for readability, and adds unit test for expired token

2011-09-05 18:57:06 -05:00 · 2011-09-05 18:57:06 -05:00 · 4bcaf9f32a
commit 4bcaf9f32a
parent 65a8304794
2 changed files with 12 additions and 2 deletions
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@ -224,7 +224,7 @@ def forgot_password(request):
 def verify_forgot_password(request):
    # get session variables, and specifically check for presence of token
    mysession = _process_for_token(request)
-    if not mysession['token_complete']:
+    if not mysession['has_userid_and_token']:
        return render_404(request)

    session_token = mysession['vars']['token']
@ -275,6 +275,6 @@ def _process_for_token(request):
        session_vars = request.POST

    mysession = {'vars': session_vars,
-                 'token_complete': session_vars.has_key('userid') and
+                 'has_userid_and_token': session_vars.has_key('userid') and
                                                  session_vars.has_key('token')}
    return mysession
--- a/mediagoblin/tests/test_auth.py
+++ b/mediagoblin/tests/test_auth.py
@ -281,6 +281,16 @@ def test_register_views(test_app):
            new_user['_id']), status=400)
    assert response.status == '400 Bad Request'

+    ## Try using an expired token to change password, shouldn't work
+    util.clear_test_template_context()
+    real_token_expiration = new_user['fp_token_expire']
+    new_user['fp_token_expire'] = datetime.datetime.now()
+    new_user.save()
+    response = test_app.get("%s?%s" % (path, get_params), status=400)
+    assert response.status == '400 Bad Request'
+    new_user['fp_token_expire'] = real_token_expiration
+    new_user.save()
+
    ## Verify step 1 of password-change works -- can see form to change password
    util.clear_test_template_context()
    response = test_app.get("%s?%s" % (path, get_params))