forked from Github-Mirrors/canaille
changes flash message when the password is compromised.
This commit is contained in:
sebastien
parent
ae9c1309b9
commit
4c146cc970
3 changed files with 35 additions and 68 deletions
|
|
@ -107,7 +107,11 @@ def compromised_password_validator(form, field):
|
|||
|
||||
for each in decoded_response:
|
||||
if hashed_password_suffix == each.split(":")[0]:
|
||||
raise wtforms.ValidationError(_("This password appears on public compromission databases and is not secure."))
|
||||
raise wtforms.ValidationError(
|
||||
_(
|
||||
"This password appears on public compromission databases and is not secure."
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
def email_validator(form, field):
|
||||
|
|
|
|||
|
|
@ -174,8 +174,14 @@ def test_profile_settings_compromised_password(testclient, logged_user):
|
|||
)
|
||||
res.mustcontain(message)
|
||||
|
||||
with_different_values("aaaaaaaa", "This password is compromised.")
|
||||
with_different_values("azertyuiop", "This password is compromised.")
|
||||
with_different_values(
|
||||
"aaaaaaaa",
|
||||
"This password appears on public compromission databases and is not secure.",
|
||||
)
|
||||
with_different_values(
|
||||
"azertyuiop",
|
||||
"This password appears on public compromission databases and is not secure.",
|
||||
)
|
||||
with_different_values("a" * 1000, 'data-percent="25"')
|
||||
with_different_values("i'm a little pea", 'data-percent="100"')
|
||||
|
||||
|
|
@ -208,14 +214,11 @@ def test_profile_settings_compromised_password_request_api_failed_but_password_u
|
|||
|
||||
|
||||
@mock.patch("requests.api.get")
|
||||
def test_compromised_password_validator_with_failure_of_api_request_and_success_mail_to_admins_from_settings_form(
|
||||
def test_compromised_password_validator_with_failure_of_api_request_and_success_mail_to_admin_from_settings_form(
|
||||
api_get, testclient, backend, admins_group, user, logged_user
|
||||
):
|
||||
api_get.side_effect = mock.Mock(side_effect=Exception())
|
||||
|
||||
def with_and_without_admin_group(group):
|
||||
current_app.config["CANAILLE"]["ACL"]["ADMIN"]["FILTER"] = group
|
||||
|
||||
res = testclient.get("/profile/user/settings", status=200)
|
||||
|
||||
res.form.user = user
|
||||
|
|
@ -234,16 +237,12 @@ def test_compromised_password_validator_with_failure_of_api_request_and_success_
|
|||
) in res.flashes
|
||||
assert ("success", "Profile updated successfully.") in res.flashes
|
||||
|
||||
with_and_without_admin_group({"groups": "admins"})
|
||||
with_and_without_admin_group(None)
|
||||
|
||||
|
||||
@mock.patch("requests.api.get")
|
||||
def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_send_mail_to_admins_from_settings_form(
|
||||
def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_send_mail_to_admin_from_settings_form(
|
||||
api_get, testclient, backend, admins_group, user, logged_user
|
||||
):
|
||||
api_get.side_effect = mock.Mock(side_effect=Exception())
|
||||
current_app.config["CANAILLE"]["ACL"]["ADMIN"]["FILTER"] = {"groups": "admins"}
|
||||
current_app.config["CANAILLE"]["SMTP"]["TLS"] = False
|
||||
|
||||
assert not backend.query(models.User, user_name="newuser")
|
||||
|
|
|
|||
|
|
@ -153,7 +153,7 @@ def test_registration_mail_error(SMTP, testclient, backend, smtpd, foo_group):
|
|||
assert len(smtpd.messages) == 0
|
||||
|
||||
|
||||
def test_registration_with_compromised_password(testclient, backend, foo_group):
|
||||
def test_registration_with_compromised_password(testclient, backend):
|
||||
"""Tests a nominal registration with compromised password."""
