django/tests/auth_tests/test_templates.py

from datetime import date

from django.contrib.auth import authenticate
from django.contrib.auth.models import User
from django.contrib.auth.tokens import PasswordResetTokenGenerator
from django.contrib.auth.views import (
    PasswordChangeDoneView,
    PasswordChangeView,
    PasswordResetCompleteView,
    PasswordResetDoneView,
    PasswordResetView,
)
from django.test import RequestFactory, TestCase, override_settings
from django.urls import reverse
from django.utils.http import urlsafe_base64_encode

from .client import PasswordResetConfirmClient
from .models import CustomUser


@override_settings(ROOT_URLCONF="auth_tests.urls")
class AuthTemplateTests(TestCase):
    request_factory = RequestFactory()

    @classmethod
    def setUpTestData(cls):
        user = User.objects.create_user("jsmith", "jsmith@example.com", "pass")
        user = authenticate(username=user.username, password="pass")
        request = cls.request_factory.get("/somepath/")
        request.user = user
        cls.user, cls.request = user, request

    def test_password_reset_view(self):
        response = PasswordResetView.as_view(success_url="dummy/")(self.request)
        self.assertContains(
            response, "<title>Password reset | Django site admin</title>"
        )
        self.assertContains(response, "<h1>Password reset</h1>")

    def test_password_reset_view_error_title(self):
        response = self.client.post(reverse("password_reset"), {})
        self.assertContains(
            response, "<title>Error: Password reset | Django site admin</title>"
        )

    def test_password_reset_done_view(self):
        response = PasswordResetDoneView.as_view()(self.request)
        self.assertContains(
            response, "<title>Password reset sent | Django site admin</title>"
        )
        self.assertContains(response, "<h1>Password reset sent</h1>")

    def test_password_reset_confirm_view_invalid_token(self):
        # PasswordResetConfirmView invalid token
        client = PasswordResetConfirmClient()
        url = reverse(
            "password_reset_confirm", kwargs={"uidb64": "Bad", "token": "Bad-Token"}
        )
        response = client.get(url)
        self.assertContains(
            response, "<title>Password reset unsuccessful | Django site admin</title>"
        )
        self.assertContains(response, "<h1>Password reset unsuccessful</h1>")

    def test_password_reset_confirm_view_valid_token(self):
        # PasswordResetConfirmView valid token
        client = PasswordResetConfirmClient()
        default_token_generator = PasswordResetTokenGenerator()
        token = default_token_generator.make_token(self.user)
        uidb64 = urlsafe_base64_encode(str(self.user.pk).encode())
        url = reverse(
            "password_reset_confirm", kwargs={"uidb64": uidb64, "token": token}
        )
        response = client.get(url)
        self.assertContains(
            response, "<title>Enter new password | Django site admin</title>"
        )
        self.assertContains(response, "<h1>Enter new password</h1>")
        # The username is added to the password reset confirmation form to help
        # browser's password managers.
        self.assertContains(
            response,
            '<input class="hidden" autocomplete="username" value="jsmith">',
        )

    def test_password_reset_confirm_view_error_title(self):
        client = PasswordResetConfirmClient()
        default_token_generator = PasswordResetTokenGenerator()
        token = default_token_generator.make_token(self.user)
        uidb64 = urlsafe_base64_encode(str(self.user.pk).encode())
        url = reverse(
            "password_reset_confirm", kwargs={"uidb64": uidb64, "token": token}
        )
        response = client.post(url, {})
        self.assertContains(
            response, "<title>Error: Enter new password | Django site admin</title>"
        )

    @override_settings(AUTH_USER_MODEL="auth_tests.CustomUser")
    def test_password_reset_confirm_view_custom_username_hint(self):
        custom_user = CustomUser.custom_objects.create_user(
            email="joe@example.com",
            date_of_birth=date(1986, 11, 11),
            first_name="Joe",
        )
        client = PasswordResetConfirmClient()
        default_token_generator = PasswordResetTokenGenerator()
        token = default_token_generator.make_token(custom_user)
        uidb64 = urlsafe_base64_encode(str(custom_user.pk).encode())
        url = reverse(
            "password_reset_confirm", kwargs={"uidb64": uidb64, "token": token}
        )
        response = client.get(url)
        self.assertContains(
            response,
            "<title>Enter new password | Django site admin</title>",
        )
        self.assertContains(response, "<h1>Enter new password</h1>")
        # The username field is added to the password reset confirmation form
        # to help browser's password managers.
        self.assertContains(
            response,
            '<input class="hidden" autocomplete="username" value="joe@example.com">',
        )

