globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

changes flash message when the password is compromised.

Browse source
This commit is contained in:
sebastien 2024-11-13 16:21:52 +01:00
parent ae9c1309b9
commit 4c146cc970
3 changed files with 35 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
canaille/app/forms.py
View file

@ -107,7 +107,11 @@ def compromised_password_validator(form, field):
for each in decoded_response: for each in decoded_response:
if hashed_password_suffix == each.split(":")[0]: if hashed_password_suffix == each.split(":")[0]:
raise wtforms.ValidationError(_("This password appears on public compromission databases and is not secure.")) raise wtforms.ValidationError(
_(
"This password appears on public compromission databases and is not secure."
)
)
def email_validator(form, field): def email_validator(form, field):

49
tests/core/test_profile_settings.py
View file

@ -174,8 +174,14 @@ def test_profile_settings_compromised_password(testclient, logged_user):
) )
res.mustcontain(message) res.mustcontain(message)
with_different_values("aaaaaaaa", "This password is compromised.") with_different_values(
with_different_values("azertyuiop", "This password is compromised.") "aaaaaaaa",
"This password appears on public compromission databases and is not secure.",
)
with_different_values(
"azertyuiop",
"This password appears on public compromission databases and is not secure.",
)
with_different_values("a" * 1000, 'data-percent="25"') with_different_values("a" * 1000, 'data-percent="25"')
with_different_values("i'm a little pea", 'data-percent="100"') with_different_values("i'm a little pea", 'data-percent="100"')
@ -208,42 +214,35 @@ def test_profile_settings_compromised_password_request_api_failed_but_password_u
@mock.patch("requests.api.get") @mock.patch("requests.api.get")
def test_compromised_password_validator_with_failure_of_api_request_and_success_mail_to_admins_from_settings_form( def test_compromised_password_validator_with_failure_of_api_request_and_success_mail_to_admin_from_settings_form(
api_get, testclient, backend, admins_group, user, logged_user api_get, testclient, backend, admins_group, user, logged_user
): ):
api_get.side_effect = mock.Mock(side_effect=Exception()) api_get.side_effect = mock.Mock(side_effect=Exception())
def with_and_without_admin_group(group): res = testclient.get("/profile/user/settings", status=200)
current_app.config["CANAILLE"]["ACL"]["ADMIN"]["FILTER"] = group
res = testclient.get("/profile/user/settings", status=200) res.form.user = user
res.form["password1"] = "123456789"
res.form["password2"] = "123456789"
res.form.user = user res = res.form.submit(name="action", value="edit-settings")
res.form["password1"] = "123456789"
res.form["password2"] = "123456789"
res = res.form.submit(name="action", value="edit-settings") assert (
"error",
assert ( "Password compromise investigation failed. Please contact the administrators.",
"error", ) in res.flashes
"Password compromise investigation failed. Please contact the administrators.", assert (
) in res.flashes "success",
assert ( "We have informed your administrator about the failure of the password compromise investigation.",
"success", ) in res.flashes
"We have informed your administrator about the failure of the password compromise investigation.", assert ("success", "Profile updated successfully.") in res.flashes
) in res.flashes
assert ("success", "Profile updated successfully.") in res.flashes
with_and_without_admin_group({"groups": "admins"})
with_and_without_admin_group(None)
@mock.patch("requests.api.get") @mock.patch("requests.api.get")
def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_send_mail_to_admins_from_settings_form( def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_send_mail_to_admin_from_settings_form(
api_get, testclient, backend, admins_group, user, logged_user api_get, testclient, backend, admins_group, user, logged_user
): ):
api_get.side_effect = mock.Mock(side_effect=Exception()) api_get.side_effect = mock.Mock(side_effect=Exception())
current_app.config["CANAILLE"]["ACL"]["ADMIN"]["FILTER"] = {"groups": "admins"}
current_app.config["CANAILLE"]["SMTP"]["TLS"] = False current_app.config["CANAILLE"]["SMTP"]["TLS"] = False
assert not backend.query(models.User, user_name="newuser") assert not backend.query(models.User, user_name="newuser")

