adamspd
diff --git a/‎appointment/messages_.py‎
Lines changed: 6 additions & 3 deletions b/‎appointment/messages_.py‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎appointment/models.py‎
Lines changed: 79 additions & 0 deletions b/‎appointment/models.py‎
Lines changed: 79 additions & 0 deletions
diff --git a/‎appointment/tasks.py‎
Lines changed: 3 additions & 0 deletions b/‎appointment/tasks.py‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎appointment/tests/models/test_password_reset_token.py‎
Lines changed: 187 additions & 0 deletions b/‎appointment/tests/models/test_password_reset_token.py‎
Lines changed: 187 additions & 0 deletions
diff --git a/‎appointment/tests/test_tasks.py‎
Lines changed: 4 additions & 2 deletions b/‎appointment/tests/test_tasks.py‎
Lines changed: 4 additions & 2 deletions
@@ -8,14 +8,17 @@
 
 from django.utils.translation import gettext as _
 
-thank_you_no_payment = _("""We're excited to have you on board! Thank you for booking us.
-We hope you enjoy using our services and find them valuable.""")
+thank_you_no_payment = _("""We're excited to have you on board!""")
 
-thank_you_payment_plus_down = _("""We're excited to have you on board! Thank you for booking us. The next step is 
+thank_you_payment_plus_down = _("""We're excited to have you on board! The next step is 
 to pay for the booking. You have the choice to pay the whole amount or a down deposit.
 If you choose the deposit, you will have to pay the rest of the amount on the day of the booking.""")
 
 thank_you_payment = _("""We're excited to have you on board! Thank you for booking us. The next step is to pay for
 the booking.""")
 
 appt_updated_successfully = _("Appointment updated successfully.")
+
+passwd_set_successfully = _("We've successfully set your password. You can now log in to your account.")
+
+passwd_error = _("The password reset link is invalid or has expired.")
@@ -9,6 +9,7 @@
 import datetime
 import random
 import string
+import uuid
 
 from babel.numbers import get_currency_symbol
 from django.conf import settings
@@ -776,6 +777,84 @@ def check_code(self, code):
         return self.code == code
 
 
+class PasswordResetToken(models.Model):
+    """
+    Represents a password reset token for users.
+
+    Author: Adams Pierre David
+    Version: 3.x.x
+    Since: 3.x.x
+    """
+
+    class TokenStatus(models.TextChoices):
+        ACTIVE = 'active', 'Active'
+        VERIFIED = 'verified', 'Verified'
+        INVALIDATED = 'invalidated', 'Invalidated'
+
+    user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name='password_reset_tokens')
+    token = models.UUIDField(default=uuid.uuid4, editable=False, unique=True)
+    expires_at = models.DateTimeField()
+    status = models.CharField(max_length=11, choices=TokenStatus.choices, default=TokenStatus.ACTIVE)
+
+    # meta data
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+    def __str__(self):
+        return f"Password reset token for {self.user} [{self.token} status: {self.status} expires at {self.expires_at}]"
+
+    @property
+    def is_expired(self):
+        """Checks if the token has expired."""
+        return timezone.now() >= self.expires_at
+
+    @property
+    def is_verified(self):
+        """Checks if the token has been verified."""
+        return self.status == self.TokenStatus.VERIFIED
+
+    @property
+    def is_active(self):
+        """Checks if the token is still active."""
+        return self.status == self.TokenStatus.ACTIVE
+
+    @property
+    def is_invalidated(self):
+        """Checks if the token has been invalidated."""
+        return self.status == self.TokenStatus.INVALIDATED
+
+    @classmethod
+    def create_token(cls, user, expiration_minutes=60):
+        """
+        Generates a new token for the user with a specified expiration time.
+        Before creating a new token, invalidate all previous active tokens by marking them as invalidated.
+        """
+        cls.objects.filter(user=user, expires_at__gte=timezone.now(), status=cls.TokenStatus.ACTIVE).update(
+            status=cls.TokenStatus.INVALIDATED)
+        expires_at = timezone.now() + timezone.timedelta(minutes=expiration_minutes)
+        token = cls.objects.create(user=user, expires_at=expires_at, status=cls.TokenStatus.ACTIVE)
+        return token
+
+    def mark_as_verified(self):
+        """
+        Marks the token as verified.
+        """
+        self.status = self.TokenStatus.VERIFIED
+        self.save(update_fields=['status'])
+
+    @classmethod
+    def verify_token(cls, user, token):
+        """
+        Verifies if the provided token is valid and belongs to the given user.
+        Additionally, checks if the token has not been marked as verified.
+        """
+        try:
+            return cls.objects.get(user=user, token=token, expires_at__gte=timezone.now(),
+                                   status=cls.TokenStatus.ACTIVE)
+        except cls.DoesNotExist:
+            return None
+
+
 class DayOff(models.Model):
     staff_member = models.ForeignKey(StaffMember, on_delete=models.CASCADE)
     start_date = models.DateField()
 
