← Back to branch summary

~ubuntu-branches/ubuntu/quantal/python-django/quantal-security

« back to all changes in this revision

Viewing changes to django/contrib/auth/tests/forms.py

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge
  • Date: 2010-10-12 11:34:35 UTC
  • mfrom: (4.4.9 sid)
  • mto: This revision was merged to the branch mainline in revision 30.
  • Revision ID: james.westby@ubuntu.com-20101012113435-5rk3p18nyanuhj6g
* SECURITY UPDATE: XSS in CSRF protections. New upstream release
  - CVE-2010-3082
* debian/patches/01_disable_url_verify_regression_tests.diff:
  - updated to disable another test that fails without internet connection
  - patch based on work by Kai Kasurinen and Krzysztof Klimonda
* debian/control: don't Build-Depends on locales-all, which doesn't exist
  in maverick

Show diffs side-by-side

added added

removed removed

Lines of Context:
django/contrib/auth/tests/forms.py
1
 
 
2
 
FORM_TESTS = """
3
 
>>> from django.contrib.auth.models import User
4
 
>>> from django.contrib.auth.forms import UserCreationForm, AuthenticationForm
5
 
>>> from django.contrib.auth.forms import PasswordChangeForm, SetPasswordForm
6
 
 
7
 
# The user already exists.
8
 
 
9
 
>>> user = User.objects.create_user("jsmith", "jsmith@example.com", "test123")
10
 
>>> data = {
11
 
...     'username': 'jsmith',
12
 
...     'password1': 'test123',
13
 
...     'password2': 'test123',
14
 
... }
15
 
>>> form = UserCreationForm(data)
16
 
>>> form.is_valid()
17
 
False
18
 
>>> form["username"].errors
19
 
[u'A user with that username already exists.']
20
 
 
21
 
# The username contains invalid data.
22
 
 
23
 
>>> data = {
24
 
...     'username': 'jsmith!',
25
 
...     'password1': 'test123',
26
 
...     'password2': 'test123',
27
 
... }
28
 
>>> form = UserCreationForm(data)
29
 
>>> form.is_valid()
30
 
False
31
 
>>> form["username"].errors
32
 
[u'This value may contain only letters, numbers and @/./+/-/_ characters.']
33
 
 
34
 
# The verification password is incorrect.
35
 
 
36
 
>>> data = {
37
 
...     'username': 'jsmith2',
38
 
...     'password1': 'test123',
39
 
...     'password2': 'test',
40
 
... }
41
 
>>> form = UserCreationForm(data)
42
 
>>> form.is_valid()
43
 
False
44
 
>>> form["password2"].errors
45
 
[u"The two password fields didn't match."]
46
 
 
47
 
# One (or both) passwords weren't given
48
 
 
49
 
>>> data = {'username': 'jsmith2'}
50
 
>>> form = UserCreationForm(data)
51
 
>>> form.is_valid()
52
 
False
53
 
>>> form['password1'].errors
54
 
[u'This field is required.']
55
 
>>> form['password2'].errors
56
 
[u'This field is required.']
57
 
 
58
 
>>> data['password2'] = 'test123'
59
 
>>> form = UserCreationForm(data)
60
 
>>> form.is_valid()
61
 
False
62
 
>>> form['password1'].errors
63
 
[u'This field is required.']
64
 
 
65
 
# The success case.
66
 
 
67
 
>>> data = {
68
 
...     'username': 'jsmith2@example.com',
69
 
...     'password1': 'test123',
70
 
...     'password2': 'test123',
71
 
... }
72
 
>>> form = UserCreationForm(data)
73
 
>>> form.is_valid()
74
 
True
75
 
>>> form.save()
76
 
<User: jsmith2@example.com>
77
 
 
78
 
# The user submits an invalid username.
79
 
 
80
 
>>> data = {
81
 
...     'username': 'jsmith_does_not_exist',
82
 
...     'password': 'test123',
83
 
... }
84
 
 
85
 
>>> form = AuthenticationForm(None, data)
86
 
>>> form.is_valid()
87
 
False
88
 
>>> form.non_field_errors()
89
 
[u'Please enter a correct username and password. Note that both fields are case-sensitive.']
90
 
