CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Added basic Django password validations and updated .gitignore (#136)

Browse Source
This commit is contained in:
Jason Estibeiro
2016-05-11 17:08:31 +05:30
committed by Raphael Michel
parent 1bfe2d4525
commit e685f8e819
7 changed files with 232 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

166
src/tests/control/test_auth.py
View File

@@ -114,20 +114,88 @@ class RegistrationFormTest(TestCase):
})
self.assertEqual(response.status_code, 200)
def test_user_attribute_similarity_passwords(self):
response = self.client.post('/control/register', {
'email': 'dummy@dummy.dummy',
'password': 'dummydummy',
'password_repeat': 'dummydummy'
})
self.assertEqual(response.status_code, 200)
def test_short_passwords(self):
response = self.client.post('/control/register', {
'email': 'dummy@dummy.dummy',
'password': 'foobar',
'password_repeat': 'foobar'
})
self.assertEqual(response.status_code, 200)
def test_common_passwords(self):
response = self.client.post('/control/register', {
'email': 'dummy@dummy.dummy',
'password': 'password',
'password_repeat': 'password'
})
self.assertEqual(response.status_code, 200)
response = self.client.post('/control/register', {
'email': 'dummy@dummy.dummy',
'password': 'football',
'password_repeat': 'football'
})
self.assertEqual(response.status_code, 200)
response = self.client.post('/control/register', {
'email': 'dummy@dummy.dummy',
'password': 'jennifer',
'password_repeat': 'jennifer'
})
self.assertEqual(response.status_code, 200)
def test_numeric_passwords(self):
response = self.client.post('/control/register', {
'email': 'dummy@dummy.dummy',
'password': '12345678',
'password_repeat': '12345678'
})
self.assertEqual(response.status_code, 200)
response = self.client.post('/control/register', {
'email': 'dummy@dummy.dummy',
'password': '23423523452345235',
'password_repeat': '23423523452345235'
})
self.assertEqual(response.status_code, 200)
def test_empty_passwords(self):
response = self.client.post('/control/register', {
'email': 'dummy@dummy.dummy',
'password': '',
'password_repeat': ''
})
self.assertEqual(response.status_code, 200)
response = self.client.post('/control/register', {
'email': 'dummy@dummy.dummy',
'password': 'foobarbar',
'password_repeat': ''
})
self.assertEqual(response.status_code, 200)
def test_email_duplicate(self):
self.user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
response = self.client.post('/control/register', {
'email': 'dummy@dummy.dummy',
'password': 'foo',
'password_repeat': 'foo'
'password': 'foobarbar',
'password_repeat': 'foobarbar'
})
self.assertEqual(response.status_code, 200)
def test_success(self):
response = self.client.post('/control/register', {
'email': 'dummy@dummy.dummy',
'password': 'foo',
'password_repeat': 'foo'
'password': 'foobarbar',
'password_repeat': 'foobarbar'
})
self.assertEqual(response.status_code, 302)
@@ -175,8 +243,8 @@ class PasswordRecoveryFormTest(TestCase):
response = self.client.post(
'/control/forgot/recover?id=%d&token=foo' % self.user.id,
{
'password': 'foobar',
'password_repeat': 'foobar'
'password': 'foobarbar',
'password_repeat': 'foobarbar'
}
)
self.assertEqual(response.status_code, 302)
@@ -197,8 +265,8 @@ class PasswordRecoveryFormTest(TestCase):
response = self.client.post(
'/control/forgot/recover?id=%d&token=%s' % (self.user.id, token),
{
'password': 'foobar',
'password_repeat': 'foobar'
'password': 'foobarbar',
'password_repeat': 'foobarbar'
}
)
self.assertEqual(response.status_code, 302)
@@ -212,15 +280,29 @@ class PasswordRecoveryFormTest(TestCase):
response = self.client.post(
'/control/forgot/recover?id=%d&token=%s' % (self.user.id, token),
{
'password': 'foobar',
'password_repeat': 'foobar'
'password': 'foobarbar',
'password_repeat': 'foobarbar'
}
)
self.assertEqual(response.status_code, 302)
self.user = User.objects.get(id=self.user.id)
self.assertTrue(self.user.check_password('foobar'))
self.assertTrue(self.user.check_password('foobarbar'))
def test_recovery_valid_token_empty_passwords(self):
token = default_token_generator.make_token(self.user)
response = self.client.get('/control/forgot/recover?id=%d&token=%s' % (self.user.id, token))
self.assertEqual(response.status_code, 200)
response = self.client.post(
'/control/forgot/recover?id=%d&token=%s' % (self.user.id, token),
{
'password': 'foobarbar',
'password_repeat': ''
}
)
self.assertEqual(response.status_code, 200)
self.user = User.objects.get(id=self.user.id)
self.assertTrue(self.user.check_password('demo'))
token = default_token_generator.make_token(self.user)
response = self.client.get('/control/forgot/recover?id=%d&token=%s' % (self.user.id, token))
self.assertEqual(response.status_code, 200)
@@ -228,7 +310,7 @@ class PasswordRecoveryFormTest(TestCase):
'/control/forgot/recover?id=%d&token=%s' % (self.user.id, token),
{
'password': '',
'password_repeat': 'foobar'
'password_repeat': 'foobarbar'
}
)
self.assertEqual(response.status_code, 200)
@@ -249,3 +331,63 @@ class PasswordRecoveryFormTest(TestCase):
self.assertEqual(response.status_code, 200)
self.user = User.objects.get(id=self.user.id)
self.assertTrue(self.user.check_password('demo'))
def test_recovery_valid_token_user_attribute_similarity_passwords(self):
token = default_token_generator.make_token(self.user)
response = self.client.get('/control/forgot/recover?id=%d&token=%s' % (self.user.id, token))
self.assertEqual(response.status_code, 200)
response = self.client.post(
'/control/forgot/recover?id=%d&token=%s' % (self.user.id, token),
{
'password': 'dummydemo',
'password_repeat': 'dummydemo'
}
)
self.assertEqual(response.status_code, 200)
self.user = User.objects.get(id=self.user.id)
self.assertTrue(self.user.check_password('demo'))
def test_recovery_valid_token_short_passwords(self):
token = default_token_generator.make_token(self.user)
response = self.client.get('/control/forgot/recover?id=%d&token=%s' % (self.user.id, token))
self.assertEqual(response.status_code, 200)
response = self.client.post(
'/control/forgot/recover?id=%d&token=%s' % (self.user.id, token),
{
'password': 'foobar',
'password_repeat': 'foobar'
}
)
self.assertEqual(response.status_code, 200)
self.user = User.objects.get(id=self.user.id)
self.assertTrue(self.user.check_password('demo'))
def test_recovery_valid_token_common_passwords(self):
token = default_token_generator.make_token(self.user)
response = self.client.get('/control/forgot/recover?id=%d&token=%s' % (self.user.id, token))
self.assertEqual(response.status_code, 200)
response = self.client.post(
'/control/forgot/recover?id=%d&token=%s' % (self.user.id, token),
{
'password': 'football',
'password_repeat': 'football'
}
)
self.assertEqual(response.status_code, 200)
self.user = User.objects.get(id=self.user.id)
self.assertTrue(self.user.check_password('demo'))
def test_recovery_valid_token_numeric_passwords(self):
token = default_token_generator.make_token(self.user)
response = self.client.get('/control/forgot/recover?id=%d&token=%s' % (self.user.id, token))
self.assertEqual(response.status_code, 200)
response = self.client.post(
'/control/forgot/recover?id=%d&token=%s' % (self.user.id, token),
{
'password': '12345678',
'password_repeat': '12345678'
}
)
self.assertEqual(response.status_code, 200)
self.user = User.objects.get(id=self.user.id)
self.assertTrue(self.user.check_password('demo'))

