('mediagoblin.auth.verify_email', '/verify_email/',
'mediagoblin.auth.views:verify_email'),
('mediagoblin.auth.resend_verification', '/resend_verification/',
- 'mediagoblin.auth.views:resend_activation')]
+ 'mediagoblin.auth.views:resend_activation'),
+ ('mediagoblin.auth.forgot_password', '/forgot_password/',
+ 'mediagoblin.auth.views:forgot_password'),
+ ('mediagoblin.auth.verify_forgot_password',
+ '/forgot_password/verify/',
+ 'mediagoblin.auth.views:verify_forgot_password')]
from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
from mediagoblin.tools.template import render_template
from mediagoblin.tools.pluginapi import hook_handle
-from mediagoblin.tools.response import redirect
from mediagoblin import auth
from mediagoblin.db.models import User
# example "GNU MediaGoblin @ Wandborg - [...]".
'GNU MediaGoblin - Verify your email!',
rendered_email)
+
+
+EMAIL_FP_VERIFICATION_TEMPLATE = (
+ u"http://{host}{uri}?"
+ u"userid={userid}&token={fp_verification_key}")
+
+
+def send_fp_verification_email(user, request):
+ """
+ Send the verification email to users to change their password.
+
+ Args:
+ - user: a user object
+ - request: the request
+ """
+ rendered_email = render_template(
+ request, 'mediagoblin/auth/fp_verification_email.txt',
+ {'username': user.username,
+ 'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format(
+ host=request.host,
+ uri=request.urlgen('mediagoblin.auth.verify_forgot_password'),
+ userid=unicode(user.id),
+ fp_verification_key=user.fp_verification_key)})
+
+ # TODO: There is no error handling in place
+ send_email(
+ mg_globals.app_config['email_sender_address'],
+ [user.email],
+ 'GNU MediaGoblin - Change forgotten password!',
+ rendered_email)
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import uuid
+import datetime
from mediagoblin import messages, mg_globals
from mediagoblin.db.models import User
from mediagoblin.auth import lib as auth_lib
from mediagoblin.auth import forms as auth_forms
from mediagoblin.auth.tools import (send_verification_email,
- register_user, email_debug_message)
+ register_user, email_debug_message,
+ send_fp_verification_email)
from mediagoblin import auth
Sends an email with an url to renew forgotten password.
Use GET querystring parameter 'username' to pre-populate the input field
"""
+ if not 'pass_auth' in request.template_env.globals:
+ return redirect(request, 'index')
+
fp_form = auth_forms.ForgotPassForm(request.form,
username=request.args.get('username'))
if not (request.method == 'POST' and fp_form.validate()):
# Either GET request, or invalid form submitted. Display the template
return render_to_response(request,
- 'mediagoblin/auth/forgot_password.html', {'fp_form': fp_form})
+ 'mediagoblin/auth/forgot_password.html', {'fp_form': fp_form,
+ 'focus': 'username'})
# If we are here: method == POST and form is valid. username casing
# has been sanitized. Store if a user was found by email. We should
return render_to_response(
request,
'mediagoblin/auth/change_fp.html',
- {'cp_form': cp_form})
+ {'cp_form': cp_form,
+ 'focus': 'password'})
# in case there is a valid id but no user with that id in the db
# or the token expired
formdata = {
'vars': formdata_vars,
'has_userid_and_token':
- 'userid' in formdata_vars and 'token' in formdata_vars}
+ 'userid' in formdata_vars and 'token' in formdata_vars}
return formdata
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-import os
import uuid
-import forms as auth_forms
-import lib as auth_lib
+from mediagoblin.plugins.basic_auth import forms as auth_forms
+from mediagoblin.plugins.basic_auth import lib as auth_lib
from mediagoblin.db.models import User
from mediagoblin.tools import pluginapi
from sqlalchemy import or_
normalize_user_or_email_field(allow_email=False)])
password = wtforms.PasswordField(
_('Password'),
- [wtforms.validators.Optional(),
+ [wtforms.validators.Required(),
wtforms.validators.Length(min=5, max=1024)])
email = wtforms.TextField(
_('Email address'),
_('Password'),
[wtforms.validators.Required(),
wtforms.validators.Length(min=5, max=1024)])
-
-
-class ForgotPassForm(wtforms.Form):
- username = wtforms.TextField(
- _('Username or email'),
- [wtforms.validators.Required(),
- normalize_user_or_email_field()])
-
-
-class ChangePassForm(wtforms.Form):
- password = wtforms.PasswordField(
- 'Password',
- [wtforms.validators.Required(),
- wtforms.validators.Length(min=5, max=1024)])
- userid = wtforms.HiddenField(
- '',
- [wtforms.validators.Required()])
- token = wtforms.HiddenField(
- '',
- [wtforms.validators.Required()])
import bcrypt
import random
-from mediagoblin.tools.template import render_template
-from mediagoblin.tools.mail import send_email
-from mediagoblin import mg_globals
-
def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
"""
bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt()))
-EMAIL_FP_VERIFICATION_TEMPLATE = (
- u"http://{host}{uri}?"