 
91
 
# The user is inactive.
92
 
 
93
 
>>> data = {
94
 
...     'username': 'jsmith',
95
 
...     'password': 'test123',
96
 
... }
97
 
>>> user.is_active = False
98
 
>>> user.save()
99
 
>>> form = AuthenticationForm(None, data)
100
 
>>> form.is_valid()
101
 
False
102
 
>>> form.non_field_errors()
103
 
[u'This account is inactive.']
104
 
 
105
 
>>> user.is_active = True
106
 
>>> user.save()
107
 
 
108
 
# The success case
109
 
 
110
 
>>> form = AuthenticationForm(None, data)
111
 
>>> form.is_valid()
112
 
True
113
 
>>> form.non_field_errors()
114
 
[]
115
 
 
116
 
### SetPasswordForm:
117
 
 
118
 
# The two new passwords do not match.
119
 
 
120
 
>>> data = {
121
 
...     'new_password1': 'abc123',
122
 
...     'new_password2': 'abc',
123
 
... }
124
 
>>> form = SetPasswordForm(user, data)
125
 
>>> form.is_valid()
126
 
False
127
 
>>> form["new_password2"].errors
128
 
[u"The two password fields didn't match."]
129
 
 
130
 
# The success case.
131
 
 
132
 
>>> data = {
133
 
...     'new_password1': 'abc123',
134
 
...     'new_password2': 'abc123',
135
 
... }
136
 
>>> form = SetPasswordForm(user, data)
137
 
>>> form.is_valid()
138
 
True
139
 
 
140
 
### PasswordChangeForm:
141
 
 
142
 
The old password is incorrect.
143
 
 
144
 
>>> data = {
145
 
...     'old_password': 'test',
146
 
...     'new_password1': 'abc123',
147
 
...     'new_password2': 'abc123',
148
 
... }
149
 
>>> form = PasswordChangeForm(user, data)
150
 
>>> form.is_valid()
151
 
False
152
 
>>> form["old_password"].errors
153
 
[u'Your old password was entered incorrectly. Please enter it again.']
154
 
 
155
 
# The two new passwords do not match.
156
 
 
157
 
>>> data = {
158
 
...     'old_password': 'test123',
159
 
...     'new_password1': 'abc123',
160
 
...     'new_password2': 'abc',
161
 
... }
162
 
>>> form = PasswordChangeForm(user, data)
163
 
>>> form.is_valid()
164
 
False
165
 
>>> form["new_password2"].errors
166
 
[u"The two password fields didn't match."]
167
 
 
168
 
# The success case.
169
 
 
170
 
>>> data = {
171
 
...     'old_password': 'test123',
172
 
...     'new_password1': 'abc123',
173
 
...     'new_password2': 'abc123',
174
 
... }
175
 
>>> form = PasswordChangeForm(user, data)
176
 
>>> form.is_valid()
177
 
True
178
 
 
179
 
# Regression test - check the order of fields:
180
 
 
181
 
>>> PasswordChangeForm(user, {}).fields.keys()
182
 
['old_password', 'new_password1', 'new_password2']
183
 
 
184
 
### UserChangeForm
185
 
 
186
 
>>> from django.contrib.auth.forms import UserChangeForm
187
 
>>> data = {'username': 'not valid'}
188
 
>>> form = UserChangeForm(data, instance=user)
189
 
>>> form.is_valid()
190
 
False
191
 
>>> form['username'].errors
192
 
[u'This value may contain only letters, numbers and @/./+/-/_ characters.']
193
 
 
194
 
 
195
 
### PasswordResetForm
196
 
 
197
 
>>> from django.contrib.auth.forms import PasswordResetForm
198
 
>>> data = {'email':'not valid'}
199
 
>>> form = PasswordResetForm(data)
200
 
>>> form.is_valid()
201
 
False
202
 
>>> form['email'].errors
203
 
[u'Enter a valid e-mail address.']
204
 
 
205
 
# Test nonexistant email address
206
 
>>> data = {'email':'foo@bar.com'}
207
 
>>> form = PasswordResetForm(data)
208
 
>>> form.is_valid()
209
 
False
210
 
>>> form.errors
211
 
{'email': [u"That e-mail address doesn't have an associated user account. Are you sure you've registered?"]}
212
 