|
||||
testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
|
||||
testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False
|
||||
|
|
@ -166,7 +166,9 @@ def test_registration_with_compromised_password(testclient, backend, foo_group):
|
|||
res.form["family_name"] = "newuser"
|
||||
res.form["emails-0"] = "newuser@example.com"
|
||||
res = res.form.submit()
|
||||
res.mustcontain("This password is compromised.")
|
||||
res.mustcontain(
|
||||
"This password appears on public compromission databases and is not secure."
|
||||
)
|
||||
|
||||
user = backend.get(models.User, user_name="newuser")
|
||||
assert user is None
|
||||
|
|
@ -177,7 +179,6 @@ def test_registration_with_compromised_password_request_api_failed_but_account_c
|
|||
api_get, testclient, backend
|
||||
):
|
||||
api_get.side_effect = mock.Mock(side_effect=Exception())
|
||||
current_app.config["CANAILLE"]["ACL"]["ADMIN"]["FILTER"] = {"groups": "admins"}
|
||||
testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
|
||||
testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False
|
||||
|
||||
|
|
@ -204,11 +205,10 @@ def test_registration_with_compromised_password_request_api_failed_but_account_c
|
|||
|
||||
|
||||
@mock.patch("requests.api.get")
|
||||
def test_compromised_password_validator_with_failure_of_api_request_and_success_mail_to_admins_from_register_form_with_admin_group(
|
||||
def test_compromised_password_validator_with_failure_of_api_request_and_success_mail_to_admin_from_register_form(
|
||||
api_get, testclient, backend, admins_group
|
||||
):
|
||||
api_get.side_effect = mock.Mock(side_effect=Exception())
|
||||
current_app.config["CANAILLE"]["ACL"]["ADMIN"]["FILTER"] = {"groups": "admins"}
|
||||
testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
|
||||
testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False
|
||||
|
||||
|
|
@ -239,46 +239,10 @@ def test_compromised_password_validator_with_failure_of_api_request_and_success_
|
|||
|
||||
|
||||
@mock.patch("requests.api.get")
|
||||
def test_compromised_password_validator_with_failure_of_api_request_and_success_mail_to_admins_from_register_form_without_admin_group(
|
||||
def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_send_mail_to_admin_from_register_form(
|
||||
api_get, testclient, backend, admins_group
|
||||
):
|
||||
api_get.side_effect = mock.Mock(side_effect=Exception())
|
||||
current_app.config["CANAILLE"]["ACL"]["ADMIN"]["FILTER"] = None
|
||||
testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
|
||||
testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False
|
||||
|
||||
assert not backend.query(models.User, user_name="newuser")
|
||||
|
||||
res = testclient.get(url_for("core.account.registration"), status=200)
|
||||
res.form["user_name"] = "newuser"
|
||||
res.form["password1"] = "123456789"
|
||||
res.form["password2"] = "123456789"
|
||||
res.form["family_name"] = "newuser"
|
||||
res.form["emails-0"] = "newuser@example.com"
|
||||
|
||||
res = res.form.submit()
|
||||
|
||||
assert (
|
||||
"error",
|
||||
"Password compromise investigation failed. Please contact the administrators.",
|
||||
) in res.flashes
|
||||
assert (
|
||||
"success",
|
||||
"We have informed your administrator about the failure of the password compromise investigation.",
|
||||
) in res.flashes
|
||||
assert ("success", "Your account has been created successfully.") in res.flashes
|
||||
|
||||
user = backend.get(models.User, user_name="newuser")
|
||||
assert user
|
||||
backend.delete(user)
|
||||
|
||||
|
||||
@mock.patch("requests.api.get")
|
||||
def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_send_mail_to_admins_from_register_form(
|
||||
api_get, testclient, backend, admins_group
|
||||
):
|
||||
api_get.side_effect = mock.Mock(side_effect=Exception())
|
||||
current_app.config["CANAILLE"]["ACL"]["ADMIN"]["FILTER"] = {"groups": "admins"}
|
||||
current_app.config["CANAILLE"]["SMTP"]["TLS"] = False
|
||||
testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
|
||||
testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False
|
||||
|
|
|
|||
Loading…
Reference in a new issue