- u"userid={userid}&token={fp_verification_key}")
-
-
-def send_fp_verification_email(user, request):
- """
- Send the verification email to users to change their password.
-
- Args:
- - user: a user object
- - request: the request
- """
- rendered_email = render_template(
- request, 'mediagoblin/auth/fp_verification_email.txt',
- {'username': user.username,
- 'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format(
- host=request.host,
- uri=request.urlgen('mediagoblin.plugins.' +
- 'basic_auth.verify_forgot_password'),
- userid=unicode(user.id),
- fp_verification_key=user.fp_verification_key)})
-
- # TODO: There is no error handling in place
- send_email(
- mg_globals.app_config['email_sender_address'],
- [user.email],
- 'GNU MediaGoblin - Change forgotten password!',
- rendered_email)
-
-
def fake_login_attempt():
"""
Pretend we're trying to login.
+++ /dev/null
-{#
-# GNU MediaGoblin -- federated, autonomous media hosting
-# Copyright (C) 2011 Free Software Foundation, Inc
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#}
-{% extends "mediagoblin/base.html" %}
-
-{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
-
-{% block mediagoblin_head %}
- <script type="text/javascript"
- src="{{ request.staticdirect('/js/show_password.js') }}"></script>
-{% endblock mediagoblin_head %}
-
-{% block title -%}
- {% trans %}Set your new password{% endtrans %} — {{ super() }}
-{%- endblock %}
-
-{% block mediagoblin_content %}
- <form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.verify_forgot_password') }}"
- method="POST" enctype="multipart/form-data">
- {{ csrf_token }}
- <div class="form_box">
- <h1>{% trans %}Set your new password{% endtrans %}</h1>
- {{ wtforms_util.render_divs(cp_form) }}
- <div class="form_submit_buttons">
- <input type="submit" value="{% trans %}Set password{% endtrans %}" class="button_form"/>
- </div>
- </div>
- </form>
-{% endblock %}
-
+++ /dev/null
-{#
-# GNU MediaGoblin -- federated, autonomous media hosting
-# Copyright (C) 2011 Free Software Foundation, Inc
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#}
-{% extends "mediagoblin/base.html" %}
-
-{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
-
-{% block title -%}
- {% trans %}Recover password{% endtrans %} — {{ super() }}
-{%- endblock %}
-
-{% block mediagoblin_content %}
- <form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.forgot_password') }}"
- method="POST" enctype="multipart/form-data">
- {{ csrf_token }}
- <div class="form_box">
- <h1>{% trans %}Recover password{% endtrans %}</h1>
- {{ wtforms_util.render_divs(fp_form) }}
- <div class="form_submit_buttons">
- <input type="submit" value="{% trans %}Send instructions{% endtrans %}" class="button_form"/>
- </div>
- </div>
- </form>
-{% endblock %}
+++ /dev/null
-# GNU MediaGoblin -- federated, autonomous media hosting
-# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-import uuid
-import datetime
-
-import forms as auth_forms
-from mediagoblin.tools.response import render_to_response, redirect, render_404
-from mediagoblin.db.models import User
-from mediagoblin.tools.translate import pass_to_ugettext as _
-from mediagoblin import messages
-from mediagoblin.auth.views import email_debug_message
-from mediagoblin.auth.lib import send_fp_verification_email
-from mediagoblin.auth import lib as auth_lib
-
-
-
-def forgot_password(request):
- """
- Forgot password view
-
- Sends an email with an url to renew forgotten password.