 
213
 
# Test cleaned_data bug fix
214
 
>>> user = User.objects.create_user("jsmith3", "jsmith3@example.com", "test123")
215
 
>>> data = {'email':'jsmith3@example.com'}
216
 
>>> form = PasswordResetForm(data)
217
 
>>> form.is_valid()
218
 
True
219
 
>>> form.cleaned_data['email']
220
 
u'jsmith3@example.com'
221
 
 
222
 
# bug #5605, preserve the case of the user name (before the @ in the email address)
223
 
# when creating a user.
224
 
>>> user = User.objects.create_user('forms_test2', 'tesT@EXAMple.com', 'test')
225
 
>>> user.email
226
 
'tesT@example.com'
227
 
>>> user = User.objects.create_user('forms_test3', 'tesT', 'test')
228
 
>>> user.email
229
 
'tesT'
230
 
 
231
 
"""
 
1
from django.contrib.auth.models import User
 
2
from django.contrib.auth.forms import UserCreationForm, AuthenticationForm,  PasswordChangeForm, SetPasswordForm, UserChangeForm, PasswordResetForm
 
3
from django.test import TestCase
 
4
 
 
5
 
 
6
class UserCreationFormTest(TestCase):
 
7
 
 
8
    fixtures = ['authtestdata.json']
 
9
 
 
10
    def test_user_already_exists(self):
 
11
        data = {
 
12
            'username': 'testclient',
 
13
            'password1': 'test123',
 
14
            'password2': 'test123',
 
15
            }
 
16
        form = UserCreationForm(data)
 
17
        self.assertFalse(form.is_valid())
 
18
        self.assertEqual(form["username"].errors,
 
19
                         [u'A user with that username already exists.'])
 
20
 
 
21
    def test_invalid_data(self):
 
22
        data = {
 
23
            'username': 'jsmith!',
 
24
            'password1': 'test123',
 
25
            'password2': 'test123',
 
26
            }
 
27
        form = UserCreationForm(data)
 
28
        self.assertFalse(form.is_valid())
 
29
        self.assertEqual(form["username"].errors,
 
30
                         [u'This value may contain only letters, numbers and @/./+/-/_ characters.'])
 
31
 
 
32
 
 
33
    def test_password_verification(self):
 
34
        # The verification password is incorrect.
 
35
        data = {
 
36
            'username': 'jsmith',
 
37
            'password1': 'test123',
 
38
            'password2': 'test',
 
39
            }
 
40
        form = UserCreationForm(data)
 
41
        self.assertFalse(form.is_valid())
 
42
        self.assertEqual(form["password2"].errors,
 
43
                         [u"The two password fields didn't match."])
 
44
 
 
45
 
 
46
    def test_both_passwords(self):
 
47
        # One (or both) passwords weren't given
 
48
        data = {'username': 'jsmith'}
 
49
        form = UserCreationForm(data)
 
50
        self.assertFalse(form.is_valid())
 
51
        self.assertEqual(form['password1'].errors,
 
52
                         [u'This field is required.'])
 
53
        self.assertEqual(form['password2'].errors,
 
54
                         [u'This field is required.'])
 
55
 
 
56
 
 
57
        data['password2'] = 'test123'
 
58
        form = UserCreationForm(data)
 
59
        self.assertFalse(form.is_valid())
 
60
        self.assertEqual(form['password1'].errors,
 
61
                         [u'This field is required.'])
 
