diff options
| author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-10-22 13:21:14 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-10-22 13:21:14 +0200 |
| commit | 34180922380cf41cd684f846ecf00f92eb289bcf (patch) | |
| tree | 86beea492d23bfbd5fe758b9ae0fce4de5e6424c /tests | |
| parent | 284bde3fbe07485d64289e28014a4eada68aef91 (diff) | |
Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation.
Thanks Gordon Wrigley for the report and implementation idea.
Regression in 226ebb17290b604ef29e82fb5c1fbac3594ac163.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/auth_tests/test_tokens.py | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/tests/auth_tests/test_tokens.py b/tests/auth_tests/test_tokens.py index 42ac71148e..a9ba0e200f 100644 --- a/tests/auth_tests/test_tokens.py +++ b/tests/auth_tests/test_tokens.py @@ -1,4 +1,4 @@ -from datetime import datetime, timedelta +from datetime import date, datetime, timedelta from django.conf import settings from django.contrib.auth.models import User @@ -86,6 +86,27 @@ class TokenGeneratorTest(TestCase): ) self.assertIs(p4.check_token(user, tk1), False) + def test_legacy_days_timeout(self): + # RemovedInDjango40Warning: pre-Django 3.1 tokens will be invalid. + class LegacyPasswordResetTokenGenerator(MockedPasswordResetTokenGenerator): + """Pre-Django 3.1 tokens generator.""" + def _num_seconds(self, dt): + # Pre-Django 3.1 tokens use days instead of seconds. + return (dt.date() - date(2001, 1, 1)).days + + user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw') + now = datetime.now() + p0 = LegacyPasswordResetTokenGenerator(now) + tk1 = p0.make_token(user) + p1 = MockedPasswordResetTokenGenerator( + now + timedelta(seconds=settings.PASSWORD_RESET_TIMEOUT), + ) + self.assertIs(p1.check_token(user, tk1), True) + p2 = MockedPasswordResetTokenGenerator( + now + timedelta(seconds=(settings.PASSWORD_RESET_TIMEOUT + 24 * 60 * 60)), + ) + self.assertIs(p2.check_token(user, tk1), False) + def test_check_token_with_nonexistent_token_and_user(self): user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw') p0 = PasswordResetTokenGenerator() |