@@ -20,16 +20,19 @@ def send_email_reminder(to_email, first_name, reschedule_link, appointment_id):
     # Fetch the appointment using appointment_id
     logger.info(f"Sending reminder to {to_email} for appointment {appointment_id}")
     appointment = Appointment.objects.get(id=appointment_id)
+    recipient_type = 'client'
     email_context = {
         'first_name': first_name,
         'appointment': appointment,
         'reschedule_link': reschedule_link,
+        'recipient_type': recipient_type,
     }
     send_email(
         recipient_list=[to_email], subject=_("Reminder: Upcoming Appointment"),
         template_url='email_sender/reminder_email.html', context=email_context
     )
     # Notify the admin
+    email_context['recipient_type'] = 'admin'
     notify_admin(
         subject=_("Admin Reminder: Upcoming Appointment"),
         template_url='email_sender/reminder_email.html', context=email_context
 
@@ -0,0 +1,187 @@
+import time
+
+from django.utils import timezone
+
+from appointment.models import PasswordResetToken
+from appointment.tests.base.base_test import BaseTest
+import datetime
+
+
+class PasswordResetTokenTests(BaseTest):
+    def setUp(self):
+        super().setUp()
+        self.user = self.create_user_(username='test_user', email='[email protected]', password='test_pass123')
+        self.expired_time = timezone.now() - datetime.timedelta(minutes=5)
+
+    def test_create_token(self):
+        """Test token creation for a user."""
+        token = PasswordResetToken.create_token(user=self.user)
+        self.assertIsNotNone(token)
+        self.assertFalse(token.is_expired)
+        self.assertFalse(token.is_verified)
+
+    def test_str_representation(self):
+        """Test the string representation of the token."""
+        token = PasswordResetToken.create_token(self.user)
+        expected_str = (f"Password reset token for {self.user} "
+                        f"[{token.token} status: {token.status} expires at {token.expires_at}]")
+        self.assertEqual(str(token), expected_str)
+
+    def test_is_verified_property(self):
+        """Test the is_verified property to check if the token status is correctly identified as verified."""
+        token = PasswordResetToken.create_token(self.user)
+        self.assertFalse(token.is_verified, "Newly created token should not be verified.")
+        token.mark_as_verified()
+        self.assertTrue(token.is_verified, "Token should be marked as verified after calling mark_as_verified.")
+
+    def test_is_active_property(self):
+        """Test the is_active property to check if the token status is correctly identified as active."""
+        token = PasswordResetToken.create_token(self.user)
+        self.assertTrue(token.is_active, "Newly created token should be active.")
+        token.mark_as_verified()
+        token.refresh_from_db()
+        self.assertFalse(token.is_active, "Token should not be active after being verified.")
+
+        # Invalidate the token and check is_active property
+        token.status = PasswordResetToken.TokenStatus.INVALIDATED
+        token.save()
+        self.assertFalse(token.is_active, "Token should not be active after being invalidated.")
+
+    def test_is_invalidated_property(self):
+        """Test the is_invalidated property to check if the token status is correctly identified as invalidated."""
+        token = PasswordResetToken.create_token(self.user)
+        self.assertFalse(token.is_invalidated, "Newly created token should not be invalidated.")
+
+        # Invalidate the token and check is_invalidated property
+        token.status = PasswordResetToken.TokenStatus.INVALIDATED
+        token.save()
+        self.assertTrue(token.is_invalidated, "Token should be marked as invalidated after status change.")
+
+    def test_token_expiration(self):
+        """Test that a token is considered expired after the expiration time."""
+        token = PasswordResetToken.create_token(user=self.user, expiration_minutes=-1)  # Token already expired