- Use GET querystring parameter 'username' to pre-populate the input field
- """
- fp_form = auth_forms.ForgotPassForm(request.form,
- username=request.args.get('username'))
-
- if not (request.method == 'POST' and fp_form.validate()):
- # Either GET request, or invalid form submitted. Display the template
- return render_to_response(request,
- 'mediagoblin/plugins/basic_auth/forgot_password.html', {'fp_form': fp_form})
-
- # If we are here: method == POST and form is valid. username casing
- # has been sanitized. Store if a user was found by email. We should
- # not reveal if the operation was successful then as we don't want to
- # leak if an email address exists in the system.
- found_by_email = '@' in fp_form.username.data
-
- if found_by_email:
- user = User.query.filter_by(
- email=fp_form.username.data).first()
- # Don't reveal success in case the lookup happened by email address.
- success_message = _("If that email address (case sensitive!) is "
- "registered an email has been sent with "
- "instructions on how to change your password.")
-
- else: # found by username
- user = User.query.filter_by(
- username=fp_form.username.data).first()
-
- if user is None:
- messages.add_message(request,
- messages.WARNING,
- _("Couldn't find someone with that username."))
- return redirect(request, 'mediagoblin.auth.forgot_password')
-
- success_message = _("An email has been sent with instructions "
- "on how to change your password.")
-
- if user and not(user.email_verified and user.status == 'active'):
- # Don't send reminder because user is inactive or has no verified email
- messages.add_message(request,
- messages.WARNING,
- _("Could not send password recovery email as your username is in"
- "active or your account's email address has not been verified."))
-
- return redirect(request, 'mediagoblin.user_pages.user_home',
- user=user.username)
-
- # SUCCESS. Send reminder and return to login page
- if user:
- user.fp_verification_key = unicode(uuid.uuid4())
- user.fp_token_expire = datetime.datetime.now() + \
- datetime.timedelta(days=10)
- user.save()
-
- email_debug_message(request)
- send_fp_verification_email(user, request)
-
- messages.add_message(request, messages.INFO, success_message)
- return redirect(request, 'mediagoblin.auth.login')
-
-
-def verify_forgot_password(request):
- """
- Check the forgot-password verification and possibly let the user
- change their password because of it.
- """
- # get form data variables, and specifically check for presence of token
- formdata = _process_for_token(request)
- if not formdata['has_userid_and_token']:
- return render_404(request)
-
- formdata_token = formdata['vars']['token']
- formdata_userid = formdata['vars']['userid']
- formdata_vars = formdata['vars']
-
- # check if it's a valid user id
- user = User.query.filter_by(id=formdata_userid).first()
- if not user:
- return render_404(request)
-
- # check if we have a real user and correct token
- if ((user and user.fp_verification_key and
- user.fp_verification_key == unicode(formdata_token) and
- datetime.datetime.now() < user.fp_token_expire
- and user.email_verified and user.status == 'active')):
-
- cp_form = auth_forms.ChangePassForm(formdata_vars)
-
- if request.method == 'POST' and cp_form.validate():
- user.pw_hash = auth_lib.bcrypt_gen_password_hash(
- cp_form.password.data)
- user.fp_verification_key = None
- user.fp_token_expire = None
- user.save()
-
- messages.add_message(
- request,
- messages.INFO,
- _("You can now log in using your new password."))
