From dbaa4eb522876d18139b4329077fa6c295fbe1ec Mon Sep 17 00:00:00 2001
From: Rohan Rangray <rrangray@ucsd.edu>
Date: Tue, 5 May 2015 19:51:24 -0700
Subject: [PATCH] Finished writing tests for PasswordReset and UserLogout

---
 flashcards/tests/test_api.py | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/flashcards/tests/test_api.py b/flashcards/tests/test_api.py
index 13659b0..fbf925d 100644
--- a/flashcards/tests/test_api.py
+++ b/flashcards/tests/test_api.py
@@ -1,6 +1,6 @@
 from django.core import mail
 from flashcards.models import User
-from rest_framework.status import HTTP_201_CREATED, HTTP_200_OK, HTTP_401_UNAUTHORIZED
+from rest_framework.status import HTTP_204_NO_CONTENT, HTTP_201_CREATED, HTTP_200_OK, HTTP_401_UNAUTHORIZED
 from rest_framework.test import APITestCase
 from re import search
 
@@ -41,32 +41,48 @@ class LoginTests(APITestCase):
         self.assertContains(response, 'Account is disabled', status_code=403)
 
     def test_logout(self):
-        self.client.login(email='none@none.com', password='1234')
-        self.client.post('/api/logout')
+        url = '/api/login'
+        data = {'email': 'test@flashy.cards', 'password': '1234'}
+        response = self.client.post(url, data, format='json')
+        self.assertEqual(response.status_code, HTTP_200_OK)
 
+        p = self.client.post('/api/logout')
+        self.assertEqual(p.status_code, HTTP_204_NO_CONTENT)
         response = self.client.get('/api/users/me', format='json')
+
         # since we're not logged in, we shouldn't be able to see this
         self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED)
 
 class PasswordResetTest(APITestCase):
     def setUp(self):
+        # create a user to test things with
         email = "test@flashy.cards"
         User.objects.create_user(email=email, password="12345")
 
     def test_reset_password(self):
+        # submit the request to reset the password
         url = '/api/reset_password'
         post_data = {'email': 'test@flashy.cards'}
-        patch_data = {'new_password': '54321',
-                    'uid': '', 'token': ''}
         self.client.post(url, post_data, format='json') 
         self.assertEqual(len(mail.outbox), 1)
         self.assertIn('reset your password', mail.outbox[0].body)
 
+        # capture the reset token from the email
         capture = search('https://flashy.cards/app/reset_password/(\d+)/(.*)', 
                              mail.outbox[0].body)
+        patch_data = {'new_password': '54321'}
         patch_data['uid'] = capture.group(1)
-        patch_data['token'] = capture.group(2)
-        self.client.patch(url, patch_data, format='json')
+        reset_token = capture.group(2)
+
+        # try to reset the password with the wrong reset token
+        patch_data['token'] = 'wrong_token'
+        response = self.client.patch(url, patch_data, format='json')
+        self.assertContains(response, 'Could not verify reset token', status_code=400)
+
+        # try to reset the password with the correct token
+        patch_data['token'] = reset_token
+        response = self.client.patch(url, patch_data, format='json')
+        self.assertEqual(response.status_code, HTTP_204_NO_CONTENT)
         user = User.objects.get(id=patch_data['uid'])
         assert user.check_password(patch_data['new_password'])
 
-- 
1.9.1