From d6dfd439f31af1981f3b5fe569df6d5d6b4bb9c4 Mon Sep 17 00:00:00 2001
From: sebastien <sebastien@yaal.coop>
Date: Thu, 14 Nov 2024 16:10:43 +0100
Subject: [PATCH] adds tests for ENABLE_PASSWORD_COMPROMISSION_CHECK config

---
 canaille/app/forms.py               | 2 ++
 tests/app/test_forms.py             | 7 +++++++
 tests/core/test_profile_settings.py | 4 ++++
 tests/core/test_registration.py     | 4 ++++
 4 files changed, 17 insertions(+)

diff --git a/canaille/app/forms.py b/canaille/app/forms.py
index a142fdd0..af92dff8 100644
--- a/canaille/app/forms.py
+++ b/canaille/app/forms.py
@@ -112,6 +112,8 @@ def compromised_password_validator(form, field):
                         "This password appears on public compromission databases and is not secure."
                     )
                 )
+    else:
+        return None
 
 
 def email_validator(form, field):
diff --git a/tests/app/test_forms.py b/tests/app/test_forms.py
index 4c275f0d..d598f47b 100644
--- a/tests/app/test_forms.py
+++ b/tests/app/test_forms.py
@@ -339,6 +339,8 @@ def test_maximum_password_length_config(testclient):
 
 @mock.patch("requests.api.get")
 def test_compromised_password_validator(api_get, testclient):
+    current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
+
     class Response:
         content = b"1E4C9B93F3F0682250B6CF8331B7EE68FD8:3\r\nCAA6D483CC3887DCE9D1B8EB91408F1EA7A:3\r\nAD6438836DBE526AA231ABDE2D0EEF74D42:3\r\n8289894DDB6317178960AB5AE98B81BBF97:1\r\n5FF0B6F9EAC40D5CA7B4DAA7B64F0E6F4AA:2\r\n"
 
@@ -362,11 +364,15 @@ def test_compromised_password_validator(api_get, testclient):
     with pytest.raises(wtforms.ValidationError):
         compromised_password_validator(None, Field("azertyuiop123"))
 
+    current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = False
+    assert compromised_password_validator(None, Field("password")) is None
+
 
 @mock.patch("requests.api.get")
 def test_compromised_password_validator_with_failure_of_api_request_and_no_SMTP_in_config(
     api_get, testclient, logged_user
 ):
+    current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
     api_get.side_effect = mock.Mock(side_effect=Exception())
     current_app.config["CANAILLE"]["SMTP"] = None
 
@@ -388,6 +394,7 @@ def test_compromised_password_validator_with_failure_of_api_request_and_no_SMTP_
 def test_compromised_password_validator_with_failure_of_api_request_and_only_with_htmx(
     api_get, testclient, logged_user
 ):
+    current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
     api_get.side_effect = mock.Mock(side_effect=Exception())
 
     res = testclient.get("/profile/user/settings")
diff --git a/tests/core/test_profile_settings.py b/tests/core/test_profile_settings.py
index 09bd3967..388f1d90 100644
--- a/tests/core/test_profile_settings.py
+++ b/tests/core/test_profile_settings.py
@@ -157,6 +157,7 @@ def test_profile_settings_too_long_password(testclient, logged_user):
 
 
 def test_profile_settings_compromised_password(testclient, logged_user):
+    current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
     """Tests if password is compromised."""
 
     def with_different_values(password, message):
@@ -190,6 +191,7 @@ def test_profile_settings_compromised_password(testclient, logged_user):
 def test_profile_settings_compromised_password_request_api_failed_but_password_updated(
     api_get, testclient, logged_user, backend
 ):
+    current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
     api_get.side_effect = mock.Mock(side_effect=Exception())
 
     current_app.config["CANAILLE"]["ACL"]["ADMIN"]["FILTER"] = {"groups": "admins"}
@@ -217,6 +219,7 @@ def test_profile_settings_compromised_password_request_api_failed_but_password_u
 def test_compromised_password_validator_with_failure_of_api_request_and_success_mail_to_admin_from_settings_form(
     api_get, testclient, backend, admins_group, user, logged_user
 ):
+    current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
     api_get.side_effect = mock.Mock(side_effect=Exception())
 
     res = testclient.get("/profile/user/settings", status=200)
@@ -242,6 +245,7 @@ def test_compromised_password_validator_with_failure_of_api_request_and_success_
 def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_send_mail_to_admin_from_settings_form(
     api_get, testclient, backend, admins_group, user, logged_user
 ):
+    current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
     api_get.side_effect = mock.Mock(side_effect=Exception())
     current_app.config["CANAILLE"]["SMTP"]["TLS"] = False
 
diff --git a/tests/core/test_registration.py b/tests/core/test_registration.py
index 05a12c1d..a07b2a60 100644
--- a/tests/core/test_registration.py
+++ b/tests/core/test_registration.py
@@ -155,6 +155,7 @@ def test_registration_mail_error(SMTP, testclient, backend, smtpd, foo_group):
 
 def test_registration_with_compromised_password(testclient, backend):
     """Tests a nominal registration with compromised password."""
+    current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
     testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
     testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False
 
@@ -178,6 +179,7 @@ def test_registration_with_compromised_password(testclient, backend):
 def test_registration_with_compromised_password_request_api_failed_but_account_created(
     api_get, testclient, backend
 ):
+    current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
     api_get.side_effect = mock.Mock(side_effect=Exception())
     testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
     testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False
@@ -208,6 +210,7 @@ def test_registration_with_compromised_password_request_api_failed_but_account_c
 def test_compromised_password_validator_with_failure_of_api_request_and_success_mail_to_admin_from_register_form(
     api_get, testclient, backend, admins_group
 ):
+    current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
     api_get.side_effect = mock.Mock(side_effect=Exception())
     testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
     testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False
@@ -242,6 +245,7 @@ def test_compromised_password_validator_with_failure_of_api_request_and_success_
 def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_send_mail_to_admin_from_register_form(
     api_get, testclient, backend, admins_group
 ):
+    current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
     api_get.side_effect = mock.Mock(side_effect=Exception())
     current_app.config["CANAILLE"]["SMTP"]["TLS"] = False
     testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True