Completion of forgot-password endpoints.

Start implementation for new-password endpoints.
Created PasswordResetToken model
ToDo: create and save token, send valid url to user,
check validity of token, update user's password, redirect to /two-factor.
This commit is contained in:
Rebecca Law
2016-01-05 17:52:09 +00:00
parent 6696426dbc
commit 2cb896fa81
15 changed files with 187 additions and 33 deletions

View File

@@ -0,0 +1,16 @@
import uuid
from app.main.dao import password_reset_token_dao
from app.models import PasswordResetToken
from tests.app.main import create_test_user
def test_should_insert_and_return_token(notifications_admin, notifications_admin_db, notify_db_session):
user = create_test_user('active')
token_id = uuid.uuid4()
reset_token = PasswordResetToken(token=str(token_id),
user_id=user.id)
password_reset_token_dao.insert(reset_token)
saved_token = password_reset_token_dao.get_token(str(token_id))
assert saved_token.token == str(token_id)

View File

@@ -1,8 +1,6 @@
from datetime import datetime
import pytest
import sqlalchemy
from app.main.encryption import check_hash
from app.models import User
from app.main.dao import users_dao
@@ -183,3 +181,26 @@ def test_should_update_password(notifications_admin, notifications_admin_db, not
assert check_hash('newpassword', updated.password)
assert updated.password_changed_at < datetime.now()
assert updated.password_changed_at > start
def test_should_return_list_of_all_email_addresses(notifications_admin, notifications_admin_db, notify_db_session):
first = User(name='First Person',
password='somepassword',
email_address='first@it.gov.uk',
mobile_number='+441234123412',
created_at=datetime.now(),
role_id=1,
state='active')
second = User(name='Second Person',
password='somepassword',
email_address='second@it.gov.uk',
mobile_number='+441234123412',
created_at=datetime.now(),
role_id=1,
state='active')
users_dao.insert_user(first)
users_dao.insert_user(second)
email_addresses = users_dao.get_all_users()
expected = [first.email_address, second.email_address]
assert expected == [x.email_address for x in email_addresses]

View File

@@ -0,0 +1,13 @@
from werkzeug.datastructures import MultiDict
from app.main.forms import ForgotPasswordForm
def test_should_return_validation_error_if_email_address_does_not_exist(notifications_admin,
notifications_admin_db,
notify_db_session):
with notifications_admin.test_request_context():
form = ForgotPasswordForm(['first@it.gov.uk', 'second@it.gov.uk'],
formdata=MultiDict([('email_address', 'not_found@it.gov.uk')]))
form.validate()
assert {'email_address': ['Please enter the email address that you registered with']} == form.errors

View File

@@ -1,4 +1,6 @@
from flask import current_app
import uuid
from tests.app.main import create_test_user
def test_should_render_forgot_password(notifications_admin, notifications_admin_db, notify_db_session):
@@ -8,9 +10,30 @@ def test_should_render_forgot_password(notifications_admin, notifications_admin_
in response.get_data(as_text=True)
def test_should_return_400_when_email_is_invalid(notifications_admin, notifications_admin_db, notify_db_session):
def test_should_have_validate_error_when_email_does_not_exist(notifications_admin,
notifications_admin_db,
notify_db_session):
create_test_user('active')
response = notifications_admin.test_client().post('/forgot-password',
data={'email_address': 'not_a_valid_email'})
x = current_app._get_current_object()
assert response.status_code == 400
assert 'Please enter a valid email address' in response.get_data(as_text=True)
data={'email_address': 'email_does_not@exist.gov.uk'})
assert response.status_code == 200
assert 'Please enter the email address that you registered with' in response.get_data(as_text=True)
def test_should_redirect_to_password_reset_sent(notifications_admin,
notifications_admin_db,
mocker,
notify_db_session,
):
_set_up_mocker(mocker)
create_test_user('active')
response = notifications_admin.test_client().post('/forgot-password',
data={'email_address': 'test@user.gov.uk'})
assert response.status_code == 200
assert 'You have been sent an email containing a url to reset your password.' in response.get_data(as_text=True)
def _set_up_mocker(mocker):
mocker.patch("app.admin_api_client.send_sms")
mocker.patch("app.admin_api_client.send_email")