+        self.assertTrue(token.is_expired)
+
+    def test_verify_token_success(self):
+        """Test successful token verification."""
+        token = PasswordResetToken.create_token(user=self.user)
+        verified_token = PasswordResetToken.verify_token(user=self.user, token=token.token)
+        self.assertIsNotNone(verified_token)
+
+    def test_verify_token_failure_expired(self):
+        """Test token verification fails if the token has expired."""
+        token = PasswordResetToken.create_token(user=self.user, expiration_minutes=-1)  # Token already expired
+        verified_token = PasswordResetToken.verify_token(user=self.user, token=token.token)
+        self.assertIsNone(verified_token)
+
+    def test_verify_token_failure_wrong_user(self):
+        """Test token verification fails if the token does not belong to the given user."""
+        another_user = self.create_user_(username='another_user', email='[email protected]',
+                                         password='test_pass456')
+        token = PasswordResetToken.create_token(user=self.user)
+        verified_token = PasswordResetToken.verify_token(user=another_user, token=token.token)
+        self.assertIsNone(verified_token)
+
+    def test_verify_token_failure_already_verified(self):
+        """Test token verification fails if the token has already been verified."""
+        token = PasswordResetToken.create_token(user=self.user)
+        token.mark_as_verified()
+        verified_token = PasswordResetToken.verify_token(user=self.user, token=token.token)
+        self.assertIsNone(verified_token)
+
+    def test_mark_as_verified(self):
+        """Test marking a token as verified."""
+        token = PasswordResetToken.create_token(user=self.user)
+        self.assertFalse(token.is_verified)
+        token.mark_as_verified()
+        token.refresh_from_db()  # Refresh the token object from the database
+        self.assertTrue(token.is_verified)
+
+    def test_verify_token_invalid_token(self):
+        """Test token verification fails if the token does not exist."""
+        PasswordResetToken.create_token(user=self.user)
+        invalid_token_uuid = "12345678-1234-1234-1234-123456789012"  # An invalid token UUID
+        verified_token = PasswordResetToken.verify_token(user=self.user, token=invalid_token_uuid)
+        self.assertIsNone(verified_token)
+
+    def test_token_expiration_boundary(self):
+        """Test token verification at the exact moment of expiration."""
+        token = PasswordResetToken.create_token(user=self.user, expiration_minutes=0)  # Token expires now
+        # Assuming there might be a very slight delay before verification, we wait a second
+        time.sleep(1)
+        verified_token = PasswordResetToken.verify_token(user=self.user, token=token.token)
+        self.assertIsNone(verified_token)
+
+    def test_create_multiple_tokens_for_user(self):
+        """Test that multiple tokens can be created for a single user and only the latest is valid."""
+        old_token = PasswordResetToken.create_token(user=self.user)
+        new_token = PasswordResetToken.create_token(user=self.user)
+
+        old_verified = PasswordResetToken.verify_token(user=self.user, token=old_token.token)
+        new_verified = PasswordResetToken.verify_token(user=self.user, token=new_token.token)
+
+        self.assertIsNone(old_verified, "Old token should not be valid after creating a new one")
+        self.assertIsNotNone(new_verified, "New token should be valid")
+
+    def test_expired_token_does_not_verify(self):
+        """Test that an expired token does not verify even if correct."""
+        token = PasswordResetToken.create_token(user=self.user, expiration_minutes=-5)  # Already expired
+        # Fast-forward time to after expiration
+        token.expires_at = timezone.now() - datetime.timedelta(minutes=5)
+        token.save()
+
