diff options
| author | Rob <tienrobertnguyenn@gmail.com> | 2019-05-23 22:18:49 +1000 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2019-05-24 08:40:25 +0200 |
| commit | 58df8aa40fe88f753ba79e091a52f236246260b3 (patch) | |
| tree | df59e1974eb9149b98ebe8aacefb403e31f32eb3 /tests | |
| parent | 8000767769ac37ec7f73eb9fcc4b3fc7399a5808 (diff) | |
Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs.
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/auth_tests/client.py | 6 | ||||
| -rw-r--r-- | tests/auth_tests/test_views.py | 20 | ||||
| -rw-r--r-- | tests/auth_tests/urls.py | 4 |
3 files changed, 28 insertions, 2 deletions
diff --git a/tests/auth_tests/client.py b/tests/auth_tests/client.py index 8f09f115cd..42740bb0e8 100644 --- a/tests/auth_tests/client.py +++ b/tests/auth_tests/client.py @@ -1,7 +1,7 @@ import re from django.contrib.auth.views import ( - INTERNAL_RESET_SESSION_TOKEN, INTERNAL_RESET_URL_TOKEN, + INTERNAL_RESET_SESSION_TOKEN, PasswordResetConfirmView, ) from django.test import Client @@ -22,6 +22,8 @@ class PasswordResetConfirmClient(Client): >>> client = PasswordResetConfirmClient() >>> client.get('/reset/bla/my-token/') """ + reset_url_token = PasswordResetConfirmView.reset_url_token + def _get_password_reset_confirm_redirect_url(self, url): token = extract_token_from_url(url) if not token: @@ -30,7 +32,7 @@ class PasswordResetConfirmClient(Client): session = self.session session[INTERNAL_RESET_SESSION_TOKEN] = token session.save() - return url.replace(token, INTERNAL_RESET_URL_TOKEN) + return url.replace(token, self.reset_url_token) def get(self, path, *args, **kwargs): redirect_url = self._get_password_reset_confirm_redirect_url(path) diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py index 99de78e44d..0b07b7ebbc 100644 --- a/tests/auth_tests/test_views.py +++ b/tests/auth_tests/test_views.py @@ -304,6 +304,16 @@ class PasswordResetTest(AuthViewsTestCase): response = self.client.post(path, {'new_password1': 'anewpassword', 'new_password2': 'anewpassword'}) self.assertRedirects(response, '/password_reset/', fetch_redirect_response=False) + def test_confirm_custom_reset_url_token(self): + url, path = self._test_confirm_start() + path = path.replace('/reset/', '/reset/custom/token/') + self.client.reset_url_token = 'set-passwordcustom' + response = self.client.post( + path, + {'new_password1': 'anewpassword', 'new_password2': 'anewpassword'}, + ) + self.assertRedirects(response, '/reset/done/', fetch_redirect_response=False) + def test_confirm_login_post_reset(self): url, path = self._test_confirm_start() path = path.replace('/reset/', '/reset/post_reset_login/') @@ -360,6 +370,16 @@ class PasswordResetTest(AuthViewsTestCase): self.assertRedirects(response, '/reset/%s/set-password/' % uuidb64) self.assertEqual(client.session['_password_reset_token'], token) + def test_confirm_custom_reset_url_token_link_redirects_to_set_password_page(self): + url, path = self._test_confirm_start() + path = path.replace('/reset/', '/reset/custom/token/') + client = Client() + response = client.get(path) + token = response.resolver_match.kwargs['token'] + uuidb64 = response.resolver_match.kwargs['uidb64'] + self.assertRedirects(response, '/reset/custom/token/%s/set-passwordcustom/' % uuidb64) + self.assertEqual(client.session['_password_reset_token'], token) + def test_invalid_link_if_going_directly_to_the_final_reset_password_url(self): url, path = self._test_confirm_start() _, uuidb64, _ = path.strip('/').split('/') diff --git a/tests/auth_tests/urls.py b/tests/auth_tests/urls.py index 142a2b49c2..f3cfa9f982 100644 --- a/tests/auth_tests/urls.py +++ b/tests/auth_tests/urls.py @@ -112,6 +112,10 @@ urlpatterns = auth_urlpatterns + [ views.PasswordResetConfirmView.as_view(success_url=reverse_lazy('password_reset')), ), re_path( + '^reset/custom/token/{}/$'.format(uid_token), + views.PasswordResetConfirmView.as_view(reset_url_token='set-passwordcustom'), + ), + re_path( '^reset/post_reset_login/{}/$'.format(uid_token), views.PasswordResetConfirmView.as_view(post_reset_login=True), ), |
