feat: add view to change current user password

2024-08-05 11:45:00 -05:00 · 2024-08-05 11:45:00 -05:00 · a2ba88ca8f
commit a2ba88ca8f
parent 70d13ee1e7
13 changed files with 259 additions and 7 deletions
--- a/tests/forms/test_base.py
+++ b/tests/forms/test_base.py
@ -1,6 +1,7 @@
 # -*- coding: utf-8; -*-

 from unittest import TestCase
+from unittest.mock import MagicMock

 import colander
 import deform
@ -179,12 +180,41 @@ class TestForm(TestCase):

    def test_render_vue_field(self):
        self.pyramid_config.include('pyramid_deform')
-
        schema = self.make_schema()
        form = self.make_form(schema=schema)
+        dform = form.get_deform()
+
+        # typical
        html = form.render_vue_field('foo')
        self.assertIn('<b-field :horizontal="true" label="Foo">', html)
        self.assertIn('<b-input name="foo"', html)
+        # nb. no error message
+        self.assertNotIn('message', html)
+
+        # with single "static" error
+        dform['foo'].error = MagicMock(msg="something is wrong")
+        html = form.render_vue_field('foo')
+        self.assertIn(' message="something is wrong"', html)
+
+        # with single "dynamic" error
+        dform['foo'].error = MagicMock(msg="`something is wrong`")
+        html = form.render_vue_field('foo')
+        self.assertIn(':message="`something is wrong`"', html)
+
+    def test_get_field_errors(self):
+        schema = self.make_schema()
+        form = self.make_form(schema=schema)
+        dform = form.get_deform()
+
+        # no error
+        errors = form.get_field_errors('foo')
+        self.assertEqual(len(errors), 0)
+
+        # simple error
+        dform['foo'].error = MagicMock(msg="something is wrong")
+        errors = form.get_field_errors('foo')
+        self.assertEqual(len(errors), 1)
+        self.assertEqual(errors[0], "something is wrong")

    def test_get_vue_field_value(self):
        schema = self.make_schema()
--- a/tests/views/test_auth.py
+++ b/tests/views/test_auth.py
@ -70,3 +70,75 @@ class TestAuthView(TestCase):
        redirect = view.logout()
        self.request.session.delete.assert_called_once_with()
        self.assertIsInstance(redirect, HTTPFound)
+
+    def test_change_password(self):
+        view = mod.AuthView(self.request)
+        auth = self.app.get_auth_handler()
+
+        # unauthenticated user is redirected
+        redirect = view.change_password()
+        self.assertIsInstance(redirect, HTTPFound)
+
+        # now "login" the user, and set initial password
+        self.request.user = self.user
+        auth.set_user_password(self.user, 'foo')
+        self.session.commit()
+
+        # view should now return context w/ form
+        context = view.change_password()
+        self.assertIn('form', context)
+
+        # submit valid form, ensure password is changed
+        # (nb. this also would redirect user to home page)
+        self.request.method = 'POST'
+        self.request.POST = {
+            'current_password': 'foo',
+            # nb. new_password requires colander mapping structure
+            '__start__': 'new_password:mapping',
+            'new_password': 'bar',
+            'new_password-confirm': 'bar',
+            '__end__': 'new_password:mapping',
+        }
+        redirect = view.change_password()
+        self.assertIsInstance(redirect, HTTPFound)
+        self.session.commit()
+        self.session.refresh(self.user)
+        self.assertFalse(auth.check_user_password(self.user, 'foo'))
+        self.assertTrue(auth.check_user_password(self.user, 'bar'))
+
+        # at this point 'foo' is the password, now let's submit some
+        # invalid forms and make sure we get back a context w/ form
+
+        # first try empty data
+        self.request.POST = {}
+        context = view.change_password()
+        self.assertIn('form', context)
+        dform = context['form'].get_deform()
+        self.assertEqual(dform['current_password'].errormsg, "Required")
+        self.assertEqual(dform['new_password'].errormsg, "Required")
+
+        # now try bad current password
+        self.request.POST = {
+            'current_password': 'blahblah',
+            '__start__': 'new_password:mapping',
+            'new_password': 'baz',
+            'new_password-confirm': 'baz',
+            '__end__': 'new_password:mapping',
+        }
+        context = view.change_password()
+        self.assertIn('form', context)
+        dform = context['form'].get_deform()
+        self.assertEqual(dform['current_password'].errormsg, "Current password is incorrect.")
+
+        # now try bad new password
+        self.request.POST = {
+            'current_password': 'bar',
+            '__start__': 'new_password:mapping',
+            'new_password': 'bar',
+            'new_password-confirm': 'bar',
+            '__end__': 'new_password:mapping',
+        }
+        context = view.change_password()
+        self.assertIn('form', context)
+        dform = context['form'].get_deform()
+        self.assertEqual(dform['new_password'].errormsg, "New password must be different from old password.")