From 1df1c89ea01a8822899d8eabcf2170f33815c335 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89loi=20Rivard?= <eloi.rivard@nubla.fr>
Date: Sat, 24 Dec 2022 02:52:05 +0100
Subject: [PATCH] unit tests: user creation without password

---
 canaille/account.py   | 19 +++++++++++--------
 canaille/models.py    |  1 -
 tests/test_profile.py | 16 ++++++++++++++++
 3 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/canaille/account.py b/canaille/account.py
index 995566f7..aab2a411 100644
--- a/canaille/account.py
+++ b/canaille/account.py
@@ -382,9 +382,11 @@ def profile_create(current_app, form):
         for group in groups:
             group.add_member(user)
 
-    if not form["password1"].data or user.set_password(form["password1"].data):
-        flash(_("User account creation succeed."), "success")
-        user.save()
+    if form["password1"].data:
+        user.set_password(form["password1"].data)
+
+    flash(_("User account creation succeed."), "success")
+    user.save()
 
     return user
 
@@ -491,11 +493,11 @@ def profile_edit(editor, username):
                 user["jpegPhoto"] = None
 
             if (
-                "password1" not in request.form
-                or not form["password1"].data
-                or user.set_password(form["password1"].data)
-            ) and request.form["action"] == "edit":
-                flash(_("Profile updated successfuly."), "success")
+                "password1" in request.form
+                and form["password1"].data
+                and request.form["action"] == "edit"
+            ):
+                user.set_password(form["password1"].data)
 
             if (
                 "preferredLanguage" in request.form
@@ -503,6 +505,7 @@ def profile_edit(editor, username):
             ):
                 user.preferredLanguage = None
 
+            flash(_("Profile updated successfuly."), "success")
             user.save()
             return redirect(url_for("account.profile_edition", username=username))
 
diff --git a/canaille/models.py b/canaille/models.py
index 61f481cc..b9b72fb2 100644
--- a/canaille/models.py
+++ b/canaille/models.py
@@ -100,7 +100,6 @@ class User(LDAPObject):
             None,
             password.encode("utf-8"),
         )
-        return True
 
     @property
     def name(self):
diff --git a/tests/test_profile.py b/tests/test_profile.py
index 6a2febb9..273d93da 100644
--- a/tests/test_profile.py
+++ b/tests/test_profile.py
@@ -258,6 +258,7 @@ def test_user_creation_edition_and_deletion(
 
     # User have been created
     res = res.form.submit(name="action", value="edit", status=302).follow(status=200)
+    assert "User account creation succeed." in res
     george = User.get("george")
     george.load_groups()
     foo_group.reload()
@@ -295,6 +296,21 @@ def test_user_creation_edition_and_deletion(
     assert "george" not in res.text
 
 
+def test_user_creation_without_password(testclient, logged_moderator):
+    res = testclient.get("/profile", status=200)
+    res.form["uid"] = "george"
+    res.form["sn"] = "Abitbol"
+    res.form["mail"] = "george@abitbol.com"
+
+    res = res.form.submit(name="action", value="edit", status=302).follow(status=200)
+    assert "User account creation succeed." in res
+    george = User.get("george")
+    assert george.uid[0] == "george"
+    assert not george.userPassword
+
+    george.delete()
+
+
 def test_user_creation_form_validation_failed(
     testclient, logged_moderator, foo_group, bar_group
 ):