    def test_password_reset_complete_view(self):
        response = PasswordResetCompleteView.as_view()(self.request)
        self.assertContains(
            response, "<title>Password reset complete | Django site admin</title>"
        )
        self.assertContains(response, "<h1>Password reset complete</h1>")

    def test_password_reset_change_view(self):
        response = PasswordChangeView.as_view(success_url="dummy/")(self.request)
        self.assertContains(
            response, "<title>Password change | Django site admin</title>"
        )
        self.assertContains(response, "<h1>Password change</h1>")

    def test_password_change_done_view(self):
        response = PasswordChangeDoneView.as_view()(self.request)
        self.assertContains(
            response, "<title>Password change successful | Django site admin</title>"
        )
        self.assertContains(response, "<h1>Password change successful</h1>")
Refs #31978 -- Fixed hint in admin's password reset confirmation form for custom username fields. Thanks Jaap Roes for the report. 2020-11-28 09:20:29 +00:00			`from datetime import date`

Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00			`from django.contrib.auth import authenticate`
			`from django.contrib.auth.models import User`
			`from django.contrib.auth.tokens import PasswordResetTokenGenerator`
			`from django.contrib.auth.views import (`
Fixed #17209 -- Added password reset/change class-based views Thanks Tim Graham for the review. 2013-04-09 21:31:58 +00:00			`PasswordChangeDoneView,`
			`PasswordChangeView,`
			`PasswordResetCompleteView,`
Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header. Thanks Florian Apolloner for contributing to this patch and Collin Anderson, Markus Holtermann, and Tim Graham for review. 2017-01-13 14:17:54 +00:00			`PasswordResetDoneView,`
			`PasswordResetView,`
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00			`)`
Sorted imports with isort; refs #23860. 2015-01-28 12:35:27 +00:00			`from django.test import RequestFactory, TestCase, override_settings`
Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header. Thanks Florian Apolloner for contributing to this patch and Collin Anderson, Markus Holtermann, and Tim Graham for review. 2017-01-13 14:17:54 +00:00			`from django.urls import reverse`
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00			`from django.utils.http import urlsafe_base64_encode`

Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header. Thanks Florian Apolloner for contributing to this patch and Collin Anderson, Markus Holtermann, and Tim Graham for review. 2017-01-13 14:17:54 +00:00			`from .client import PasswordResetConfirmClient`
Refs #31978 -- Fixed hint in admin's password reset confirmation form for custom username fields. Thanks Jaap Roes for the report. 2020-11-28 09:20:29 +00:00			`from .models import CustomUser`
Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header. Thanks Florian Apolloner for contributing to this patch and Collin Anderson, Markus Holtermann, and Tim Graham for review. 2017-01-13 14:17:54 +00:00
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00
Fixed #26175 -- Removed SHA1 password hashes in tests. 2016-02-05 20:56:52 +00:00			`@override_settings(ROOT_URLCONF="auth_tests.urls")`
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00			`class AuthTemplateTests(TestCase):`
Made reused RequestFactory instances class attributes. 2018-11-26 19:01:27 +00:00			`request_factory = RequestFactory()`
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00
Split AuthTemplateTests into test methods. 2017-01-11 23:12:06 +00:00			`@classmethod`
			`def setUpTestData(cls):`
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00			`user = User.objects.create_user("jsmith", "jsmith@example.com", "pass")`
			`user = authenticate(username=user.username, password="pass")`
Made reused RequestFactory instances class attributes. 2018-11-26 19:01:27 +00:00			`request = cls.request_factory.get("/somepath/")`
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00			`request.user = user`
Split AuthTemplateTests into test methods. 2017-01-11 23:12:06 +00:00			`cls.user, cls.request = user, request`
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00
Refs #22909 -- Removed camelCasing in auth_tests.test_templates tests. 2020-11-28 09:28:11 +00:00			`def test_password_reset_view(self):`
Split AuthTemplateTests into test methods. 2017-01-11 23:12:06 +00:00			`response = PasswordResetView.as_view(success_url="dummy/")(self.request)`
Fixed #31992 -- Made admin password reset templates use title/content_title blocks from the base template. 2020-09-10 09:53:09 +00:00			`self.assertContains(`
			`response, "<title>Password reset \| Django site admin</title>"`
			`)`
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00			`self.assertContains(response, "<h1>Password reset</h1>")`

