p3 = Mocked(datetime.now() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS)) + self.assertTrue(p3.check_token(user, tk1)) + p4 = Mocked(datetime.now() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1)) + self.assertFalse(p4.check_token(user, tk1)) + + def test_override_settings_warning(self): + with self.assertRaisesMessage(RemovedInDjango40Warning, self.msg): + with self.settings(PASSWORD_RESET_TIMEOUT_DAYS=2): + pass + + def test_settings_init_warning(self): + settings_module = ModuleType('fake_settings_module') + settings_module.SECRET_KEY = 'foo' + settings_module.PASSWORD_RESET_TIMEOUT_DAYS = 2 + sys.modules['fake_settings_module'] = settings_module + try: + with self.assertRaisesMessage(RemovedInDjango40Warning, self.msg): + Settings('fake_settings_module') + finally: + del sys.modules['fake_settings_module'] + + def test_access_warning(self): + with self.assertRaisesMessage(RemovedInDjango40Warning, self.msg): + settings.PASSWORD_RESET_TIMEOUT_DAYS + # Works a second time. + with self.assertRaisesMessage(RemovedInDjango40Warning, self.msg): + settings.PASSWORD_RESET_TIMEOUT_DAYS + + @ignore_warnings(category=RemovedInDjango40Warning) + def test_access(self): + with self.settings(PASSWORD_RESET_TIMEOUT_DAYS=2): + self.assertEqual(settings.PASSWORD_RESET_TIMEOUT_DAYS, 2) + # Works a second time. + self.assertEqual(settings.PASSWORD_RESET_TIMEOUT_DAYS, 2) + + def test_use_both_settings_init_error(self): + msg = ( + 'PASSWORD_RESET_TIMEOUT_DAYS/PASSWORD_RESET_TIMEOUT are ' + 'mutually exclusive.' + ) + settings_module = ModuleType('fake_settings_module') + settings_module.SECRET_KEY = 'foo' + settings_module.PASSWORD_RESET_TIMEOUT_DAYS = 2 + settings_module.PASSWORD_RESET_TIMEOUT = 2000 + sys.modules['fake_settings_module'] = settings_module + try: + with self.assertRaisesMessage(ImproperlyConfigured, msg): + Settings('fake_settings_module') + finally: + del sys.modules['fake_settings_module'] diff --git a/tests/auth_tests/test_tokens.py b/tests/auth_tests/test_tokens.py index ede7b007fa..6d6caab9b1 100644 --- a/tests/auth_tests/test_tokens.py +++ b/tests/auth_tests/test_tokens.py @@ -1,4 +1,4 @@ -from datetime import date, timedelta +from datetime import datetime, timedelta from django.conf import settings from django.contrib.auth.models import User @@ -28,25 +28,28 @@ class TokenGeneratorTest(TestCase): self.assertEqual(tk1, tk2) def test_timeout(self): - """ - The token is valid after n days, but no greater. - """ + """The token is valid after n seconds, but no greater.""" # Uses a mocked version of PasswordResetTokenGenerator so we can change - # the value of 'today' + # the value of 'now'. class Mocked(PasswordResetTokenGenerator): - def __init__(self, today): - self._today_val = today + def __init__(self, now): + self._now_val = now - def _today(self): - return self._today_val + def _now(self): + return self._now_val user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw') p0 = PasswordResetTokenGenerator() tk1 = p0.make_token(user) - p1 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS)) + p1 = Mocked(datetime.now() + timedelta(seconds=settings.PASSWORD_RESET_TIMEOUT)) self.assertTrue(p1.check_token(user, tk1)) - p2 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1)) + p2 = Mocked(datetime.now() + timedelta(seconds=(settings.PASSWORD_RESET_TIMEOUT + 1))) self.assertFalse(p2.check_token(user, tk1)) + with self.settings(PASSWORD_RESET_TIMEOUT=60 * 60): + p3 = Mocked(datetime.now() + timedelta(seconds=settings.PASSWORD_RESET_TIMEOUT)) + self.assertTrue(p3.check_token(user, tk1)) + p4 = Mocked(datetime.now() + timedelta(seconds=(settings.PASSWORD_RESET_TIMEOUT + 1))) + self.assertFalse(p4.check_token(user, tk1)) def test_check_token_with_nonexistent_token_and_user(self): user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw') |