+        verified_token = PasswordResetToken.verify_token(user=self.user, token=token.token)
+        self.assertIsNone(verified_token, "Expired token should not verify")
+
+    def test_mark_as_verified_is_idempotent(self):
+        """Test that marking a token as verified multiple times has no adverse effect."""
+        token = PasswordResetToken.create_token(user=self.user)
+        token.mark_as_verified()
+        first_verification_time = token.updated_at
+
+        time.sleep(1)  # Ensure time has passed
+        token.mark_as_verified()
+        token.refresh_from_db()
+
+        self.assertTrue(token.is_verified)
+        self.assertEqual(first_verification_time, token.updated_at,
+                         "Token verification time should not update on subsequent calls")
+
+    def test_deleting_user_cascades_to_tokens(self):
+        """Test that deleting a user deletes associated password reset tokens."""
+        token = PasswordResetToken.create_token(user=self.user)
+        self.user.delete()
+
+        with self.assertRaises(PasswordResetToken.DoesNotExist):
+            PasswordResetToken.objects.get(pk=token.pk)
+
+    def test_token_verification_resets_after_expiration(self):
+        """Test that an expired token cannot be verified after its expiration, even if marked as verified."""
+        token = PasswordResetToken.create_token(user=self.user, expiration_minutes=-1)  # Already expired
+        token.mark_as_verified()
+
+        verified_token = PasswordResetToken.verify_token(user=self.user, token=token.token)
+        self.assertIsNone(verified_token, "Expired token should not verify, even if marked as verified")
+
+    def test_verify_token_invalidated(self):
+        """Test token verification fails if the token has been invalidated."""
+        token = PasswordResetToken.create_token(self.user)
+        # Invalidate the token by creating a new one
+        PasswordResetToken.create_token(self.user)
+        verified_token = PasswordResetToken.verify_token(self.user, token.token)
+        self.assertIsNone(verified_token)
+
+    def test_expired_token_verification(self):
+        """Test that an expired token cannot be verified."""
+        token = PasswordResetToken.objects.create(user=self.user, expires_at=self.expired_time,
+                                                  status=PasswordResetToken.TokenStatus.ACTIVE)
+        self.assertTrue(token.is_expired)
+        verified_token = PasswordResetToken.verify_token(self.user, token.token)
+        self.assertIsNone(verified_token, "Expired token should not verify")
+
+    def test_token_verification_after_user_deletion(self):
+        """Test that a token cannot be verified after the associated user is deleted."""
+        token = PasswordResetToken.create_token(self.user)
+        self.user.delete()
+        verified_token = PasswordResetToken.verify_token(self.user, token.token)
+        self.assertIsNone(verified_token, "Token should not verify after user deletion")
@@ -31,12 +31,14 @@ def test_send_email_reminder(self, mock_notify_admin, mock_send_email):
             recipient_list=[to_email],
             subject=_("Reminder: Upcoming Appointment"),
             template_url='email_sender/reminder_email.html',
-            context={'first_name': first_name, 'appointment': appointment, 'reschedule_link': ""}
+            context={'first_name': first_name, 'appointment': appointment, 'reschedule_link': "",
+                     'recipient_type': 'admin'}
         )
 
         # Verify notify_admin was called with correct parameters
         mock_notify_admin.assert_called_once_with(
             subject=_("Admin Reminder: Upcoming Appointment"),
             template_url='email_sender/reminder_email.html',
-            context={'first_name': first_name, 'appointment': appointment, 'reschedule_link': ""}
+            context={'first_name': first_name, 'appointment': appointment, 'reschedule_link': "",
+                     'recipient_type': 'admin'}
         )