canaille-globuzma/tests/test_forgotten_password.py

from unittest import mock


def test_password_forgotten_disabled(smtpd, testclient, user):
    testclient.app.config["ENABLE_PASSWORD_RECOVERY"] = False

    testclient.get("/reset", status=404)
    testclient.get("/reset/uid/hash", status=404)

    res = testclient.get("/login")
    assert "Forgotten password" not in res.text


def test_password_forgotten(smtpd, testclient, user):
    res = testclient.get("/reset", status=200)

    res.form["login"] = "user"
    res = res.form.submit(status=200)
    assert "A password reset link has been sent at your email address." in res.text
    assert "Send again" in res.text

    assert len(smtpd.messages) == 1


def test_password_forgotten_invalid_form(smtpd, testclient, user):
    res = testclient.get("/reset", status=200)

    res.form["login"] = ""
    res = res.form.submit(status=200)
    assert "Could not send the password reset link." in res.text

    assert len(smtpd.messages) == 0


def test_password_forgotten_invalid(smtpd, testclient, user):
    testclient.app.config["HIDE_INVALID_LOGINS"] = True
    res = testclient.get("/reset", status=200)

    res.form["login"] = "i-dont-really-exist"
    res = res.form.submit(status=200)
    assert "A password reset link has been sent at your email address." in res.text
    assert "The login &#39;i-dont-really-exist&#39; does not exist" not in res.text

    testclient.app.config["HIDE_INVALID_LOGINS"] = False
    res = testclient.get("/reset", status=200)

    res.form["login"] = "i-dont-really-exist"
    res = res.form.submit(status=200)
    assert "A password reset link has been sent at your email address." not in res.text
    assert "The login &#39;i-dont-really-exist&#39; does not exist" in res.text

    assert len(smtpd.messages) == 0


def test_password_forgotten_invalid_when_user_cannot_self_edit(smtpd, testclient, user):
    testclient.app.config["ACL"]["DEFAULT"]["PERMISSIONS"] = []

    testclient.app.config["HIDE_INVALID_LOGINS"] = False
    res = testclient.get("/reset", status=200)

    res.form["login"] = "user"
    res = res.form.submit(status=200)
    assert "A password reset link has been sent at your email address." not in res.text
    assert (
        "The user 'John (johnny) Doe' does not have permissions to update their password."
        in res.text
    )

    testclient.app.config["HIDE_INVALID_LOGINS"] = True
    res = testclient.get("/reset", status=200)

    res.form["login"] = "user"
    res = res.form.submit(status=200)
    assert (
        "The user 'John (johnny) Doe' does not have permissions to update their password."
        not in res.text
    )
    assert "A password reset link has been sent at your email address." in res.text

    assert len(smtpd.messages) == 0


@mock.patch("smtplib.SMTP")
def test_password_forgotten_mail_error(SMTP, smtpd, testclient, user):
    SMTP.side_effect = mock.Mock(side_effect=OSError("unit test mail error"))
    res = testclient.get("/reset", status=200)

    res.form["login"] = "user"
    res = res.form.submit(status=200, expect_errors=True)
    assert "A password reset link has been sent at your email address." not in res.text
    assert "We encountered an issue while we sent the password recovery email." in res
    assert "Send again" in res.text

    assert len(smtpd.messages) == 0
unit tests: forgotten mail sending error 2022-12-22 16:02:07 +00:00			`from unittest import mock`


Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`def test_password_forgotten_disabled(smtpd, testclient, user):`
Added an option to disable password recovery 2022-04-05 07:49:45 +00:00			`testclient.app.config["ENABLE_PASSWORD_RECOVERY"] = False`

			`testclient.get("/reset", status=404)`
			`testclient.get("/reset/uid/hash", status=404)`

			`res = testclient.get("/login")`
			`assert "Forgotten password" not in res.text`


Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`def test_password_forgotten(smtpd, testclient, user):`
Refactored tests 2021-01-01 14:20:26 +00:00			`res = testclient.get("/reset", status=200)`

