Etusivu Tutki Apua
Kirjaudu sisään
CityApper
/
django
peilaus alkaen https://github.com/django/django
2
0
Fork 0
Tiedostot Ongelmat 0 Wiki
Puu: d334f46b7a
Haarat Tagit
django
/
tests
/
auth_tests
/
test_tokens.py

test_tokens.py 2.7 KB
Historia Raaka

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. import unittest
    2. 

  2. from datetime import date, timedelta
    3. 

  3. 

  4. from django.conf import settings
    5. 

  5. from django.contrib.auth.models import User
    6. 

  6. from django.contrib.auth.tokens import PasswordResetTokenGenerator
    7. 

  7. from django.test import TestCase
    8. 

  8. from django.utils.six import PY3
    9. 

  9. 

  10. 

  11. class TokenGeneratorTest(TestCase):
    12. 

  12. 

  13.     def test_make_token(self):
    14. 

  14.         user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')
    15. 

  15.         p0 = PasswordResetTokenGenerator()
    16. 

  16.         tk1 = p0.make_token(user)
    17. 

  17.         self.assertTrue(p0.check_token(user, tk1))
    18. 

  18. 

  19.     def test_10265(self):
    20. 

  20.         """
    21. 

  21.         The token generated for a user created in the same request
    22. 

  22.         will work correctly.
    23. 

  23.         """
    24. 

  24.         # See ticket #10265
    25. 

  25.         user = User.objects.create_user('comebackkid', 'test3@example.com', 'testpw')
    26. 

  26.         p0 = PasswordResetTokenGenerator()
    27. 

  27.         tk1 = p0.make_token(user)
    28. 

  28.         reload = User.objects.get(username='comebackkid')
    29. 

  29.         tk2 = p0.make_token(reload)
    30. 

  30.         self.assertEqual(tk1, tk2)
    31. 

  31. 

  32.     def test_timeout(self):
    33. 

  33.         """
    34. 

  34.         The token is valid after n days, but no greater.
    35. 

  35.         """
    36. 

  36.         # Uses a mocked version of PasswordResetTokenGenerator so we can change
    37. 

  37.         # the value of 'today'
    38. 

  38.         class Mocked(PasswordResetTokenGenerator):
    39. 

  39.             def __init__(self, today):
    40. 

  40.                 self._today_val = today
    41. 

  41. 

  42.             def _today(self):
    43. 

  43.                 return self._today_val
    44. 

  44. 

  45.         user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')
    46. 

  46.         p0 = PasswordResetTokenGenerator()
    47. 

  47.         tk1 = p0.make_token(user)
    48. 

  48.         p1 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS))
    49. 

  49.         self.assertTrue(p1.check_token(user, tk1))
    50. 

  50. 

  51.         p2 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1))
    52. 

  52.         self.assertFalse(p2.check_token(user, tk1))
    53. 

  53. 

  54.     @unittest.skipIf(PY3, "Unnecessary test with Python 3")
    55. 

  55.     def test_date_length(self):
    56. 

  56.         """
    57. 

  57.         Overly long dates, which are a potential DoS vector, aren't allowed.
    58. 

  58.         """
    59. 

  59.         user = User.objects.create_user('ima1337h4x0r', 'test4@example.com', 'p4ssw0rd')
    60. 

  60.         p0 = PasswordResetTokenGenerator()
    61. 

  61. 

  62.         # This will put a 14-digit base36 timestamp into the token, which is too large.
    63. 

  63.         with self.assertRaises(ValueError):
    64. 

  64.             p0._make_token_with_timestamp(user, 175455491841851871349)
    65. 

  65. 

  66.     def test_check_token_with_nonexistent_token_and_user(self):
    67. 

  67.         user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')
    68. 

  68.         p0 = PasswordResetTokenGenerator()
    69. 

  69.         tk1 = p0.make_token(user)
    70. 

  70.         self.assertIs(p0.check_token(None, tk1), False)
    71. 

  71.         self.assertIs(p0.check_token(user, None), False)
    72.