From 0befa34dc8e849f29e9f4cddf7ed3a487557551a Mon Sep 17 00:00:00 2001 From: Matt Wright Date: Wed, 11 Jul 2012 18:26:10 -0400 Subject: [PATCH] Trying to fix build, I don't think Travis likes the quickness of the token expiration tests --- flask_security/views.py | 22 +++++++++++++--- tests/functional_tests.py | 54 +++++++++++++++++++++++++-------------- 2 files changed, 54 insertions(+), 22 deletions(-) diff --git a/flask_security/views.py b/flask_security/views.py index e6852d0..2ef37c7 100644 --- a/flask_security/views.py +++ b/flask_security/views.py @@ -169,8 +169,7 @@ def register(): return redirect(_security.post_register_view or _security.post_login_view) - return redirect(request.referrer or - _security.register_url) + return redirect(request.referrer or _security.register_url) def confirm(token): @@ -180,20 +179,28 @@ def confirm(token): user = confirm_by_token(token) except ConfirmationError, e: + _logger.debug('Confirmation error: ' + str(e)) + do_flash(str(e), 'error') + return redirect('/') # TODO: Don't just redirect to root except TokenExpiredError, e: + reset_confirmation_token(e.user) msg = 'You did not confirm your email within %s. ' \ 'A new confirmation code has been sent to %s' % ( _security.confirm_email_within, e.user.email) + _logger.debug('Attempted account confirmation but token was expired') + do_flash(msg, 'error') + return redirect('/') # TODO: Don't redirect to root _logger.debug('User %s confirmed' % user) + do_flash('Your email has been confirmed. You may now log in.', 'success') return redirect(_security.post_confirm_view or @@ -211,10 +218,15 @@ def forgot(): reset_password_reset_token(user) + _logger.debug('%s requested to reset their password' % user) + do_flash('Instructions to reset your password have been ' 'sent to %s' % user.email, 'success') except UserNotFoundError: + _logger.debug('A reset password request was made for %s but ' + 'that email does not exist.' % form.email.data) + do_flash('The email you provided could not be found', 'error') return redirect(_security.post_forgot_view) @@ -233,10 +245,14 @@ def reset(token): reset_by_token(token=token, **form.to_dict()) except ResetPasswordError, e: + _logger.debug('Password reset error: ' + str(e)) + do_flash(str(e), 'error') except TokenExpiredError, e: - do_flash('You did not reset your password within' + _logger.debug('Attempted password reset but token was expired') + + do_flash('You did not reset your password within ' '%s.' % _security.reset_password_within) return redirect(request.referrer or diff --git a/tests/functional_tests.py b/tests/functional_tests.py index 5f6b6be..230e504 100644 --- a/tests/functional_tests.py +++ b/tests/functional_tests.py @@ -177,8 +177,7 @@ class RegisterableTests(SecurityTest): class ConfirmableTests(SecurityTest): AUTH_CONFIG = { 'SECURITY_CONFIRMABLE': True, - 'SECURITY_REGISTERABLE': True, - 'SECURITY_CONFIRM_EMAIL_WITHIN': '1 seconds' + 'SECURITY_REGISTERABLE': True } def test_register_sends_confirmation_email(self): @@ -214,6 +213,14 @@ class ConfirmableTests(SecurityTest): r = self.client.get('/confirm/bogus', follow_redirects=True) self.assertIn('Invalid confirmation token', r.data) + +class ExpiredConfirmationTest(SecurityTest): + AUTH_CONFIG = { + 'SECURITY_CONFIRMABLE': True, + 'SECURITY_REGISTERABLE': True, + 'SECURITY_CONFIRM_EMAIL_WITHIN': '1 seconds' + } + def test_expired_confirmation_token_sends_email(self): e = 'dude@lp.com' @@ -255,7 +262,6 @@ class RecoverableTests(SecurityTest): AUTH_CONFIG = { 'SECURITY_RECOVERABLE': True, - 'SECURITY_RESET_PASSWORD_WITHIN': '1 seconds' } def test_forgot_post_sends_email(self): @@ -271,33 +277,19 @@ class RecoverableTests(SecurityTest): self.assertIn('The email you provided could not be found', r.data) def test_reset_password_with_valid_token(self): - with capture_reset_password_requests() as requests: - r = self.client.post('/forgot', data=dict(email='joe@lp.com')) - t = requests[0]['token'] - - r = self.client.post('/reset/' + t, data={ - 'password': 'newpassword', - 'password_confirm': 'newpassword' - }) - - r = self.authenticate('joe@lp.com', 'newpassword') - self.assertIn('Hello joe@lp.com', r.data) - - def test_reset_password_with_expired_token(self): with capture_reset_password_requests() as requests: r = self.client.post('/forgot', data=dict(email='joe@lp.com'), follow_redirects=True) t = requests[0]['token'] - time.sleep(2) - r = self.client.post('/reset/' + t, data={ 'password': 'newpassword', 'password_confirm': 'newpassword' }, follow_redirects=True) - self.assertIn('You did not reset your password within', r.data) + r = self.authenticate('joe@lp.com', 'newpassword') + self.assertIn('Hello joe@lp.com', r.data) def test_reset_password_twice_flashes_invalid_token_msg(self): with capture_reset_password_requests() as requests: @@ -315,6 +307,30 @@ class RecoverableTests(SecurityTest): self.assertIn('Invalid reset password token', r.data) +class ExpiredResetPasswordTest(SecurityTest): + + AUTH_CONFIG = { + 'SECURITY_RECOVERABLE': True, + 'SECURITY_RESET_PASSWORD_WITHIN': '1 seconds' + } + + def test_reset_password_with_expired_token(self): + with capture_reset_password_requests() as requests: + r = self.client.post('/forgot', + data=dict(email='joe@lp.com'), + follow_redirects=True) + t = requests[0]['token'] + + time.sleep(2) + + r = self.client.post('/reset/' + t, data={ + 'password': 'newpassword', + 'password_confirm': 'newpassword' + }, follow_redirects=True) + + self.assertIn('You did not reset your password within', r.data) + + class MongoEngineSecurityTests(DefaultSecurityTests): def _create_app(self, auth_config):