Check activation key expiration

atodorov · atodorov · commit 92162112bf22 · 2017-08-07T15:31:29.000+03:00
diff --git a/tcms/core/contrib/auth/tests.py b/tcms/core/contrib/auth/tests.py
@@ -183,6 +183,10 @@ def setUpTestData(cls):
                                            email='new-user@example.com',
                                            password='password')
 
+    def setUp(self):
+        self.new_user.is_active = False
+        self.new_user.save()
+
     def test_fail_if_activation_key_not_exist(self):
         confirm_url = reverse('tcms-confirm',
                               args=['nonexisting-activation-key'])
@@ -197,6 +201,33 @@ def test_fail_if_activation_key_not_exist(self):
             '<a href="{}">Continue</a>'.format(reverse('core-views-index')),
             html=True)
 
+        # user account not activated
+        user = User.objects.get(username=self.new_user.username)
+        self.assertFalse(user.is_active)
+
+    def test_fail_if_activation_key_expired(self):
+        fake_activation_key = 'secret-activation-key'
+
+        with patch('tcms.core.contrib.auth.models.sha1') as sha1:
+            sha1.return_value.hexdigest.return_value = fake_activation_key
+            key = UserActivateKey.set_random_key_for_user(self.new_user)
+            key.key_expires = datetime.datetime.now() - datetime.timedelta(days=10)
+            key.save()
+
+        confirm_url = reverse('tcms-confirm', args=[fake_activation_key])
+        response = self.client.get(confirm_url)
+
+        self.assertContains(response, 'This key has expired')
+
+        self.assertContains(
+            response,
+            '<a href="{}">Continue</a>'.format(reverse('core-views-index')),
+            html=True)
+
+        # user account not activated
+        user = User.objects.get(username=self.new_user.username)
+        self.assertFalse(user.is_active)
+
     def test_confirm(self):
         fake_activate_key = 'secret-activate-key'
 
@@ -218,6 +249,7 @@ def test_confirm(self):
                 reverse('tcms-redirect_to_profile')),
             html=True)
 
+        # user account activated
         user = User.objects.get(username=self.new_user.username)
         self.assertTrue(user.is_active)
         activate_key_deleted = not UserActivateKey.objects.filter(user=user).exists()
diff --git a/tcms/core/contrib/auth/views.py b/tcms/core/contrib/auth/views.py
@@ -1,5 +1,7 @@
 # -*- coding: utf-8 -*-
 
+from datetime import datetime
+
 from django.conf import settings
 from django.contrib import auth
 from django.core.urlresolvers import reverse
@@ -94,6 +96,15 @@ def confirm(request, activation_key):
             next=request.GET.get('next', reverse('core-views-index'))
         )
 
+    if ak.key_expires <= datetime.now():
+        msg = 'This key has expired!'
+        return Prompt.render(
+            request=request,
+            info_type=Prompt.Info,
+            info=msg,
+            next=request.GET.get('next', reverse('core-views-index'))
+        )
+
     # All thing done, start to active the user and use the user login
     user = ak.user
     user.is_active = True
