a Šxd:Iã@sjddlZddlmZddlmZddlmZddlmZddl m Z ddl m Z m Z Gdd „d ee ƒZdS) éN)ÚUser)Úoverride_settings)Ústatus)Ú APITestCase)ÚResetPasswordToken)Ú HelperMixinÚpatchc@sèeZdZdZdd„Zdd„Zdd„Zedƒd d „ƒZd d „Z edƒe d ddd„ƒƒZ edƒdd„ƒZ edƒe dddd„ƒƒZ edƒdd„ƒZedƒedƒedƒdd„ƒƒƒZe dddd „ƒZd!d"„Ze d#d$edƒd%d&„ƒƒZd'S)(Ú AuthTestCasez@ Several Test Cases for the Multi Auth Token Django App cCsd| ¡tj ddd¡|_tj ddd¡|_tj ddd ¡|_tj d d ¡|_tj d d d¡|_dS)NÚuser1úuser1@mail.comÚsecret1Úuser2úuser2@mail.comZsecret2úuser3@mail.comznot-that-mail@mail.comÚsecret3Úuser4úuser4@mail.comÚuser5õuÑ•er5@mail.comZsecret5) Z setUpUrlsrÚobjectsZ create_userr r Zuser3rr)Úself©rúV/var/www/html/Ranjet/env/lib/python3.9/site-packages/tests/test/test_auth_test_case.pyÚsetUps zAuthTestCase.setUpcCs>|jdd}| |jtj¡t |j ¡¡}|  d|v¡dS)z; Tests requesting a token for an email that does not exist úfoobar@doesnotexist.com©ÚemailrN© Úrest_do_request_reset_tokenÚ assertEqualÚ status_coderÚHTTP_400_BAD_REQUESTÚjsonÚloadsÚcontentÚdecodeÚ assertTrue©rÚresponseZdecoded_responserrrÚ,test_try_reset_password_email_does_not_exists z9AuthTestCase.test_try_reset_password_email_does_not_existcCsF|jdd}| |jtj¡t |j ¡¡}| |  d¡dd¡dS)NrrrrzEnter a valid email address.) rrr rr!r"r#r$r%Úgetr'rrrÚtest_unicode_email_reset!s z%AuthTestCase.test_unicode_email_resetzCdjango_rest_passwordreset.signals.reset_password_token_created.sendcCsê| tj ¡ ¡d¡|jdd}| |jtj¡|  |j ¡| |j d¡|j dd}|  |jd¡| tj ¡ ¡d¡| tjj|jd ¡jjd¡| |j¡}| |jtj¡| tj ¡ ¡d¡|j | dd ¡d d d S) z Tests validate token rr réÚreset_password_tokenÚ©Úkeyr r ú=User 1 should still be able to login with the old credentials©ÚmsgN)rrrÚallÚcountrr rÚ HTTP_200_OKr&ÚcalledÚ call_countÚ call_argsÚassertNotEqualr0ÚfilterÚfirstÚuserÚusernameÚrest_do_validate_tokenÚdjango_check_login©rÚ!mock_reset_password_token_createdr(Zlast_reset_password_tokenrrrÚtest_validate_token(s&  þ  þz AuthTestCase.test_validate_tokencCsJ| tj ¡ ¡d¡| d¡}| |jtj¡| tj ¡ ¡d¡dS)z! Tests validate an invalid token rZnot_a_valid_tokenN) rrrr4r5r?r rÚHTTP_404_NOT_FOUND©rr(rrrÚtest_validate_bad_tokenLs z$AuthTestCase.test_validate_bad_tokenéÿÿÿÿ)Z2DJANGO_REST_MULTITOKENAUTH_RESET_TOKEN_EXPIRY_TIMEcCsê| tj ¡ ¡d¡|jdd}| |jtj¡|  |j ¡| |j d¡|j dd}|  |jd¡| tj ¡ ¡d¡| tjj|jd ¡jjd¡| |j¡}| |jtj¡| tj ¡ ¡d¡|j | dd ¡d d d S) z! Tests validate an expired token rr rr,r-r.r/r r r1r2N)rrrr4r5rr rr6r&r7r8r9r:r0r;r<r=r>r?rDr@rArrrÚtest_validate_expired_tokenYs&  þ  þz(AuthTestCase.test_validate_expired_tokencCs^| tj ¡ ¡d¡|jdd}| |jtj¡|  |j ¡| |j d¡|j dd}|  |jd¡| tj ¡ ¡d¡|jdd}| |jtj¡| |j d¡|j dd}|  |jd¡| tj ¡ ¡d¡| tjj|jd ¡jjd ¡| |jd ¡}| |jtj¡| tj ¡ ¡d¡|j| d d ¡d d |j | d d ¡dd dS)ú Tests resetting a password rr rr,r-r.