external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: require passreset's target user is unsuspended

Browse source 
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2022-02-03 19:05:01 -08:00
parent ef0285bc7c
commit 9111f645b7
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
2 changed files with 24 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

12
test/test_accounts_routes.py
View file

@ -152,6 +152,18 @@ def test_post_passreset_user(client: TestClient, user: User):
assert response.headers.get("location") == "/passreset?step=confirm"
def test_post_passreset_user_suspended(client: TestClient, user: User):
with db.begin():
user.Suspended = True
with client as request:
response = request.post("/passreset", data={"user": TEST_USERNAME})
assert response.status_code == int(HTTPStatus.NOT_FOUND)
errors = get_errors(response.text)
expected = "Invalid e-mail."
assert errors[0].text.strip() == expected
def test_post_passreset_resetkey(client: TestClient, user: User):
with db.begin():
user.session = Session(UsersID=user.ID, SessionID="blah",