diff options
| author | Mattia Procopio <promat85@gmail.com> | 2018-03-16 02:33:15 +0100 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2018-03-15 21:33:15 -0400 |
| commit | aeb8c381789ad93866223f8bd07d09ae5e2edd9e (patch) | |
| tree | 7118556c755b9c0e0f333fda1f7a2f1bfff1638d /tests/auth_tests/test_views.py | |
| parent | b60e5fdbb778088b4b7e9e1522808f0c999e1dd9 (diff) | |
Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected.
Diffstat (limited to 'tests/auth_tests/test_views.py')
| -rw-r--r-- | tests/auth_tests/test_views.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py index e016cd07ff..bb5bd7a087 100644 --- a/tests/auth_tests/test_views.py +++ b/tests/auth_tests/test_views.py @@ -28,6 +28,7 @@ from django.middleware.csrf import CsrfViewMiddleware, get_token from django.test import Client, TestCase, override_settings from django.test.utils import patch_logger from django.urls import NoReverseMatch, reverse, reverse_lazy +from django.utils.http import urlsafe_base64_encode from django.utils.translation import LANGUAGE_SESSION_KEY from .client import PasswordResetConfirmClient @@ -437,6 +438,14 @@ class UUIDUserPasswordResetTest(CustomUserPasswordResetTest): ) return super()._test_confirm_start() + def test_confirm_invalid_uuid(self): + """A uidb64 that decodes to a non-UUID doesn't crash.""" + _, path = self._test_confirm_start() + invalid_uidb64 = urlsafe_base64_encode('INVALID_UUID'.encode()).decode() + first, _uuidb64_, second = path.strip('/').split('/') + response = self.client.get('/' + '/'.join((first, invalid_uidb64, second)) + '/') + self.assertContains(response, 'The password reset link was invalid') + class ChangePasswordTest(AuthViewsTestCase): |