Projet

Général

Profil

0001-misc-improve-invalid-login-error-message-19944.patch

Frédéric Péters, 02 août 2020 16:55

Télécharger (4,5 ko)

Voir les différences: 

Subject: [PATCH] misc: improve invalid login error message (#19944)


 src/authentic2/forms/authentication.py | 24 ++++++++++++++++
 tests/test_login.py                    | 39 ++++++++++++++++++++++++++
 2 files changed, 63 insertions(+)
src/authentic2/forms/authentication.py
14 14 
# You should have received a copy of the GNU Affero General Public License
15 15 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
16 16 

  		




  
  17
  
    
import copy

  		




  17
  18
  
    
import math

  		




  18
  19
  
    

  		




  19
  20
  
    
from django import forms

  		




  
  21
  
    
from django.conf import settings

  		




  20
  22
  
    
from django.forms.widgets import Media

  		




  21
  23
  
    
from django.utils.translation import ugettext_lazy as _, ugettext

  		




  22
  24
  
    
from django.contrib.auth import forms as auth_forms

  		




  23
  25
  
    
from django.utils import html

  		




  
  26
  
    
from django.utils.encoding import force_text

  		




  24
  27
  
    

  		




  25
  28
  
    
from authentic2.forms.fields import PasswordField

  		




  26
  29
  
    
from authentic2.utils.lazy import lazy_label

  		




  ......




  129
  132
  
    
        if app_settings.A2_LOGIN_FORM_OU_SELECTOR:

  		




  130
  133
  
    
            media = media + Media(js=['authentic2/js/ou_selector.js'])

  		




  131
  134
  
    
        return media

  		




  
  135
  
    

  		




  
  136
  
    
    @property

  		




  
  137
  
    
    def error_messages(self):

  		




  
  138
  
    
        error_messages = copy.copy(auth_forms.AuthenticationForm.error_messages)

  		




  
  139
  
    
        username_label = _('Username')

  		




  
  140
  
    
        if app_settings.A2_USERNAME_LABEL:

  		




  
  141
  
    
            username_label = app_settings.A2_USERNAME_LABEL

  		




  
  142
  
    
        invalid_login_message = [

  		




  
  143
  
    
                _('Incorrect %(username_label)s or password.') % {'username_label': username_label},

  		




  
  144
  
    
        ]

  		




  
  145
  
    
        if app_settings.A2_USER_CAN_RESET_PASSWORD is not False and getattr(settings, 'REGISTRATION_OPEN', True):

  		




  
  146
  
    
            invalid_login_message.append(

  		




  
  147
  
    
                    _('Try again, use the forgotten password link below, or create an account.'))

  		




  
  148
  
    
        elif app_settings.A2_USER_CAN_RESET_PASSWORD is not False:

  		




  
  149
  
    
            invalid_login_message.append(

  		




  
  150
  
    
                    _('Try again or use the forgotten password link below.'))

  		




  
  151
  
    
        elif getattr(settings, 'REGISTRATION_OPEN', True):

  		




  
  152
  
    
            invalid_login_message.append(

  		




  
  153
  
    
                    _('Try again or create an account.'))

  		




  
  154
  
    
        error_messages['invalid_login'] = ' '.join([force_text(x) for x in invalid_login_message])

  		




  
  155
  
    
        return error_messages

  		












  

    
      tests/test_login.py
    
  





  239
  239
  
    
    resp = resp.form.submit(name='login-password-submit')

  		




  240
  240
  
    
    # CSRF and test cookie checks failed

  		




  241
  241
  
    
    assert 'Cookies are disabled' in resp

  		




  
  242
  
    

  		




  
  243
  
    

  		




  
  244
  
    
def test_login_error_messages(app, settings, simple_user):

  		




  
  245
  
    
    settings.A2_USER_CAN_RESET_PASSWORD = True

  		




  
  246
  
    
    settings.REGISTRATION_OPEN = True

  		




  
  247
  
    
    resp = app.get('/login/')

  		




  
  248
  
    
    resp.form.set('username', 'x')

  		




  
  249
  
    
    resp.form.set('password', 'y')

  		




  
  250
  
    
    resp = resp.form.submit(name='login-password-submit')

  		




  
  251
  
    
    assert 'Incorrect Username or password.' in resp

  		




  
  252
  
    
    assert 'use the forgotten password link below' in resp

  		




  
  253
  
    
    assert 'or create an account.' in resp

  		




  
  254
  
    

  		




  
  255
  
    
    settings.A2_USER_CAN_RESET_PASSWORD = False

  		




  
  256
  
    
    settings.REGISTRATION_OPEN = False

  		




  
  257
  
    
    resp.form.set('username', 'x')

  		




  
  258
  
    
    resp.form.set('password', 'y')

  		




  
  259
  
    
    resp = resp.form.submit(name='login-password-submit')

  		




  
  260
  
    
    assert 'Incorrect Username or password.' in resp

  		




  
  261
  
    
    assert 'use the forgotten password link below' not in resp

  		




  
  262
  
    
    assert 'or create an account.' not in resp

  		




  
  263
  
    

  		




  
  264
  
    
    settings.A2_USER_CAN_RESET_PASSWORD = True

  		




  
  265
  
    
    settings.REGISTRATION_OPEN = False

  		




  
  266
  
    
    resp.form.set('username', 'x')

  		




  
  267
  
    
    resp.form.set('password', 'y')

  		




  
  268
  
    
    resp = resp.form.submit(name='login-password-submit')

  		




  
  269
  
    
    assert 'Incorrect Username or password.' in resp

  		




  
  270
  
    
    assert 'use the forgotten password link below' in resp

  		




  
  271
  
    
    assert 'or create an account.' not in resp

  		




  
  272
  
    

  		




  
  273
  
    
    settings.A2_USER_CAN_RESET_PASSWORD = False

  		




  
  274
  
    
    settings.REGISTRATION_OPEN = True

  		




  
  275
  
    
    resp.form.set('username', 'x')

  		




  
  276
  
    
    resp.form.set('password', 'y')

  		




  
  277
  
    
    resp = resp.form.submit(name='login-password-submit')

  		




  
  278
  
    
    assert 'Incorrect Username or password.' in resp

  		




  
  279
  
    
    assert 'use the forgotten password link below' not in resp

  		




  
  280
  
    
    assert 'or create an account.' in resp

  		




  242
  
  
    
-