~deadlight/canonical-identity-provider/password-reset

Viewing changes to src/webui/tests/test_views_ui.py

Committer: Tarmac
Author(s): Daniel Manrique
Date: 2015-08-12 19:49:09 UTC
mfrom: (1313.2.13 pwd-blacklist-flat-file)
Revision ID: tarmac-20150812194909-girn1k78xdlut76v

[r=nataliabidart,james-w] Implement a password blacklist.
Passwords which should not be used can be added to a file and users will either be disallowed from setting them, or asked to change them if their existing password was newly added to the blacklist.

files added:
blacklist-devel.txt

password-blacklist.txt

src/identityprovider/apps.py

src/identityprovider/tests/test_apps.py

files modified:
django_project/settings_base.py

django_project/settings_devel.py

po/api/api.pot

po/identityprovider/identityprovider.pot

po/webui/webui.pot

src/identityprovider/__init__.py

src/identityprovider/tests/test_utils.py

src/identityprovider/tests/test_validators.py

src/identityprovider/utils.py

src/identityprovider/validators.py

src/webui/tests/test_views_ui.py

Show diffs side-by-side

added added

removed removed

src/webui/tests/test_views_ui.py

from urlparse import urlsplit

from django.conf import settings

from django.contrib.auth.models import AnonymousUser, check_password

from django.contrib.auth.models import (

AnonymousUser,

check_password,

make_password

)

from django.contrib.sessions.models import Session

from django.core import mail

from django.core.exceptions import ValidationError

440

444

# user is not logged in

441

445

self.assertNotIn('session_token', self.client.session)

442

446

447

def test_login_with_blacklisted_password(self):

448

# Update account with long enough password

449

test_pass = "aPasswordToBlacklist1"

450

self.account.accountpassword.password = make_password(test_pass)

451

self.account.accountpassword.save()

452

# Ensure the account is in the team that forces blacklisting

453

self.factory.add_account_to_team(self.account,

454

self.factory.make_team('canonical'))

455

# Blacklist the test password

456

self._apply_patch('identityprovider.utils.get_password_blacklist',

457

return_value=set([test_pass.lower()]))

458

# Use the now-blacklisted password when trying to login

459

self.data['password'] = test_pass

460

r = self.client.post(reverse('login'), self.data)

461

# The form should redirect to reset password view,

462

# not back to login

463

self.assertEqual(r.status_code, 302)

464

redirect_url = r'(/token/.*/\+resetpassword/%s)' % self.email

465

url_match = re.search(redirect_url, urllib2.unquote(r['location']))

466

self.assertIsNotNone(url_match)

467

reset_password_url = url_match.groups()[0]

468

r = self.client.get(reset_password_url)

469

self.assertContains(r, escape("doesn't meet security constraints"))

470

self.assertContains(r,

471

escape("it is very common and susceptible"))

472

473

# next request passes validation

474

resp = self.client.post(reset_password_url, {

475

'passwordconfirm': 'FooBar12345', 'password': 'FooBar12345'})

476

self.assertRedirects(resp, reverse('account-index'))

477

478

def test_try_to_set_blacklisted_password(self):

479

# Update account with long enough password so the initial login

480

# doesn't force me to change it

481

test_pass = "aPasswordThatMatchesThePolicy1"

482

self.account.accountpassword.password = make_password(test_pass)

483

self.account.accountpassword.save()

484

# Ensure the account is in the team that forces blacklisting

485

self.factory.add_account_to_team(self.account,

486

self.factory.make_team('canonical'))

487

# Blacklist the password we'll try to set next

488

self._apply_patch('identityprovider.utils.get_password_blacklist',

489

return_value=set(['blacklisted1']))

490

# Log in with the initially-set, "good" password

491

self.data['password'] = test_pass

492

r = self.client.post(reverse('login'), self.data, follow=True)

493

self.assertContains(r, "Choose password")

494

# Now try to change it to the blacklisted one

495

r = self.client.post('/', {'passwordconfirm': 'Blacklisted1',

496

'password': 'Blacklisted1'})

497

self.assertContains(r,

498

escape("it is very common and susceptible"))

499

443

500

444

501

class LogoutTestCase(UIViewsBaseTestCase):

445

502

Older »