0
0
mirror of https://github.com/django/django.git synced 2024-11-29 22:56:46 +01:00
django/tests/auth_tests/client.py
Rob 58df8aa40f Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs.
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
2019-05-24 08:40:25 +02:00

44 lines
1.4 KiB
Python

import re
from django.contrib.auth.views import (
INTERNAL_RESET_SESSION_TOKEN, PasswordResetConfirmView,
)
from django.test import Client
def extract_token_from_url(url):
token_search = re.search(r'/reset/.*/(.+?)/', url)
if token_search:
return token_search.group(1)
class PasswordResetConfirmClient(Client):
"""
This client eases testing the password reset flow by emulating the
PasswordResetConfirmView's redirect and saving of the reset token in the
user's session. This request puts 'my-token' in the session and redirects
to '/reset/bla/set-password/':
>>> client = PasswordResetConfirmClient()
>>> client.get('/reset/bla/my-token/')
"""
reset_url_token = PasswordResetConfirmView.reset_url_token
def _get_password_reset_confirm_redirect_url(self, url):
token = extract_token_from_url(url)
if not token:
return url
# Add the token to the session
session = self.session
session[INTERNAL_RESET_SESSION_TOKEN] = token
session.save()
return url.replace(token, self.reset_url_token)
def get(self, path, *args, **kwargs):
redirect_url = self._get_password_reset_confirm_redirect_url(path)
return super().get(redirect_url, *args, **kwargs)
def post(self, path, *args, **kwargs):
redirect_url = self._get_password_reset_confirm_redirect_url(path)
return super().post(redirect_url, *args, **kwargs)