mirror of
https://github.com/Tivix/django-rest-auth.git
synced 2024-11-10 19:26:35 +03:00
fix #47 - PasswordResetConfirm doesn't check token
This commit is contained in:
parent
60c0f949f4
commit
2158fffd2a
|
@ -11,6 +11,7 @@ from django.contrib.auth.tokens import default_token_generator
|
|||
from rest_framework import serializers
|
||||
from rest_framework.authtoken.models import Token
|
||||
from rest_framework.authtoken.serializers import AuthTokenSerializer
|
||||
from rest_framework.exceptions import ValidationError
|
||||
|
||||
|
||||
class LoginSerializer(AuthTokenSerializer):
|
||||
|
@ -101,18 +102,17 @@ class PasswordResetConfirmSerializer(serializers.Serializer):
|
|||
uid = uid_decoder(attrs['uid'])
|
||||
self.user = UserModel._default_manager.get(pk=uid)
|
||||
except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
|
||||
self._errors['uid'] = ['Invalid value']
|
||||
raise ValidationError({'uid': ['Invalid value']})
|
||||
|
||||
self.custom_validation(attrs)
|
||||
|
||||
# Construct SetPasswordForm instance
|
||||
self.set_password_form = self.set_password_form_class(user=self.user,
|
||||
data=attrs)
|
||||
if not self.set_password_form.is_valid():
|
||||
self._errors['token'] = ['Invalid value']
|
||||
raise ValidationError({'token': ['Invalid value']})
|
||||
|
||||
if not default_token_generator.check_token(self.user, attrs['token']):
|
||||
self._errors['token'] = ['Invalid value']
|
||||
raise ValidationError({'token': ['Invalid value']})
|
||||
|
||||
return attrs
|
||||
|
||||
|
|
|
@ -293,6 +293,36 @@ class APITestCase1(TestCase, BaseAPITestCase):
|
|||
self.assertEqual(len(mail.outbox), mail_count + 1)
|
||||
|
||||
url_kwargs = self._generate_uid_and_token(user)
|
||||
url = reverse('rest_password_reset_confirm')
|
||||
|
||||
# wrong token
|
||||
data = {
|
||||
'new_password1': self.NEW_PASS,
|
||||
'new_password2': self.NEW_PASS,
|
||||
'uid': url_kwargs['uid'],
|
||||
'token': '-wrong-token-'
|
||||
}
|
||||
self.post(url, data=data, status_code=400)
|
||||
|
||||
# wrong uid
|
||||
data = {
|
||||
'new_password1': self.NEW_PASS,
|
||||
'new_password2': self.NEW_PASS,
|
||||
'uid': '-wrong-uid-',
|
||||
'token': url_kwargs['token']
|
||||
}
|
||||
self.post(url, data=data, status_code=400)
|
||||
|
||||
# wrong token and uid
|
||||
data = {
|
||||
'new_password1': self.NEW_PASS,
|
||||
'new_password2': self.NEW_PASS,
|
||||
'uid': '-wrong-uid-',
|
||||
'token': '-wrong-token-'
|
||||
}
|
||||
self.post(url, data=data, status_code=400)
|
||||
|
||||
# valid payload
|
||||
data = {
|
||||
'new_password1': self.NEW_PASS,
|
||||
'new_password2': self.NEW_PASS,
|
||||
|
|
Loading…
Reference in New Issue
Block a user