0001-misc-improve-invalid-login-error-message-19944.patch
src/authentic2/forms/authentication.py | ||
---|---|---|
14 | 14 |
# You should have received a copy of the GNU Affero General Public License |
15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
16 | 16 | |
17 |
import copy |
|
17 | 18 |
import math |
18 | 19 | |
19 | 20 |
from django import forms |
21 |
from django.conf import settings |
|
20 | 22 |
from django.forms.widgets import Media |
21 | 23 |
from django.utils.translation import ugettext_lazy as _, ugettext |
22 | 24 |
from django.contrib.auth import forms as auth_forms |
23 | 25 |
from django.utils import html |
26 |
from django.utils.encoding import force_text |
|
24 | 27 | |
25 | 28 |
from authentic2.forms.fields import PasswordField |
26 | 29 |
from authentic2.utils.lazy import lazy_label |
... | ... | |
129 | 132 |
if app_settings.A2_LOGIN_FORM_OU_SELECTOR: |
130 | 133 |
media = media + Media(js=['authentic2/js/ou_selector.js']) |
131 | 134 |
return media |
135 | ||
136 |
@property |
|
137 |
def error_messages(self): |
|
138 |
error_messages = copy.copy(auth_forms.AuthenticationForm.error_messages) |
|
139 |
username_label = _('Username') |
|
140 |
if app_settings.A2_USERNAME_LABEL: |
|
141 |
username_label = app_settings.A2_USERNAME_LABEL |
|
142 |
invalid_login_message = [ |
|
143 |
_('Incorrect %(username_label)s or password.') % {'username_label': username_label}, |
|
144 |
] |
|
145 |
if app_settings.A2_USER_CAN_RESET_PASSWORD is not False and getattr(settings, 'REGISTRATION_OPEN', True): |
|
146 |
invalid_login_message.append( |
|
147 |
_('Try again, use the forgotten password link below, or create an account.')) |
|
148 |
elif app_settings.A2_USER_CAN_RESET_PASSWORD is not False: |
|
149 |
invalid_login_message.append( |
|
150 |
_('Try again or use the forgotten password link below.')) |
|
151 |
elif getattr(settings, 'REGISTRATION_OPEN', True): |
|
152 |
invalid_login_message.append( |
|
153 |
_('Try again or create an account.')) |
|
154 |
error_messages['invalid_login'] = ' '.join([force_text(x) for x in invalid_login_message]) |
|
155 |
return error_messages |
tests/test_login.py | ||
---|---|---|
239 | 239 |
resp = resp.form.submit(name='login-password-submit') |
240 | 240 |
# CSRF and test cookie checks failed |
241 | 241 |
assert 'Cookies are disabled' in resp |
242 | ||
243 | ||
244 |
def test_login_error_messages(app, settings, simple_user): |
|
245 |
settings.A2_USER_CAN_RESET_PASSWORD = True |
|
246 |
settings.REGISTRATION_OPEN = True |
|
247 |
resp = app.get('/login/') |
|
248 |
resp.form.set('username', 'x') |
|
249 |
resp.form.set('password', 'y') |
|
250 |
resp = resp.form.submit(name='login-password-submit') |
|
251 |
assert 'Incorrect Username or password.' in resp |
|
252 |
assert 'use the forgotten password link below' in resp |
|
253 |
assert 'or create an account.' in resp |
|
254 | ||
255 |
settings.A2_USER_CAN_RESET_PASSWORD = False |
|
256 |
settings.REGISTRATION_OPEN = False |
|
257 |
resp.form.set('username', 'x') |
|
258 |
resp.form.set('password', 'y') |
|
259 |
resp = resp.form.submit(name='login-password-submit') |
|
260 |
assert 'Incorrect Username or password.' in resp |
|
261 |
assert 'use the forgotten password link below' not in resp |
|
262 |
assert 'or create an account.' not in resp |
|
263 | ||
264 |
settings.A2_USER_CAN_RESET_PASSWORD = True |
|
265 |
settings.REGISTRATION_OPEN = False |
|
266 |
resp.form.set('username', 'x') |
|
267 |
resp.form.set('password', 'y') |
|
268 |
resp = resp.form.submit(name='login-password-submit') |
|
269 |
assert 'Incorrect Username or password.' in resp |
|
270 |
assert 'use the forgotten password link below' in resp |
|
271 |
assert 'or create an account.' not in resp |
|
272 | ||
273 |
settings.A2_USER_CAN_RESET_PASSWORD = False |
|
274 |
settings.REGISTRATION_OPEN = True |
|
275 |
resp.form.set('username', 'x') |
|
276 |
resp.form.set('password', 'y') |
|
277 |
resp = resp.form.submit(name='login-password-submit') |
|
278 |
assert 'Incorrect Username or password.' in resp |
|
279 |
assert 'use the forgotten password link below' not in resp |
|
280 |
assert 'or create an account.' in resp |
|
242 |
- |