def test_password_reset_fails_if_attempted_from_different_ip_address():
# Two parts: Set forgot password record; attempt reset with incorrect IP Address in forgotpassword table vs. requesting IP
# Requirement: Get token set from request()
user_id = db_utils.create_user(email_addr=email_addr, username=user_name)
password = '01234567890123'
form_for_request = Bag(email=email_addr, username=user_name, day=arrow.now().day,
month=arrow.now().month, year=arrow.now().year)
resetpassword.request(form_for_request)
pw_reset_token = d.engine.scalar("SELECT token FROM forgotpassword WHERE userid = %(id)s", id=user_id)
# Change IP detected when request was made (required for test)
d.engine.execute("UPDATE forgotpassword SET address = %(addr)s WHERE token = %(token)s",
addr="127.42.42.42", token=pw_reset_token)
# Force update link_time (required)
resetpassword.prepare(pw_reset_token)
form_for_reset = Bag(email=email_addr, username=user_name, day=arrow.now().day,
month=arrow.now().month, year=arrow.now().year, token=pw_reset_token,
password=password, passcheck=password)
with pytest.raises(WeasylError) as err:
resetpassword.reset(form_for_reset)
assert 'addressInvalid' == err.value.value
评论列表
文章目录
