diff options
| author | Florian Apolloner <florian@apolloner.eu> | 2016-11-21 17:21:43 +0100 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2016-11-21 13:42:25 -0500 |
| commit | 51eaff6d359065cbf790a649ca2061581af23711 (patch) | |
| tree | cc2fb7ff57ac9081eb2eb3a86d784691cddb648c /tests/auth_tests | |
| parent | 55adfc076030fc6be2c8d459c4c0a5c91cd4c94c (diff) | |
Refs #17209 -- Fixed token verification for PasswordResetConfirmView POST requests.
Diffstat (limited to 'tests/auth_tests')
| -rw-r--r-- | tests/auth_tests/test_views.py | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py index 77d1ada13b..209f9f698a 100644 --- a/tests/auth_tests/test_views.py +++ b/tests/auth_tests/test_views.py @@ -255,6 +255,23 @@ class PasswordResetTest(AuthViewsTestCase): u = User.objects.get(email='staffmember@example.com') self.assertTrue(not u.check_password("anewpassword")) + def test_confirm_invalid_hash(self): + """A POST with an invalid token is rejected.""" + u = User.objects.get(email='staffmember@example.com') + original_password = u.password + url, path = self._test_confirm_start() + path_parts = path.split('-') + path_parts[-1] = ("0") * 20 + '/' + path = '-'.join(path_parts) + + response = self.client.post(path, { + 'new_password1': 'anewpassword', + 'new_password2': 'anewpassword', + }) + self.assertIs(response.context['validlink'], False) + u.refresh_from_db() + self.assertEqual(original_password, u.password) # password hasn't changed + def test_confirm_complete(self): url, path = self._test_confirm_start() response = self.client.post(path, {'new_password1': 'anewpassword', 'new_password2': 'anewpassword'}) |