- return redirect(request, 'mediagoblin.auth.login')
- else:
- return render_to_response(
- request,
- 'mediagoblin/plugins/basic_auth/change_fp.html',
- {'cp_form': cp_form})
-
- # in case there is a valid id but no user with that id in the db
- # or the token expired
- else:
- return render_404(request)
-
-
-def _process_for_token(request):
- """
- Checks for tokens in formdata without prior knowledge of request method
-
- For now, returns whether the userid and token formdata variables exist, and
- the formdata variables in a hash. Perhaps an object is warranted?
- """
- # retrieve the formdata variables
- if request.method == 'GET':
- formdata_vars = request.GET
- else:
- formdata_vars = request.form
-
- formdata = {
- 'vars': formdata_vars,
- 'has_userid_and_token':
- 'userid' in formdata_vars and 'token' in formdata_vars}
-
- return formdata
{%- endblock %}
{% block mediagoblin_content %}
- <form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.forgot_password') }}"
+ <form action="{{ request.urlgen('mediagoblin.auth.forgot_password') }}"
method="POST" enctype="multipart/form-data">
{{ csrf_token }}
<div class="form_box">
</p>
{% endif %}
{{ wtforms_util.render_divs(login_form) }}
+ {% if pass_auth %}
<p>
<a href="{{ request.urlgen('mediagoblin.auth.forgot_password') }}" id="forgot_password">
{% trans %}Forgot your password?{% endtrans %}</a>
</p>
+ {% endif %}
<div class="form_submit_buttons">
<input type="submit" value="{% trans %}Log in{% endtrans %}" class="button_form"/>
</div>
+++ /dev/null
-[mediagoblin]
-direct_remote_path = /test_static/
-email_sender_address = "notice@mediagoblin.example.org"
-email_debug_mode = true
-no_auth = false
-
-# TODO: Switch to using an in-memory database
-sql_engine = "sqlite:///%(here)s/user_dev/mediagoblin.db"
-
-# Celery shouldn't be set up by the application as it's setup via
-# mediagoblin.init.celery.from_celery
-celery_setup_elsewhere = true
-
-[storage:publicstore]
-base_dir = %(here)s/user_dev/media/public
-base_url = /mgoblin_media/
-
-[storage:queuestore]
-base_dir = %(here)s/user_dev/media/queue
-
-[celery]
-CELERY_ALWAYS_EAGER = true
-CELERY_RESULT_DBURI = "sqlite:///%(here)s/user_dev/celery.db"
-BROKER_HOST = "sqlite:///%(here)s/user_dev/kombu.db"
-
-[plugins]
-[[mediagoblin.plugins.basic_auth]]
-
+++ /dev/null
-[mediagoblin]
-direct_remote_path = /test_static/
-email_sender_address = "notice@mediagoblin.example.org"
-email_debug_mode = true
-no_auth = false
-
-# TODO: Switch to using an in-memory database
-sql_engine = "sqlite:///%(here)s/test_user_dev/mediagoblin.db"
-
-# Celery shouldn't be set up by the application as it's setup via
-# mediagoblin.init.celery.from_celery
-celery_setup_elsewhere = true
-
-[storage:publicstore]
-base_dir = %(here)s/test_user_dev/media/public
-base_url = /mgoblin_media/
-
-[storage:queuestore]
-base_dir = %(here)s/test_user_dev/media/queue
-
-[celery]
-CELERY_ALWAYS_EAGER = true
-CELERY_RESULT_DBURI = "sqlite:///%(here)s/test_user_dev/celery.db"
-BROKER_HOST = "sqlite:///%(here)s/test_user_dev/kombu.db"
-
-[plugins]
-[[mediagoblin.plugins.basic_auth]]
-
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+import urlparse
+import datetime
import pkg_resources
import pytest
-import urlparse
from mediagoblin import mg_globals
from mediagoblin.db.models import User
## TODO: Also check for double instances of an email address?
+ ### Oops, forgot the password
+ # -------------------
+ template.clear_test_template_context()
+ response = test_app.post(
+ '/auth/forgot_password/',
+ {'username': u'happygirl'})
+ response.follow()
+
+ ## Did we redirect to the proper page? Use the right template?
