Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS.

2025-09-26 12:09:19 +00:00 · 2017-05-27 16:27:13 -04:00 · 2017-05-27 16:27:13 -04:00 · 95993a89ce
commit 95993a89ce
parent 8c45b5b903
3 changed files with 11 additions and 4 deletions
--- a/tests/auth_tests/test_tokens.py
+++ b/tests/auth_tests/test_tokens.py
@ -43,11 +43,12 @@ class TokenGeneratorTest(TestCase):
        user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')
        p0 = PasswordResetTokenGenerator()
        tk1 = p0.make_token(user)
-        p1 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS))
+        p1 = Mocked(date.today() + timedelta(days=settings.PASSWORD_RESET_TIMEOUT_DAYS, seconds=-1))
        self.assertTrue(p1.check_token(user, tk1))
-
-        p2 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1))
+        p2 = Mocked(date.today() + timedelta(days=settings.PASSWORD_RESET_TIMEOUT_DAYS))
        self.assertFalse(p2.check_token(user, tk1))
+        p3 = Mocked(date.today() + timedelta(days=settings.PASSWORD_RESET_TIMEOUT_DAYS, seconds=1))
+        self.assertFalse(p3.check_token(user, tk1))

    def test_check_token_with_nonexistent_token_and_user(self):
        user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')