Permalink
Browse files

Merge branch 'develop' of github.com:mattupstate/flask-security into …

…develop
  • Loading branch information...
2 parents d314e54 + f854c24 commit 668b4ee651a096d7d83e8821f3b096514c47dd84 @mattupstate committed Jan 24, 2014
Showing with 14 additions and 0 deletions.
  1. +4 −0 flask_security/utils.py
  2. +10 −0 tests/configured_tests.py
View
@@ -318,6 +318,10 @@ def get_token_status(token, serializer, max_age=None):
expired = True
except BadSignature:
invalid = True
+ except TypeError:
+ invalid = True
+ except ValueError:
+ invalid = True
if data:
user = _datastore.find_user(id=data[0])
View
@@ -426,6 +426,16 @@ def test_reset_password_with_invalid_token(self):
m = self.get_message('INVALID_RESET_PASSWORD_TOKEN')
self.assertIn(m.encode('utf-8'), r.data)
+ def test_reset_password_with_mangled_token(self):
+ t = "WyIxNjQ2MzYiLCIxMzQ1YzBlZmVhM2VhZjYwODgwMDhhZGU2YzU0MzZjMiJd.BZEw_Q.lQyo3npdPZtcJ_sNHVHP103syjM&url_id=fbb89a8328e58c181ea7d064c2987874bc54a23d"
+ r = self._post('/reset/' + t, data={
+ 'password': 'newpassword',
+ 'password_confirm': 'newpassword'
+ }, follow_redirects=True)
+
+ m = self.get_message('INVALID_RESET_PASSWORD_TOKEN')
+ self.assertIn(m.encode('utf-8'), r.data)
+
class ExpiredResetPasswordTest(SecurityTest):

0 comments on commit 668b4ee

Please sign in to comment.