+ assert urlparse.urlsplit(response.location)[2] == '/auth/login/'
+ assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
+
+ ## Make sure link to change password is sent by email
+ assert len(mail.EMAIL_TEST_INBOX) == 1
+ message = mail.EMAIL_TEST_INBOX.pop()
+ assert message['To'] == 'happygrrl@example.org'
+ email_context = template.TEMPLATE_TEST_CONTEXT[
+ 'mediagoblin/auth/fp_verification_email.txt']
+ #TODO - change the name of verification_url to something forgot-password-ish
+ assert email_context['verification_url'] in message.get_payload(decode=True)
+
+ path = urlparse.urlsplit(email_context['verification_url'])[2]
+ get_params = urlparse.urlsplit(email_context['verification_url'])[3]
+ assert path == u'/auth/forgot_password/verify/'
+ parsed_get_params = urlparse.parse_qs(get_params)
+
+ # user should have matching parameters
+ new_user = mg_globals.database.User.find_one({'username': u'happygirl'})
+ assert parsed_get_params['userid'] == [unicode(new_user.id)]
+ assert parsed_get_params['token'] == [new_user.fp_verification_key]
+
+ ### The forgotten password token should be set to expire in ~ 10 days
+ # A few ticks have expired so there are only 9 full days left...
+ assert (new_user.fp_token_expire - datetime.datetime.now()).days == 9
+
+ ## Try using a bs password-changing verification key, shouldn't work
+ template.clear_test_template_context()
+ response = test_app.get(
+ "/auth/forgot_password/verify/?userid=%s&token=total_bs" % unicode(
+ new_user.id), status=404)
+ assert response.status.split()[0] == u'404' # status="404 NOT FOUND"
+
+ ## Try using an expired token to change password, shouldn't work
+ template.clear_test_template_context()
+ new_user = mg_globals.database.User.find_one({'username': u'happygirl'})
+ real_token_expiration = new_user.fp_token_expire
+ new_user.fp_token_expire = datetime.datetime.now()
+ new_user.save()
+ response = test_app.get("%s?%s" % (path, get_params), status=404)
+ assert response.status.split()[0] == u'404' # status="404 NOT FOUND"
+ new_user.fp_token_expire = real_token_expiration
+ new_user.save()
+
+ ## Verify step 1 of password-change works -- can see form to change password
+ template.clear_test_template_context()
+ response = test_app.get("%s?%s" % (path, get_params))
+ assert 'mediagoblin/auth/change_fp.html' in template.TEMPLATE_TEST_CONTEXT
+
+ ## Verify step 2.1 of password-change works -- report success to user
+ template.clear_test_template_context()
+ response = test_app.post(
+ '/auth/forgot_password/verify/', {
+ 'userid': parsed_get_params['userid'],
+ 'password': 'iamveryveryhappy',
+ 'token': parsed_get_params['token']})
+ response.follow()
+ assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
+
+ ## Verify step 2.2 of password-change works -- login w/ new password success
+ template.clear_test_template_context()
+ response = test_app.post(
+ '/auth/login/', {
+ 'username': u'happygirl',
+ 'password': 'iamveryveryhappy'})
+
+ # User should be redirected
+ response.follow()
+ assert urlparse.urlsplit(response.location)[2] == '/'
+ assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
+
def test_authentication_views(test_app):
"""
## Test check_login should return False
assert auth.check_login('test', 'simple') is False
+
+ # Try to visit the forgot password page
+ template.clear_test_template_context()
+ response = no_auth_true_no_auth_plugin_app.get('/auth/register/')
+ response.follow()
+
+ # Correct redirect?
