diff options
| author | 0livd <github@destras.fr> | 2017-12-15 17:10:28 +0100 |
|---|---|---|
| committer | Alexis Metaireau <alexis@notmyidea.org> | 2017-12-15 17:10:28 +0100 |
| commit | 8a68ac0d5b85f896dd59042c207bc63c3d026f7d (patch) | |
| tree | 888f9729d656eb0bec4f2e329301776bd31e1a9e /ihatemoney/tests/tests.py | |
| parent | 2866c868d55d197de8c39c34debc878b38929d98 (diff) | |
| download | ihatemoney-mirror-8a68ac0d5b85f896dd59042c207bc63c3d026f7d.zip ihatemoney-mirror-8a68ac0d5b85f896dd59042c207bc63c3d026f7d.tar.gz ihatemoney-mirror-8a68ac0d5b85f896dd59042c207bc63c3d026f7d.tar.bz2 | |
Use token based auth in invitation e-mails (#280)
* Use token based auth in invitation e-mails
Invitation e-mails no longer contain the clear
text project password
* Skip invite page after project creation
- Replace ``The project identifier is demo, remember it!``
by ``Invite other people to join this project!``
(linking to the invite page)
- Encourage users to share the project password via other
communication means in the reminder email
Diffstat (limited to 'ihatemoney/tests/tests.py')
| -rw-r--r-- | ihatemoney/tests/tests.py | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/ihatemoney/tests/tests.py b/ihatemoney/tests/tests.py index 123ea36..a421762 100644 --- a/ihatemoney/tests/tests.py +++ b/ihatemoney/tests/tests.py @@ -152,6 +152,29 @@ class BudgetTestCase(IhatemoneyTestCase): # only one message is sent to multiple persons self.assertEqual(len(outbox), 0) + def test_invite(self): + """Test that invitation e-mails are sent properly + """ + self.login("raclette") + self.post_project("raclette") + with self.app.mail.record_messages() as outbox: + self.client.post("/raclette/invite", + data={"emails": 'toto@notmyidea.org'}) + self.assertEqual(len(outbox), 1) + url_start = outbox[0].body.find('You can log in using this link: ') + 32 + url_end = outbox[0].body.find('.\n', url_start) + url = outbox[0].body[url_start:url_end] + self.client.get("/exit") + # Test that we got a valid token + resp = self.client.get(url, follow_redirects=True) + self.assertIn('You probably want to <a href="/raclette/add"', resp.data.decode('utf-8')) + # Test empty and invalid tokens + self.client.get("/exit") + resp = self.client.get("/authenticate") + self.assertIn("You either provided a bad token", resp.data.decode('utf-8')) + resp = self.client.get("/authenticate?token=token") + self.assertIn("You either provided a bad token", resp.data.decode('utf-8')) + def test_password_reminder(self): # test that it is possible to have an email cotaining the password of a # project in case people forget it (and it happens!) |