Added reset password error handling and associated test

This commit is contained in:
Matt Wright
2012-05-22 18:13:29 -04:00
parent 09aa7e113c
commit 2a9e91dfe8
3 changed files with 25 additions and 2 deletions
+2
View File
@@ -45,6 +45,7 @@ _default_config = {
'POST_LOGIN_VIEW': '/',
'POST_LOGOUT_VIEW': '/',
'POST_FORGOT_VIEW': '/',
'RESET_PASSWORD_ERROR_VIEW': '/',
'POST_REGISTER_VIEW': None,
'POST_CONFIRM_VIEW': None,
'DEFAULT_ROLES': [],
@@ -244,6 +245,7 @@ class Security(object):
self.post_register_view = utils.config_value(app, 'POST_REGISTER_VIEW')
self.post_confirm_view = utils.config_value(app, 'POST_CONFIRM_VIEW')
self.post_forgot_view = utils.config_value(app, 'POST_FORGOT_VIEW')
self.reset_password_error_view = utils.config_value(app, 'RESET_PASSWORD_ERROR_VIEW')
self.default_roles = utils.config_value(app, "DEFAULT_ROLES")
self.login_without_confirmation = utils.config_value(app, 'LOGIN_WITHOUT_CONFIRMATION')
self.confirm_email = utils.config_value(app, 'CONFIRM_EMAIL')
+2 -2
View File
@@ -184,9 +184,9 @@ def reset():
password=form.password.data)
except ResetPasswordError, e:
do_flash(str(e))
do_flash(str(e), 'error')
except TokenExpiredError, e:
do_flash('You did not reset your password within %s.' % security.reset_password_within_text)
return redirect(request.referrer)
return redirect(request.referrer or security.reset_password_error_view)
+21
View File
@@ -263,6 +263,27 @@ class RecoverableTests(SecurityTest):
r = self.authenticate('joe@lp.com', 'newpassword')
self.assertIn('Hello joe@lp.com', r.data)
def test_reset_password_twice_flashes_invalid_token_msg(self):
u = None
with capture_reset_password_requests() as users:
r = self.client.post('/forgot', data=dict(email='joe@lp.com'))
u = users[0]
self.client.post('/reset', data={
'email': u.email,
'reset_password_token': u.reset_password_token,
'password': 'newpassword',
'password_confirm': 'newpassword'
})
r = self.client.post('/reset', data={
'email': u.email,
'reset_password_token': u.reset_password_token,
'password': 'newpassword',
'password_confirm': 'newpassword'
}, follow_redirects=True)
self.assertIn('Invalid reset password token', r.data)
class MongoEngineSecurityTests(DefaultSecurityTests):