+ assert urlparse.urlsplit(response.location)[2] == '/'
+ assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-import urlparse
-import datetime
-import pkg_resources
-import pytest
-
from mediagoblin.plugins.basic_auth import lib as auth_lib
-from mediagoblin import mg_globals
-from mediagoblin.tools import template, mail
-from mediagoblin.tests.tools import get_app, fixture_add_user
from mediagoblin.tools.testing import _activate_testing
_activate_testing()
pw, hashed_pw, '3><7R45417')
assert not auth_lib.bcrypt_check_password(
'notthepassword', hashed_pw, '3><7R45417')
-
-
-@pytest.fixture()
-def context_modified_app(request):
- return get_app(
- request,
- mgoblin_config=pkg_resources.resource_filename(
- 'mediagoblin.tests.auth_configs', 'basic_auth_appconfig.ini'))
-
-
-def test_fp_view(context_modified_app):
- ### Oops, forgot the password
- ## Register a user
- fixture_add_user(active_user=True)
-
- # -------------------
- template.clear_test_template_context()
- response = context_modified_app.post(
- '/auth/forgot_password/',
- {'username': u'chris'})
- response.follow()
-
- ## Did we redirect to the proper page? Use the right template?
- assert urlparse.urlsplit(response.location)[2] == '/auth/login/'
- assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
-
- ## Make sure link to change password is sent by email
- assert len(mail.EMAIL_TEST_INBOX) == 1
- message = mail.EMAIL_TEST_INBOX.pop()
- assert message['To'] == 'chris@example.com'
- email_context = template.TEMPLATE_TEST_CONTEXT[
- 'mediagoblin/auth/fp_verification_email.txt']
- #TODO - change the name of verification_url to something
- # forgot-password-ish
- assert email_context['verification_url'] in \
- message.get_payload(decode=True)
-
- path = urlparse.urlsplit(email_context['verification_url'])[2]
- get_params = urlparse.urlsplit(email_context['verification_url'])[3]
- assert path == u'/auth/forgot_password/verify/'
- parsed_get_params = urlparse.parse_qs(get_params)
-
- # user should have matching parameters
- new_user = mg_globals.database.User.find_one({'username': u'chris'})
- assert parsed_get_params['userid'] == [unicode(new_user.id)]
- assert parsed_get_params['token'] == [new_user.fp_verification_key]
-
- ### The forgotten password token should be set to expire in ~ 10 days
- # A few ticks have expired so there are only 9 full days left...
- assert (new_user.fp_token_expire - datetime.datetime.now()).days == 9
-
- ## Try using a bs password-changing verification key, shouldn't work
- template.clear_test_template_context()
- response = context_modified_app.get(
- "/auth/forgot_password/verify/?userid=%s&token=total_bs" % unicode(
- new_user.id), status=404)
- assert response.status.split()[0] == u'404' # status="404 NOT FOUND"
-
- ## Try using an expired token to change password, shouldn't work
- template.clear_test_template_context()
- new_user = mg_globals.database.User.find_one({'username': u'chris'})
- real_token_expiration = new_user.fp_token_expire
- new_user.fp_token_expire = datetime.datetime.now()
- new_user.save()
- response = context_modified_app.get("%s?%s" % (path, get_params),
- status=404)
- assert response.status.split()[0] == u'404' # status="404 NOT FOUND"
- new_user.fp_token_expire = real_token_expiration
- new_user.save()
-
- ## Verify step 1 of password-change works -- can see form to
- ## change password
- template.clear_test_template_context()
- response = context_modified_app.get("%s?%s" % (path, get_params))
- assert 'mediagoblin/plugins/basic_auth/change_fp.html' \
- in template.TEMPLATE_TEST_CONTEXT
-
- ## Verify step 2.1 of password-change works -- report success to user
- template.clear_test_template_context()
- response = context_modified_app.post(
- '/auth/forgot_password/verify/', {
- 'userid': parsed_get_params['userid'],
- 'password': 'iamveryveryhappy',
- 'token': parsed_get_params['token']})
- response.follow()
- assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
-
- ## Verify step 2.2 of password-change works -- login w/ new password
- ## success
- template.clear_test_template_context()
- response = context_modified_app.post(
- '/auth/login/', {
- 'username': u'chris',
- 'password': 'iamveryveryhappy'})
-
- # User should be redirected
- response.follow()
- assert urlparse.urlsplit(response.location)[2] == '/'
- assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
projects / mediagoblin.git / commitdiff