summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorRob <tienrobertnguyenn@gmail.com>2019-05-23 22:18:49 +1000
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2019-05-24 08:40:25 +0200
commit58df8aa40fe88f753ba79e091a52f236246260b3 (patch)
treedf59e1974eb9149b98ebe8aacefb403e31f32eb3 /tests
parent8000767769ac37ec7f73eb9fcc4b3fc7399a5808 (diff)
Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs.
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
Diffstat (limited to 'tests')
-rw-r--r--tests/auth_tests/client.py6
-rw-r--r--tests/auth_tests/test_views.py20
-rw-r--r--tests/auth_tests/urls.py4
3 files changed, 28 insertions, 2 deletions
diff --git a/tests/auth_tests/client.py b/tests/auth_tests/client.py
index 8f09f115cd..42740bb0e8 100644
--- a/tests/auth_tests/client.py
+++ b/tests/auth_tests/client.py
@@ -1,7 +1,7 @@
import re
from django.contrib.auth.views import (
- INTERNAL_RESET_SESSION_TOKEN, INTERNAL_RESET_URL_TOKEN,
+ INTERNAL_RESET_SESSION_TOKEN, PasswordResetConfirmView,
)
from django.test import Client
@@ -22,6 +22,8 @@ class PasswordResetConfirmClient(Client):
>>> client = PasswordResetConfirmClient()
>>> client.get('/reset/bla/my-token/')
"""
+ reset_url_token = PasswordResetConfirmView.reset_url_token
+
def _get_password_reset_confirm_redirect_url(self, url):
token = extract_token_from_url(url)
if not token:
@@ -30,7 +32,7 @@ class PasswordResetConfirmClient(Client):
session = self.session
session[INTERNAL_RESET_SESSION_TOKEN] = token
session.save()
- return url.replace(token, INTERNAL_RESET_URL_TOKEN)
+ return url.replace(token, self.reset_url_token)
def get(self, path, *args, **kwargs):
redirect_url = self._get_password_reset_confirm_redirect_url(path)
diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py
index 99de78e44d..0b07b7ebbc 100644
--- a/tests/auth_tests/test_views.py
+++ b/tests/auth_tests/test_views.py
@@ -304,6 +304,16 @@ class PasswordResetTest(AuthViewsTestCase):
response = self.client.post(path, {'new_password1': 'anewpassword', 'new_password2': 'anewpassword'})
self.assertRedirects(response, '/password_reset/', fetch_redirect_response=False)
+ def test_confirm_custom_reset_url_token(self):
+ url, path = self._test_confirm_start()
+ path = path.replace('/reset/', '/reset/custom/token/')
+ self.client.reset_url_token = 'set-passwordcustom'
+ response = self.client.post(
+ path,
+ {'new_password1': 'anewpassword', 'new_password2': 'anewpassword'},
+ )
+ self.assertRedirects(response, '/reset/done/', fetch_redirect_response=False)
+
def test_confirm_login_post_reset(self):
url, path = self._test_confirm_start()
path = path.replace('/reset/', '/reset/post_reset_login/')
@@ -360,6 +370,16 @@ class PasswordResetTest(AuthViewsTestCase):
self.assertRedirects(response, '/reset/%s/set-password/' % uuidb64)
self.assertEqual(client.session['_password_reset_token'], token)
+ def test_confirm_custom_reset_url_token_link_redirects_to_set_password_page(self):
+ url, path = self._test_confirm_start()
+ path = path.replace('/reset/', '/reset/custom/token/')
+ client = Client()
+ response = client.get(path)
+ token = response.resolver_match.kwargs['token']
+ uuidb64 = response.resolver_match.kwargs['uidb64']
+ self.assertRedirects(response, '/reset/custom/token/%s/set-passwordcustom/' % uuidb64)
+ self.assertEqual(client.session['_password_reset_token'], token)
+
def test_invalid_link_if_going_directly_to_the_final_reset_password_url(self):
url, path = self._test_confirm_start()
_, uuidb64, _ = path.strip('/').split('/')
diff --git a/tests/auth_tests/urls.py b/tests/auth_tests/urls.py
index 142a2b49c2..f3cfa9f982 100644
--- a/tests/auth_tests/urls.py
+++ b/tests/auth_tests/urls.py
@@ -112,6 +112,10 @@ urlpatterns = auth_urlpatterns + [
views.PasswordResetConfirmView.as_view(success_url=reverse_lazy('password_reset')),
),
re_path(
+ '^reset/custom/token/{}/$'.format(uid_token),
+ views.PasswordResetConfirmView.as_view(reset_url_token='set-passwordcustom'),
+ ),
+ re_path(
'^reset/post_reset_login/{}/$'.format(uid_token),
views.PasswordResetConfirmView.as_view(post_reset_login=True),
),