48
tests/core/test_registration.py
View file

@ -153,7 +153,7 @@ def test_registration_mail_error(SMTP, testclient, backend, smtpd, foo_group):
assert len(smtpd.messages) == 0 assert len(smtpd.messages) == 0
def test_registration_with_compromised_password(testclient, backend, foo_group): def test_registration_with_compromised_password(testclient, backend):
"""Tests a nominal registration with compromised password.""" """Tests a nominal registration with compromised password."""
testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False
@ -166,7 +166,9 @@ def test_registration_with_compromised_password(testclient, backend, foo_group):
res.form["family_name"] = "newuser" res.form["family_name"] = "newuser"
res.form["emails-0"] = "newuser@example.com" res.form["emails-0"] = "newuser@example.com"
res = res.form.submit() res = res.form.submit()
res.mustcontain("This password is compromised.") res.mustcontain(
"This password appears on public compromission databases and is not secure."
)
user = backend.get(models.User, user_name="newuser") user = backend.get(models.User, user_name="newuser")
assert user is None assert user is None
@ -177,7 +179,6 @@ def test_registration_with_compromised_password_request_api_failed_but_account_c
api_get, testclient, backend api_get, testclient, backend
): ):
api_get.side_effect = mock.Mock(side_effect=Exception()) api_get.side_effect = mock.Mock(side_effect=Exception())
current_app.config["CANAILLE"]["ACL"]["ADMIN"]["FILTER"] = {"groups": "admins"}
testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False
@ -204,11 +205,10 @@ def test_registration_with_compromised_password_request_api_failed_but_account_c
@mock.patch("requests.api.get") @mock.patch("requests.api.get")
def test_compromised_password_validator_with_failure_of_api_request_and_success_mail_to_admins_from_register_form_with_admin_group( def test_compromised_password_validator_with_failure_of_api_request_and_success_mail_to_admin_from_register_form(
api_get, testclient, backend, admins_group api_get, testclient, backend, admins_group
): ):
api_get.side_effect = mock.Mock(side_effect=Exception()) api_get.side_effect = mock.Mock(side_effect=Exception())
current_app.config["CANAILLE"]["ACL"]["ADMIN"]["FILTER"] = {"groups": "admins"}
testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False
@ -239,46 +239,10 @@ def test_compromised_password_validator_with_failure_of_api_request_and_success_
@mock.patch("requests.api.get") @mock.patch("requests.api.get")
def test_compromised_password_validator_with_failure_of_api_request_and_success_mail_to_admins_from_register_form_without_admin_group( def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_send_mail_to_admin_from_register_form(
api_get, testclient, backend, admins_group api_get, testclient, backend, admins_group
): ):
api_get.side_effect = mock.Mock(side_effect=Exception()) api_get.side_effect = mock.Mock(side_effect=Exception())
current_app.config["CANAILLE"]["ACL"]["ADMIN"]["FILTER"] = None
testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False
assert not backend.query(models.User, user_name="newuser")
res = testclient.get(url_for("core.account.registration"), status=200)
res.form["user_name"] = "newuser"
res.form["password1"] = "123456789"
res.form["password2"] = "123456789"
res.form["family_name"] = "newuser"
res.form["emails-0"] = "newuser@example.com"
res = res.form.submit()
assert (
"error",
"Password compromise investigation failed. Please contact the administrators.",
) in res.flashes
assert (
"success",
"We have informed your administrator about the failure of the password compromise investigation.",
) in res.flashes
assert ("success", "Your account has been created successfully.") in res.flashes
user = backend.get(models.User, user_name="newuser")
assert user
backend.delete(user)
@mock.patch("requests.api.get")
def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_send_mail_to_admins_from_register_form(
api_get, testclient, backend, admins_group
):
api_get.side_effect = mock.Mock(side_effect=Exception())
current_app.config["CANAILLE"]["ACL"]["ADMIN"]["FILTER"] = {"groups": "admins"}
current_app.config["CANAILLE"]["SMTP"]["TLS"] = False current_app.config["CANAILLE"]["SMTP"]["TLS"] = False
testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False