			`res.form["login"] = "user"`
			`res = res.form.submit(status=200)`
			`assert "A password reset link has been sent at your email address." in res.text`
UI improvement on forgotten password page. Fixes #43 2021-01-01 14:29:55 +00:00			`assert "Send again" in res.text`
Refactored tests 2021-01-01 14:20:26 +00:00
implemented a function that checks some parts of the configuration 2021-10-12 18:36:31 +00:00			`assert len(smtpd.messages) == 1`
Refactored tests 2021-01-01 14:20:26 +00:00

Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`def test_password_forgotten_invalid_form(smtpd, testclient, user):`
Refactored tests 2021-01-01 14:20:26 +00:00			`res = testclient.get("/reset", status=200)`

			`res.form["login"] = ""`
			`res = res.form.submit(status=200)`
			`assert "Could not send the password reset link." in res.text`

implemented a function that checks some parts of the configuration 2021-10-12 18:36:31 +00:00			`assert len(smtpd.messages) == 0`
Refactored tests 2021-01-01 14:20:26 +00:00

Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`def test_password_forgotten_invalid(smtpd, testclient, user):`
Fixed documentation about HIDE_INVALID_LOGINS 2022-04-06 15:32:11 +00:00			`testclient.app.config["HIDE_INVALID_LOGINS"] = True`
Refactored tests 2021-01-01 14:20:26 +00:00			`res = testclient.get("/reset", status=200)`

			`res.form["login"] = "i-dont-really-exist"`
			`res = res.form.submit(status=200)`
			`assert "A password reset link has been sent at your email address." in res.text`
Fixed unit tests 2021-12-06 13:24:47 +00:00			`assert "The login 'i-dont-really-exist' does not exist" not in res.text`
Refactored tests 2021-01-01 14:20:26 +00:00
Fixed documentation about HIDE_INVALID_LOGINS 2022-04-06 15:32:11 +00:00			`testclient.app.config["HIDE_INVALID_LOGINS"] = False`
Refactored tests 2021-01-01 14:20:26 +00:00			`res = testclient.get("/reset", status=200)`

			`res.form["login"] = "i-dont-really-exist"`
			`res = res.form.submit(status=200)`
			`assert "A password reset link has been sent at your email address." not in res.text`
Fixed unit tests 2021-12-06 13:24:47 +00:00			`assert "The login 'i-dont-really-exist' does not exist" in res.text`
Refactored tests 2021-01-01 14:20:26 +00:00
implemented a function that checks some parts of the configuration 2021-10-12 18:36:31 +00:00			`assert len(smtpd.messages) == 0`
Added an option to disable self edition 2022-04-05 15:16:09 +00:00

Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`def test_password_forgotten_invalid_when_user_cannot_self_edit(smtpd, testclient, user):`
Added an option to disable self edition 2022-04-05 15:16:09 +00:00			`testclient.app.config["ACL"]["DEFAULT"]["PERMISSIONS"] = []`

			`testclient.app.config["HIDE_INVALID_LOGINS"] = False`
			`res = testclient.get("/reset", status=200)`

			`res.form["login"] = "user"`
			`res = res.form.submit(status=200)`
			`assert "A password reset link has been sent at your email address." not in res.text`
			`assert (`
			`"The user 'John (johnny) Doe' does not have permissions to update their password."`
			`in res.text`
			`)`

			`testclient.app.config["HIDE_INVALID_LOGINS"] = True`
			`res = testclient.get("/reset", status=200)`

			`res.form["login"] = "user"`
			`res = res.form.submit(status=200)`
			`assert (`
			`"The user 'John (johnny) Doe' does not have permissions to update their password."`
			`not in res.text`
			`)`
			`assert "A password reset link has been sent at your email address." in res.text`

			`assert len(smtpd.messages) == 0`
unit tests: forgotten mail sending error 2022-12-22 16:02:07 +00:00

			`@mock.patch("smtplib.SMTP")`
			`def test_password_forgotten_mail_error(SMTP, smtpd, testclient, user):`
			`SMTP.side_effect = mock.Mock(side_effect=OSError("unit test mail error"))`
			`res = testclient.get("/reset", status=200)`

			`res.form["login"] = "user"`
			`res = res.form.submit(status=200, expect_errors=True)`
			`assert "A password reset link has been sent at your email address." not in res.text`
			`assert "We encountered an issue while we sent the password recovery email." in res`
			`assert "Send again" in res.text`

			`assert len(smtpd.messages) == 0`