26
src/tests/control/test_user.py
View File

@@ -67,13 +67,33 @@ class UserSettingsTest(BrowserTest):
assert self.user.password == pw
def test_change_password_success(self):
self.driver.find_element_by_name("new_pw").send_keys("foo")
self.driver.find_element_by_name("new_pw_repeat").send_keys("foo")
self.driver.find_element_by_name("new_pw").send_keys("foobarbar")
self.driver.find_element_by_name("new_pw_repeat").send_keys("foobarbar")
self.driver.find_element_by_name("old_pw").send_keys("dummy")
self.scroll_and_click(self.driver.find_element_by_class_name('btn-save'))
self.driver.find_element_by_class_name("alert-success")
self.user = User.objects.get(pk=self.user.pk)
assert self.user.check_password("foo")
assert self.user.check_password("foobarbar")
def test_change_password_short(self):
self.driver.find_element_by_name("new_pw").send_keys("foobar")
self.driver.find_element_by_name("new_pw_repeat").send_keys("foobar")
self.driver.find_element_by_name("old_pw").send_keys("dummy")
self.scroll_and_click(self.driver.find_element_by_class_name('btn-save'))
self.driver.find_element_by_class_name("alert-danger")
pw = self.user.password
self.user = User.objects.get(pk=self.user.pk)
assert self.user.password == pw
def test_change_password_user_attribute_similarity(self):
self.driver.find_element_by_name("new_pw").send_keys("dummy123")
self.driver.find_element_by_name("new_pw_repeat").send_keys("dummy123")
self.driver.find_element_by_name("old_pw").send_keys("dummy")
self.scroll_and_click(self.driver.find_element_by_class_name('btn-save'))
self.driver.find_element_by_class_name("alert-danger")
pw = self.user.password
self.user = User.objects.get(pk=self.user.pk)
assert self.user.password == pw
def test_change_password_require_repeat(self):
self.driver.find_element_by_name("new_pw").send_keys("foo")