440
444
# user is not logged in
441
445
self.assertNotIn('session_token', self.client.session)
447
def test_login_with_blacklisted_password(self):
448
# Update account with long enough password
449
test_pass = "aPasswordToBlacklist1"
450
self.account.accountpassword.password = make_password(test_pass)
451
self.account.accountpassword.save()
452
# Ensure the account is in the team that forces blacklisting
453
self.factory.add_account_to_team(self.account,
454
self.factory.make_team('canonical'))
455
# Blacklist the test password
456
self._apply_patch('identityprovider.utils.get_password_blacklist',
457
return_value=set([test_pass.lower()]))
458
# Use the now-blacklisted password when trying to login
459
self.data['password'] = test_pass
460
r = self.client.post(reverse('login'), self.data)
461
# The form should redirect to reset password view,
463
self.assertEqual(r.status_code, 302)
464
redirect_url = r'(/token/.*/\+resetpassword/%s)' % self.email
465
url_match = re.search(redirect_url, urllib2.unquote(r['location']))
466
self.assertIsNotNone(url_match)
467
reset_password_url = url_match.groups()[0]
468
r = self.client.get(reset_password_url)
469
self.assertContains(r, escape("doesn't meet security constraints"))
470
self.assertContains(r,
471
escape("it is very common and susceptible"))
473
# next request passes validation
474
resp = self.client.post(reset_password_url, {
475
'passwordconfirm': 'FooBar12345', 'password': 'FooBar12345'})
476
self.assertRedirects(resp, reverse('account-index'))
478
def test_try_to_set_blacklisted_password(self):
479
# Update account with long enough password so the initial login
480
# doesn't force me to change it
481
test_pass = "aPasswordThatMatchesThePolicy1"
482
self.account.accountpassword.password = make_password(test_pass)
483
self.account.accountpassword.save()
484
# Ensure the account is in the team that forces blacklisting
485
self.factory.add_account_to_team(self.account,
486
self.factory.make_team('canonical'))
487
# Blacklist the password we'll try to set next
488
self._apply_patch('identityprovider.utils.get_password_blacklist',
489
return_value=set(['blacklisted1']))
490
# Log in with the initially-set, "good" password
491
self.data['password'] = test_pass
492
r = self.client.post(reverse('login'), self.data, follow=True)
493
self.assertContains(r, "Choose password")
494
# Now try to change it to the blacklisted one
495
r = self.client.post('/', {'passwordconfirm': 'Blacklisted1',
496
'password': 'Blacklisted1'})
497
self.assertContains(r,
498
escape("it is very common and susceptible"))
444
501
class LogoutTestCase(UIViewsBaseTestCase):