[extensions-web/bugfix/reset-tokens] auth: fixed reset token pattern

From: Yuri Konotopov <ykonotopov src gnome org>
To: commits-list gnome org
Cc:
Subject: [extensions-web/bugfix/reset-tokens] auth: fixed reset token pattern
Date: Sun, 16 Jan 2022 19:48:28 +0000 (UTC)


commit b55a3953769f8bae0600c8bc02ea7410acac2b65
Author: Yuri Konotopov <ykonotopov gnome org>
Date:   Sun Jan 16 23:42:09 2022 +0400

    auth: fixed reset token pattern
    
    It was changed in Django 3.1 from sha1 to sha256 so our URL pattern stopped
    matching tokens.

 sweettooth/auth/tests.py | 16 ++++++++++++++--
 sweettooth/auth/urls.py  |  4 +++-
 2 files changed, 17 insertions(+), 3 deletions(-)
---
diff --git a/sweettooth/auth/tests.py b/sweettooth/auth/tests.py
index e8b48fb..a95b29b 100644
--- a/sweettooth/auth/tests.py
+++ b/sweettooth/auth/tests.py
@@ -8,11 +8,15 @@
     (at your option) any later version.
 """
 
+import re
+
 from django_registration import validators
 
 from django.contrib.auth import get_user_model
+from django.contrib.auth.tokens import PasswordResetTokenGenerator
 from django.test.testcases import TestCase
 from .forms import AutoFocusRegistrationForm, RegistrationForm
+from .urls import PASSWORD_RESET_TOKEN_PATTERN
 
 User = get_user_model()
 
@@ -30,8 +34,9 @@ class RegistrationDataTest(TestCase):
     }
 
     @classmethod
-    def setUp(cls):
-        User.objects.create_user(
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.registered_user = User.objects.create_user(
             username=cls.registration_data[User.USERNAME_FIELD],
             email=cls.registration_data['email'],
             password=cls.registration_data['password']
@@ -90,3 +95,10 @@ class RegistrationTests(RegistrationDataTest):
 
         form = RegistrationForm(data=data)
         self.assertFalse(form.is_valid())
+
+class PasswordResetTests(RegistrationDataTest):
+    def test_reset_token_pattern(self):
+        token = PasswordResetTokenGenerator().make_token(self.registered_user)
+        pattern = re.compile(f'^{PASSWORD_RESET_TOKEN_PATTERN}$')
+
+        self.assertTrue(pattern.match(token))
diff --git a/sweettooth/auth/urls.py b/sweettooth/auth/urls.py
index 89dcd8e..3fa4c3f 100644
--- a/sweettooth/auth/urls.py
+++ b/sweettooth/auth/urls.py
@@ -9,6 +9,8 @@ from django_registration.backends.activation.views import RegistrationView
 
 from sweettooth.auth import views, forms
 
+PASSWORD_RESET_TOKEN_PATTERN = r'[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,32}'
+
 urlpatterns = [
     re_path(r'^login/', LoginView.as_view(form_class=forms.AuthenticationForm), name='auth-login'),
 
@@ -50,7 +52,7 @@ urlpatterns = [
         auth_views.PasswordResetDoneView.as_view(),
         name='password_reset_done'),
     re_path(r'^password/reset/confirm/(?P<uidb64>[0-9A-Za-z_\-]+)/'
-        r'(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$',
+        rf'(?P<token>{PASSWORD_RESET_TOKEN_PATTERN})/$',
         auth_views.PasswordResetConfirmView.as_view(),
         name='password_reset_confirm'),
 ]

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]