wassname/flask-security
1
0
Fork 0
mirror of https://github.com/wassname/flask-security.git synced 2026-06-27 16:10:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Trying to fix build, I don't think Travis likes the quickness of the token expiration tests

Browse Source
This commit is contained in:
Matt Wright
2012-07-11 18:26:10 -04:00
parent ddc503d296
commit 0befa34dc8
2 changed files with 54 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
flask_security/views.py
+19 -3
View File
@@ -169,8 +169,7 @@ def register():
return redirect(_security.post_register_view or
_security.post_login_view)
return redirect(request.referrer or
_security.register_url)
return redirect(request.referrer or _security.register_url)
def confirm(token):
@@ -180,20 +179,28 @@ def confirm(token):
user = confirm_by_token(token)
except ConfirmationError, e:
_logger.debug('Confirmation error: ' + str(e))
do_flash(str(e), 'error')
return redirect('/') # TODO: Don't just redirect to root
except TokenExpiredError, e:
reset_confirmation_token(e.user)
msg = 'You did not confirm your email within %s. ' \
'A new confirmation code has been sent to %s' % (
_security.confirm_email_within, e.user.email)
_logger.debug('Attempted account confirmation but token was expired')
do_flash(msg, 'error')
return redirect('/') # TODO: Don't redirect to root
_logger.debug('User %s confirmed' % user)
do_flash('Your email has been confirmed. You may now log in.', 'success')
return redirect(_security.post_confirm_view or
@@ -211,10 +218,15 @@ def forgot():
reset_password_reset_token(user)
_logger.debug('%s requested to reset their password' % user)
do_flash('Instructions to reset your password have been '
'sent to %s' % user.email, 'success')
except UserNotFoundError:
_logger.debug('A reset password request was made for %s but '
'that email does not exist.' % form.email.data)
do_flash('The email you provided could not be found', 'error')
return redirect(_security.post_forgot_view)
@@ -233,10 +245,14 @@ def reset(token):
reset_by_token(token=token, **form.to_dict())
except ResetPasswordError, e:
_logger.debug('Password reset error: ' + str(e))
do_flash(str(e), 'error')
except TokenExpiredError, e:
do_flash('You did not reset your password within'
_logger.debug('Attempted password reset but token was expired')
do_flash('You did not reset your password within '
'%s.' % _security.reset_password_within)
return redirect(request.referrer or
tests/functional_tests.py
+35 -19
View File
@@ -177,8 +177,7 @@ class RegisterableTests(SecurityTest):
class ConfirmableTests(SecurityTest):
AUTH_CONFIG = {
'SECURITY_CONFIRMABLE': True,
'SECURITY_REGISTERABLE': True,
'SECURITY_CONFIRM_EMAIL_WITHIN': '1 seconds'
'SECURITY_REGISTERABLE': True
}
def test_register_sends_confirmation_email(self):
@@ -214,6 +213,14 @@ class ConfirmableTests(SecurityTest):
r = self.client.get('/confirm/bogus', follow_redirects=True)
self.assertIn('Invalid confirmation token', r.data)
class ExpiredConfirmationTest(SecurityTest):
AUTH_CONFIG = {
'SECURITY_CONFIRMABLE': True,
'SECURITY_REGISTERABLE': True,
'SECURITY_CONFIRM_EMAIL_WITHIN': '1 seconds'
}
def test_expired_confirmation_token_sends_email(self):
e = 'dude@lp.com'
@@ -255,7 +262,6 @@ class RecoverableTests(SecurityTest):
AUTH_CONFIG = {
'SECURITY_RECOVERABLE': True,
'SECURITY_RESET_PASSWORD_WITHIN': '1 seconds'
}
def test_forgot_post_sends_email(self):
@@ -271,33 +277,19 @@ class RecoverableTests(SecurityTest):
self.assertIn('The email you provided could not be found', r.data)
def test_reset_password_with_valid_token(self):
with capture_reset_password_requests() as requests:
r = self.client.post('/forgot', data=dict(email='joe@lp.com'))
t = requests[0]['token']
r = self.client.post('/reset/' + t, data={
'password': 'newpassword',
'password_confirm': 'newpassword'
})
r = self.authenticate('joe@lp.com', 'newpassword')
self.assertIn('Hello joe@lp.com', r.data)
def test_reset_password_with_expired_token(self):
with capture_reset_password_requests() as requests:
r = self.client.post('/forgot',
data=dict(email='joe@lp.com'),
follow_redirects=True)
t = requests[0]['token']
time.sleep(2)
r = self.client.post('/reset/' + t, data={
'password': 'newpassword',
'password_confirm': 'newpassword'
}, follow_redirects=True)
self.assertIn('You did not reset your password within', r.data)
r = self.authenticate('joe@lp.com', 'newpassword')
self.assertIn('Hello joe@lp.com', r.data)
def test_reset_password_twice_flashes_invalid_token_msg(self):
with capture_reset_password_requests() as requests:
@@ -315,6 +307,30 @@ class RecoverableTests(SecurityTest):
self.assertIn('Invalid reset password token', r.data)
class ExpiredResetPasswordTest(SecurityTest):
AUTH_CONFIG = {
'SECURITY_RECOVERABLE': True,
'SECURITY_RESET_PASSWORD_WITHIN': '1 seconds'
}
def test_reset_password_with_expired_token(self):
with capture_reset_password_requests() as requests:
r = self.client.post('/forgot',
data=dict(email='joe@lp.com'),
follow_redirects=True)
t = requests[0]['token']
time.sleep(2)
r = self.client.post('/reset/' + t, data={
'password': 'newpassword',
'password_confirm': 'newpassword'
}, follow_redirects=True)
self.assertIn('You did not reset your password within', r.data)
class MongoEngineSecurityTests(DefaultSecurityTests):
def _create_app(self, auth_config):