62
 
 
63
    def test_success(self):
 
64
        # The success case.
 
65
 
 
66
        data = {
 
67
            'username': 'jsmith@example.com',
 
68
            'password1': 'test123',
 
69
            'password2': 'test123',
 
70
            }
 
71
        form = UserCreationForm(data)
 
72
        self.assertTrue(form.is_valid())
 
73
        u = form.save()
 
74
        self.assertEqual(repr(u), '<User: jsmith@example.com>')
 
75
 
 
76
 
 
77
class AuthenticationFormTest(TestCase):
 
78
 
 
79
    fixtures = ['authtestdata.json']
 
80
 
 
81
    def test_invalid_username(self):
 
82
        # The user submits an invalid username.
 
83
 
 
84
        data = {
 
85
            'username': 'jsmith_does_not_exist',
 
86
            'password': 'test123',
 
87
            }
 
88
        form = AuthenticationForm(None, data)
 
89
        self.assertFalse(form.is_valid())
 
90
        self.assertEqual(form.non_field_errors(),
 
91
                         [u'Please enter a correct username and password. Note that both fields are case-sensitive.'])
 
92
 
 
93
    def test_inactive_user(self):
 
94
        # The user is inactive.
 
95
        data = {
 
96
            'username': 'inactive',
 
97
            'password': 'password',
 
98
            }
 
99
        form = AuthenticationForm(None, data)
 
100
        self.assertFalse(form.is_valid())
 
101
        self.assertEqual(form.non_field_errors(),
 
102
                         [u'This account is inactive.'])
 
103
 
 
104
 
 
105
    def test_success(self):
 
106
        # The success case
 
107
        data = {
 
108
            'username': 'testclient',
 
109
            'password': 'password',
 
110
            }
 
111
        form = AuthenticationForm(None, data)
 
112
        self.assertTrue(form.is_valid())
 
113
        self.assertEqual(form.non_field_errors(), [])
 
114
 
 
115
 
 
116
class SetPasswordFormTest(TestCase):
 
117
 
 
118
    fixtures = ['authtestdata.json']
 
119
 
 
120
    def test_password_verification(self):
 
121
        # The two new passwords do not match.
 
122
        user = User.objects.get(username='testclient')
 
123
        data = {
 
124
            'new_password1': 'abc123',
 
125
            'new_password2': 'abc',
 
126
            }
 
127
        form = SetPasswordForm(user, data)
 
128
        self.assertFalse(form.is_valid())
 
129
        self.assertEqual(form["new_password2"].errors,
 
130
                         [u"The two password fields didn't match."])
 
131
 
 
132
    def test_success(self):
 
133
        user = User.objects.get(username='testclient')
 
134
        data = {
 
135
            'new_password1': 'abc123',
 
136
            'new_password2': 'abc123',
 
137
            }
 
138
        form = SetPasswordForm(user, data)
 
139
        self.assertTrue(form.is_valid())
 
140
 
 
141
 
 
142
class PasswordChangeFormTest(TestCase):
 
143
 
 
144
    fixtures = ['authtestdata.json']
 
145
 
 
146
    def test_incorrect_password(self):
 
147
        user = User.objects.get(username='testclient')
 
148
        data = {
 
149
            'old_password': 'test',
 
150
            'new_password1': 'abc123',
 
151
            'new_password2': 'abc123',
 
152
            }
 
153
        form = PasswordChangeForm(user, data)
 
154
        self.assertFalse(form.is_valid())
 
155
        self.assertEqual(form["old_password"].errors,
 
156
                         [u'Your old password was entered incorrectly. Please enter it again.'])
 
157
 
 
158
 
 
159
    def test_password_verification(self):
 
160
        # The two new passwords do not match.
 
161
        user = User.objects.get(username='testclient')
 
162
        data = {
 
163
            'old_password': 'password',
 
164
            'new_password1': 'abc123',
 
165
            'new_password2': 'abc',
 
166
            }
 
167
        form = PasswordChangeForm(user, data)
 
168
        self.assertFalse(form.is_valid())
 
169
        self.assertEqual(form["new_password2"].errors,
 
170
                         [u"The two password fields didn't match."])
 