Refs #35706 -- Prefixed 'Error:' to titles of admin pages with form errors. This improves the screen reader experience. 2024-08-30 18:14:32 +00:00			`def test_password_reset_view_error_title(self):`
			`response = self.client.post(reverse("password_reset"), {})`
			`self.assertContains(`
			`response, "<title>Error: Password reset \| Django site admin</title>"`
			`)`

Refs #22909 -- Removed camelCasing in auth_tests.test_templates tests. 2020-11-28 09:28:11 +00:00			`def test_password_reset_done_view(self):`
Split AuthTemplateTests into test methods. 2017-01-11 23:12:06 +00:00			`response = PasswordResetDoneView.as_view()(self.request)`
Fixed #31992 -- Made admin password reset templates use title/content_title blocks from the base template. 2020-09-10 09:53:09 +00:00			`self.assertContains(`
			`response, "<title>Password reset sent \| Django site admin</title>"`
			`)`
Refs #23793 -- Fixed test failure after password reset messages clarification 2014-11-15 16:05:24 +00:00			`self.assertContains(response, "<h1>Password reset sent</h1>")`
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00
Refs #22909 -- Removed camelCasing in auth_tests.test_templates tests. 2020-11-28 09:28:11 +00:00			`def test_password_reset_confirm_view_invalid_token(self):`
Fixed #17209 -- Added password reset/change class-based views Thanks Tim Graham for the review. 2013-04-09 21:31:58 +00:00			`# PasswordResetConfirmView invalid token`
Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header. Thanks Florian Apolloner for contributing to this patch and Collin Anderson, Markus Holtermann, and Tim Graham for review. 2017-01-13 14:17:54 +00:00			`client = PasswordResetConfirmClient()`
			`url = reverse(`
			`"password_reset_confirm", kwargs={"uidb64": "Bad", "token": "Bad-Token"}`
			`)`
			`response = client.get(url)`
Fixed #31992 -- Made admin password reset templates use title/content_title blocks from the base template. 2020-09-10 09:53:09 +00:00			`self.assertContains(`
			`response, "<title>Password reset unsuccessful \| Django site admin</title>"`
			`)`
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00			`self.assertContains(response, "<h1>Password reset unsuccessful</h1>")`

Refs #22909 -- Removed camelCasing in auth_tests.test_templates tests. 2020-11-28 09:28:11 +00:00			`def test_password_reset_confirm_view_valid_token(self):`
Fixed #17209 -- Added password reset/change class-based views Thanks Tim Graham for the review. 2013-04-09 21:31:58 +00:00			`# PasswordResetConfirmView valid token`
Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header. Thanks Florian Apolloner for contributing to this patch and Collin Anderson, Markus Holtermann, and Tim Graham for review. 2017-01-13 14:17:54 +00:00			`client = PasswordResetConfirmClient()`
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00			`default_token_generator = PasswordResetTokenGenerator()`
Split AuthTemplateTests into test methods. 2017-01-11 23:12:06 +00:00			`token = default_token_generator.make_token(self.user)`
Refs #27795 -- Removed force_bytes() usage from django/utils/http.py. django.utils.http.urlsafe_base64_encode() now returns a string, not a bytestring. Since URLs are represented as strings, urlsafe_base64_encode() should return a string. All uses immediately decoded the bytestring to a string anyway. As the inverse operation, urlsafe_base64_decode() accepts a string. 2018-10-01 23:18:04 +00:00			`uidb64 = urlsafe_base64_encode(str(self.user.pk).encode())`
Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header. Thanks Florian Apolloner for contributing to this patch and Collin Anderson, Markus Holtermann, and Tim Graham for review. 2017-01-13 14:17:54 +00:00			`url = reverse(`
			`"password_reset_confirm", kwargs={"uidb64": uidb64, "token": token}`
			`)`
			`response = client.get(url)`
Fixed #31992 -- Made admin password reset templates use title/content_title blocks from the base template. 2020-09-10 09:53:09 +00:00			`self.assertContains(`
			`response, "<title>Enter new password \| Django site admin</title>"`
			`)`
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00			`self.assertContains(response, "<h1>Enter new password</h1>")`
Fixed #31978 -- Added username hint to admin's password reset confirmation form. 2020-08-19 17:54:30 +00:00			`# The username is added to the password reset confirmation form to help`
			`# browser's password managers.`
			`self.assertContains(`
			`response,`
Avoided direct styles in admin templates. Direct styles might be forbidden by Content Security Policies. 2020-11-10 20:32:15 +00:00			`'<input class="hidden" autocomplete="username" value="jsmith">',`
Fixed #31978 -- Added username hint to admin's password reset confirmation form. 2020-08-19 17:54:30 +00:00			`)`
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00
Refs #35706 -- Prefixed 'Error:' to titles of admin pages with form errors. This improves the screen reader experience. 2024-08-30 18:14:32 +00:00			`def test_password_reset_confirm_view_error_title(self):`
			`client = PasswordResetConfirmClient()`
			`default_token_generator = PasswordResetTokenGenerator()`
			`token = default_token_generator.make_token(self.user)`
			`uidb64 = urlsafe_base64_encode(str(self.user.pk).encode())`
			`url = reverse(`
			`"password_reset_confirm", kwargs={"uidb64": uidb64, "token": token}`
			`)`
			`response = client.post(url, {})`
			`self.assertContains(`
			`response, "<title>Error: Enter new password \| Django site admin</title>"`
			`)`

