summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorMariusz Felisiak <felisiak.mariusz@gmail.com>2020-10-22 13:21:14 +0200
committerGitHub <noreply@github.com>2020-10-22 13:21:14 +0200
commit34180922380cf41cd684f846ecf00f92eb289bcf (patch)
tree86beea492d23bfbd5fe758b9ae0fce4de5e6424c /tests
parent284bde3fbe07485d64289e28014a4eada68aef91 (diff)
Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation.
Thanks Gordon Wrigley for the report and implementation idea. Regression in 226ebb17290b604ef29e82fb5c1fbac3594ac163.
Diffstat (limited to 'tests')
-rw-r--r--tests/auth_tests/test_tokens.py23
1 files changed, 22 insertions, 1 deletions
diff --git a/tests/auth_tests/test_tokens.py b/tests/auth_tests/test_tokens.py
index 42ac71148e..a9ba0e200f 100644
--- a/tests/auth_tests/test_tokens.py
+++ b/tests/auth_tests/test_tokens.py
@@ -1,4 +1,4 @@
-from datetime import datetime, timedelta
+from datetime import date, datetime, timedelta
from django.conf import settings
from django.contrib.auth.models import User
@@ -86,6 +86,27 @@ class TokenGeneratorTest(TestCase):
)
self.assertIs(p4.check_token(user, tk1), False)
+ def test_legacy_days_timeout(self):
+ # RemovedInDjango40Warning: pre-Django 3.1 tokens will be invalid.
+ class LegacyPasswordResetTokenGenerator(MockedPasswordResetTokenGenerator):
+ """Pre-Django 3.1 tokens generator."""
+ def _num_seconds(self, dt):
+ # Pre-Django 3.1 tokens use days instead of seconds.
+ return (dt.date() - date(2001, 1, 1)).days
+
+ user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')
+ now = datetime.now()
+ p0 = LegacyPasswordResetTokenGenerator(now)
+ tk1 = p0.make_token(user)
+ p1 = MockedPasswordResetTokenGenerator(
+ now + timedelta(seconds=settings.PASSWORD_RESET_TIMEOUT),
+ )
+ self.assertIs(p1.check_token(user, tk1), True)
+ p2 = MockedPasswordResetTokenGenerator(
+ now + timedelta(seconds=(settings.PASSWORD_RESET_TIMEOUT + 24 * 60 * 60)),
+ )
+ self.assertIs(p2.check_token(user, tk1), False)
+
def test_check_token_with_nonexistent_token_and_user(self):
user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')
p0 = PasswordResetTokenGenerator()