Fixed #28622 -- Allowed specifying password reset link expiration in seconds and deprecated PASSWORD_RESET_TIMEOUT_DAYS.

author: Hasan Ramezani <hasan.r67@gmail.com> 2019-08-23 17:14:07 +0200
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2019-09-20 13:52:04 +0200
commit: 226ebb17290b604ef29e82fb5c1fbac3594ac163 (patch)
tree: 6845abde1e47ec7f5d295ab609becce3c7f492a8 /tests/auth_tests/test_password_reset_timeout_days.py
parent: 0719edcd5fed56157ffb3323a8f634aa5e8f9a80 (diff)
1 files changed, 88 insertions, 0 deletions
diff --git a/tests/auth_tests/test_password_reset_timeout_days.py b/tests/auth_tests/test_password_reset_timeout_days.py
new file mode 100644
index 0000000000..db9aa62726
--- /dev/null
+++ b/tests/auth_tests/test_password_reset_timeout_days.py
@@ -0,0 +1,88 @@
+import sys
+from datetime import datetime, timedelta
+from types import ModuleType
+
+from django.conf import (
+    PASSWORD_RESET_TIMEOUT_DAYS_DEPRECATED_MSG, Settings, settings,
+)
+from django.contrib.auth.models import User
+from django.contrib.auth.tokens import PasswordResetTokenGenerator
+from django.core.exceptions import ImproperlyConfigured
+from django.test import TestCase, ignore_warnings
+from django.utils.deprecation import RemovedInDjango40Warning
+
+
+class DeprecationTests(TestCase):
+    msg = PASSWORD_RESET_TIMEOUT_DAYS_DEPRECATED_MSG
+
+    @ignore_warnings(category=RemovedInDjango40Warning)
+    def test_timeout(self):
+        """The token is valid after n days, but no greater."""
+        # Uses a mocked version of PasswordResetTokenGenerator so we can change
+        # the value of 'now'.
+        class Mocked(PasswordResetTokenGenerator):
+            def __init__(self, now):
+                self._now_val = now
+
+            def _now(self):
+                return self._now_val
+
+        user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')
+        p0 = PasswordResetTokenGenerator()
+        tk1 = p0.make_token(user)
+        p1 = Mocked(datetime.now() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS))
+        self.assertTrue(p1.check_token(user, tk1))
+        p2 = Mocked(datetime.now() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1))
+        self.assertFalse(p2.check_token(user, tk1))
+        with self.settings(PASSWORD_RESET_TIMEOUT_DAYS=1):
+            self.assertEqual(settings.PASSWORD_RESET_TIMEOUT, 60 * 60 * 24)
+            p3 = Mocked(datetime.now() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS))
+            self.assertTrue(p3.check_token(user, tk1))
+            p4 = Mocked(datetime.now() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1))
+            self.assertFalse(p4.check_token(user, tk1))
+
+    def test_override_settings_warning(self):
+        with self.assertRaisesMessage(RemovedInDjango40Warning, self.msg):
+            with self.settings(PASSWORD_RESET_TIMEOUT_DAYS=2):
+                pass
+
+    def test_settings_init_warning(self):
+        settings_module = ModuleType('fake_settings_module')
+        settings_module.SECRET_KEY = 'foo'
+        settings_module.PASSWORD_RESET_TIMEOUT_DAYS = 2
+        sys.modules['fake_settings_module'] = settings_module
+        try:
+            with self.assertRaisesMessage(RemovedInDjango40Warning, self.msg):
+                Settings('fake_settings_module')
+        finally:
+            del sys.modules['fake_settings_module']
+
+    def test_access_warning(self):
+        with self.assertRaisesMessage(RemovedInDjango40Warning, self.msg):
+            settings.PASSWORD_RESET_TIMEOUT_DAYS
+        # Works a second time.
+        with self.assertRaisesMessage(RemovedInDjango40Warning, self.msg):
+            settings.PASSWORD_RESET_TIMEOUT_DAYS
+
+    @ignore_warnings(category=RemovedInDjango40Warning)
+    def test_access(self):
+        with self.settings(PASSWORD_RESET_TIMEOUT_DAYS=2):
+            self.assertEqual(settings.PASSWORD_RESET_TIMEOUT_DAYS, 2)
+            # Works a second time.
+            self.assertEqual(settings.PASSWORD_RESET_TIMEOUT_DAYS, 2)
+
+    def test_use_both_settings_init_error(self):
+        msg = (
+            'PASSWORD_RESET_TIMEOUT_DAYS/PASSWORD_RESET_TIMEOUT are '
+            'mutually exclusive.'
+        )
+        settings_module = ModuleType('fake_settings_module')
+        settings_module.SECRET_KEY = 'foo'
+        settings_module.PASSWORD_RESET_TIMEOUT_DAYS = 2
+        settings_module.PASSWORD_RESET_TIMEOUT = 2000
+        sys.modules['fake_settings_module'] = settings_module
+        try:
+            with self.assertRaisesMessage(ImproperlyConfigured, msg):
+                Settings('fake_settings_module')
+        finally:
+            del sys.modules['fake_settings_module']
author	Hasan Ramezani <hasan.r67@gmail.com>	2019-08-23 17:14:07 +0200
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2019-09-20 13:52:04 +0200
commit	226ebb17290b604ef29e82fb5c1fbac3594ac163 (patch)
tree	6845abde1e47ec7f5d295ab609becce3c7f492a8 /tests/auth_tests/test_password_reset_timeout_days.py
parent	0719edcd5fed56157ffb3323a8f634aa5e8f9a80 (diff)