ér/r Ú new_secretr z;User 1 should not be able to login with the old credentialsr2zÚ!rest_do_reset_password_with_tokenÚ assertFalser@rArrrÚtest_reset_password~s:   þ þ þz AuthTestCase.test_reset_passwordr>)ZDJANGO_REST_LOOKUP_FIELDcCs^| tj ¡ ¡d¡|jdd}| |jtj¡|  |j ¡| |j d¡|j dd}|  |jd¡| tj ¡ ¡d¡|jdd}| |jtj¡| |j d¡|j dd}|  |jd¡| tj ¡ ¡d¡| tjj|jd ¡jjd¡| |jd ¡}| |jtj¡| tj ¡ ¡d¡|j| dd ¡d d |j | dd ¡d d dS)rIrrrr,r-r.rJr/rKrz;User 3 should not be able to login with the old credentialsr2z       ÿ ÿz/AuthTestCase.test_reset_password_multiple_usersz9django_rest_passwordreset.signals.pre_password_reset.sendz:django_rest_passwordreset.signals.post_password_reset.sendcCsâ| |j¡| |j¡| |j¡|jdd}| |jtj¡| tj  ¡  ¡d¡|  |j¡| |j d¡|j dd}|j|jddd| |j¡| |j¡| |jd¡}| |jtj¡|  |j¡|  |j¡dS) Nr rr,r-r.z\Verify that the reset_password_token of the reset_password_Token_created signal is not emptyr2rK)rNr7rrr rr6rrr4r5r&r8r9r:r0rM)rZmock_post_password_resetZmock_pre_password_resetrBr(rQrrrÚ test_signals s$      ÿ   zAuthTestCase.test_signalsT)Z0DJANGO_REST_PASSWORDRESET_NO_INFORMATION_LEAKAGEcCs |jdd}| |jtj¡dS)z‘ Tests requesting a token for an email that does not exist when DJANGO_REST_PASSWORDRESET_NO_INFORMATION_LEAKAGE == True rrN)rrr rr6rErrrÚ?test_try_reset_password_email_does_not_exist_no_leakage_enabledFs zLAuthTestCase.test_try_reset_password_email_does_not_exist_no_leakage_enabledcCs>|jdd}| |jtj¡t |j ¡¡}|  d|v¡dS)zF Tests requesting a token for an email without a password doesn't workrrrNrr'rrrÚtest_user_without_passwordOs z'AuthTestCase.test_user_without_passwordF)Z2DJANGO_REST_MULTITOKENAUTH_REQUIRE_USABLE_PASSWORDcCs2|jdd}| |jtj¡| |j¡| |jd¡|jdd}|  |j d¡| t j   ¡ ¡d¡|jdd}| |jtj¡| |jd¡|jdd}|  |j d¡| t j   ¡ ¡d¡| t j j|j d ¡jjd¡| |j d ¡}| |jtj¡| t j   ¡ ¡d ¡|j| dd ¡d d d S)zQ Tests requesting a token for an email without a password works when not requiredrrr,r-r.rJr/rrKrzrMr@rArrrÚ-test_user_without_password_where_not_requiredWs0   þ þz:AuthTestCase.test_user_without_password_where_not_requiredN)Ú__name__Ú __module__Ú __qualname__Ú__doc__rr)r+rrCrFrrHrOrPrSrTrUrVrWrrrrr s6 #  # 3 3 8# r )r"Zdjango.contrib.auth.modelsrZ django.testrZrest_frameworkrZrest_framework.testrZ django_rest_passwordreset.modelsrZtests.test.helpersrrr rrrrÚs