171
 
 
172
 
 
173
    def test_success(self):
 
174
        # The success case.
 
175
        user = User.objects.get(username='testclient')
 
176
        data = {
 
177
            'old_password': 'password',
 
178
            'new_password1': 'abc123',
 
179
            'new_password2': 'abc123',
 
180
            }
 
181
        form = PasswordChangeForm(user, data)
 
182
        self.assertTrue(form.is_valid())
 
183
 
 
184
    def test_field_order(self):
 
185
        # Regression test - check the order of fields:
 
186
        user = User.objects.get(username='testclient')
 
187
        self.assertEqual(PasswordChangeForm(user, {}).fields.keys(),
 
188
                         ['old_password', 'new_password1', 'new_password2'])
 
189
 
 
190
class UserChangeFormTest(TestCase):
 
191
 
 
192
    fixtures = ['authtestdata.json']
 
193
 
 
194
    def test_username_validity(self):
 
195
        user = User.objects.get(username='testclient')
 
196
        data = {'username': 'not valid'}
 
197
        form = UserChangeForm(data, instance=user)
 
198
        self.assertFalse(form.is_valid())
 
199
        self.assertEqual(form['username'].errors,
 
200
                         [u'This value may contain only letters, numbers and @/./+/-/_ characters.'])
 
201
 
 
202
    def test_bug_14242(self):
 
203
        # A regression test, introduce by adding an optimization for the
 
204
        # UserChangeForm.
 
205
 
 
206
        class MyUserForm(UserChangeForm):
 
207
            def __init__(self, *args, **kwargs):
 
208
                super(MyUserForm, self).__init__(*args, **kwargs)
 
209
                self.fields['groups'].help_text = 'These groups give users different permissions'
 
210
 
 
211
            class Meta(UserChangeForm.Meta):
 
212
                fields = ('groups',)
 
213
 
 
214
        # Just check we can create it
 
215
        form = MyUserForm({})
 
216
 
 
217
 
 
218
class PasswordResetFormTest(TestCase):
 
219
 
 
220
    fixtures = ['authtestdata.json']
 
221
 
 
222
    def test_invalid_email(self):
 
223
        data = {'email':'not valid'}
 
224
        form = PasswordResetForm(data)
 
225
        self.assertFalse(form.is_valid())
 
226
        self.assertEqual(form['email'].errors,
 
227
                         [u'Enter a valid e-mail address.'])
 
228
 
 
229
    def test_nonexistant_email(self):
 
230
        # Test nonexistant email address
 
231
        data = {'email':'foo@bar.com'}
 
232
        form = PasswordResetForm(data)
 
233
        self.assertFalse(form.is_valid())
 
234
        self.assertEqual(form.errors,
 
235
                         {'email': [u"That e-mail address doesn't have an associated user account. Are you sure you've registered?"]})
 
236
 
 
237
    def test_cleaned_data(self):
 
238
        # Regression test
 
239
        user = User.objects.create_user("jsmith3", "jsmith3@example.com", "test123")
 
240
        data = {'email':'jsmith3@example.com'}
 
241
        form = PasswordResetForm(data)
 
242
        self.assertTrue(form.is_valid())
 
243
        self.assertEqual(form.cleaned_data['email'], u'jsmith3@example.com')
 
244
 
 
245
 
 
246
    def test_bug_5605(self):
 
247
        # bug #5605, preserve the case of the user name (before the @ in the
 
248
        # email address) when creating a user.
 
249
        user = User.objects.create_user('forms_test2', 'tesT@EXAMple.com', 'test')
 
250
        self.assertEqual(user.email, 'tesT@example.com')
 
251
        user = User.objects.create_user('forms_test3', 'tesT', 'test')
 
252
        self.assertEqual(user.email, 'tesT')