Refs #31978 -- Fixed hint in admin's password reset confirmation form for custom username fields. Thanks Jaap Roes for the report. 2020-11-28 09:20:29 +00:00			`@override_settings(AUTH_USER_MODEL="auth_tests.CustomUser")`
			`def test_password_reset_confirm_view_custom_username_hint(self):`
			`custom_user = CustomUser.custom_objects.create_user(`
			`email="joe@example.com",`
			`date_of_birth=date(1986, 11, 11),`
			`first_name="Joe",`
			`)`
			`client = PasswordResetConfirmClient()`
			`default_token_generator = PasswordResetTokenGenerator()`
			`token = default_token_generator.make_token(custom_user)`
			`uidb64 = urlsafe_base64_encode(str(custom_user.pk).encode())`
			`url = reverse(`
			`"password_reset_confirm", kwargs={"uidb64": uidb64, "token": token}`
			`)`
			`response = client.get(url)`
			`self.assertContains(`
			`response,`
			`"<title>Enter new password \| Django site admin</title>",`
			`)`
			`self.assertContains(response, "<h1>Enter new password</h1>")`
			`# The username field is added to the password reset confirmation form`
			`# to help browser's password managers.`
			`self.assertContains(`
			`response,`
			`'<input class="hidden" autocomplete="username" value="joe@example.com">',`
			`)`

Refs #22909 -- Removed camelCasing in auth_tests.test_templates tests. 2020-11-28 09:28:11 +00:00			`def test_password_reset_complete_view(self):`
Split AuthTemplateTests into test methods. 2017-01-11 23:12:06 +00:00			`response = PasswordResetCompleteView.as_view()(self.request)`
Fixed #31992 -- Made admin password reset templates use title/content_title blocks from the base template. 2020-09-10 09:53:09 +00:00			`self.assertContains(`
			`response, "<title>Password reset complete \| Django site admin</title>"`
			`)`
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00			`self.assertContains(response, "<h1>Password reset complete</h1>")`

Refs #22909 -- Removed camelCasing in auth_tests.test_templates tests. 2020-11-28 09:28:11 +00:00			`def test_password_reset_change_view(self):`
Split AuthTemplateTests into test methods. 2017-01-11 23:12:06 +00:00			`response = PasswordChangeView.as_view(success_url="dummy/")(self.request)`
Fixed #31992 -- Made admin password reset templates use title/content_title blocks from the base template. 2020-09-10 09:53:09 +00:00			`self.assertContains(`
			`response, "<title>Password change \| Django site admin</title>"`
			`)`
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00			`self.assertContains(response, "<h1>Password change</h1>")`

Refs #22909 -- Removed camelCasing in auth_tests.test_templates tests. 2020-11-28 09:28:11 +00:00			`def test_password_change_done_view(self):`
Split AuthTemplateTests into test methods. 2017-01-11 23:12:06 +00:00			`response = PasswordChangeDoneView.as_view()(self.request)`
Fixed #31992 -- Made admin password reset templates use title/content_title blocks from the base template. 2020-09-10 09:53:09 +00:00			`self.assertContains(`
			`response, "<title>Password change successful \| Django site admin</title>"`
			`)`
Fixed #18511 -- Cleaned up admin password reset template titles. 2012-07-03 09:50:40 +00:00			`self.assertContains(response, "<h1>Password change successful</h1>")`