Projet

Général

Profil

0001-PasswordResetConfirmView-fix-handling-PasswordChange.patch

Benjamin Renard, 10 novembre 2022 15:12

Télécharger (4,82 ko)

Voir les différences: 

Subject: [PATCH] PasswordResetConfirmView: fix handling PasswordChangeError


 src/authentic2/views.py      |  6 +++-
 tests/test_ldap.py           | 54 ++++++++++++++++++++++++++++++++++++
 tests/test_password_reset.py | 21 ++++++++++++++
 3 files changed, 80 insertions(+), 1 deletion(-)
src/authentic2/views.py
994 994 
    def form_valid(self, form):
995 995 
        # Changing password by mail validate the email
996 996 
        form.user.set_email_verified(True)
997 
        form.save()
997 
        try:
998 
            form.save()
999 
        except utils_misc.PasswordChangeError as e:
1000 
            form.add_error('new_password1', e.message)
1001 
            return self.form_invalid(form)
998 1002 
        hooks.call_hooks('event', name='password-reset-confirm', user=form.user, token=self.token, form=form)
999 1003 
        logger.info('password reset for user %s with token %r', self.user, self.token.uuid)
1000 1004 
        self.token.delete()
tests/test_ldap.py
1102 1102 
    assert 'account is from ldap but it could not be retrieved' in caplog.text
1103 1103 

  		




  1104
  1104
  
    

  		




  
  1105
  
    
def test_reset_password_refused_by_ldap_server(slapd, settings, app, db, caplog):

  		




  
  1106
  
    
    settings.LDAP_AUTH_SETTINGS = [

  		




  
  1107
  
    
        {

  		




  
  1108
  
    
            'url': [slapd.ldap_url],

  		




  
  1109
  
    
            'binddn': force_str(slapd.root_bind_dn),

  		




  
  1110
  
    
            'bindpw': force_str(slapd.root_bind_password),

  		




  
  1111
  
    
            'basedn': 'o=ôrga',

  		




  
  1112
  
    
            'use_tls': False,

  		




  
  1113
  
    
            'attributes': ['uid', 'carLicense'],

  		




  
  1114
  
    
            'can_reset_password': True,

  		




  
  1115
  
    
        }

  		




  
  1116
  
    
    ]

  		




  
  1117
  
    

  		




  
  1118
  
    
    assert User.objects.count() == 0

  		




  
  1119
  
    
    # first login

  		




  
  1120
  
    
    response = app.get('/login/')

  		




  
  1121
  
    
    response.form['username'] = USERNAME

  		




  
  1122
  
    
    response.form['password'] = PASS

  		




  
  1123
  
    
    response = response.form.submit('login-password-submit').follow()

  		




  
  1124
  
    
    assert User.objects.count() == 1

  		




  
  1125
  
    
    assert 'Étienne Michu' in str(response)

  		




  
  1126
  
    
    user = User.objects.get()

  		




  
  1127
  
    
    assert user.email == EMAIL

  		




  
  1128
  
    
    # logout

  		




  
  1129
  
    
    response = response.click('Logout').maybe_follow()

  		




  
  1130
  
    

  		




  
  1131
  
    
    # password reset

  		




  
  1132
  
    
    response = response.click('Reset it!')

  		




  
  1133
  
    
    response.form['email'] = EMAIL

  		




  
  1134
  
    
    assert len(mail.outbox) == 0

  		




  
  1135
  
    
    response = response.form.submit()

  		




  
  1136
  
    
    assert response['Location'].endswith('/instructions/')

  		




  
  1137
  
    
    assert len(mail.outbox) == 1

  		




  
  1138
  
    
    url = utils.get_link_from_mail(mail.outbox[0])

  		




  
  1139
  
    
    relative_url = url.split('testserver')[1]

  		




  
  1140
  
    
    response = app.get(relative_url, status=200)

  		




  
  1141
  
    
    response.form.set('new_password1', '1234==aA')

  		




  
  1142
  
    
    response.form.set('new_password2', '1234==aA')

  		




  
  1143
  
    

  		




  
  1144
  
    
    # Make LDAP directory as read-only to trigger an error

  		




  
  1145
  
    
    conn = slapd.get_connection_admin()

  		




  
  1146
  
    
    ldif = [

  		




  
  1147
  
    
        (

  		




  
  1148
  
    
            ldap.MOD_REPLACE,

  		




  
  1149
  
    
            'olcReadOnly',

  		




  
  1150
  
    
            b'TRUE',

  		




  
  1151
  
    
        )

  		




  
  1152
  
    
    ]

  		




  
  1153
  
    
    conn.modify_s('olcDatabase={%s}mdb,cn=config' % (slapd.db_index - 1), ldif)

  		




  
  1154
  
    

  		




  
  1155
  
    
    response = response.form.submit()

  		




  
  1156
  
    
    assert 'LDAP directory refused the password change' in response

  		




  
  1157
  
    

  		




  
  1158
  
    

  		




  1105
  1159
  
    
def test_user_cannot_change_password(slapd, settings, app, db):

  		




  1106
  1160
  
    
    settings.LDAP_AUTH_SETTINGS = [

  		




  1107
  1161
  
    
        {

  		












  

    
      tests/test_password_reset.py
    
  





  68
  68
  
    
        app.get(url, status=404)

  		




  69
  69
  
    

  		




  70
  70
  
    

  		




  
  71
  
    
def test_reset_by_email_passwords_not_match(app, simple_user, mailoutbox, settings):

  		




  
  72
  
    
    url = reverse('password_reset')

  		




  
  73
  
    
    resp = app.get(url, status=200)

  		




  
  74
  
    
    resp.form.set('email', simple_user.email)

  		




  
  75
  
    
    assert len(mailoutbox) == 0

  		




  
  76
  
    
    settings.DEFAULT_FROM_EMAIL = 'show only addr <noreply@example.net>'

  		




  
  77
  
    
    resp = resp.form.submit()

  		




  
  78
  
    
    utils.assert_event('user.password.reset.request', user=simple_user, email=simple_user.email)

  		




  
  79
  
    
    assert resp['Location'].endswith('/instructions/')

  		




  
  80
  
    
    resp = resp.follow()

  		




  
  81
  
    
    assert len(mailoutbox) == 1

  		




  
  82
  
    
    url = utils.get_link_from_mail(mailoutbox[0])

  		




  
  83
  
    
    relative_url = url.split('testserver')[1]

  		




  
  84
  
    
    resp = app.get(relative_url, status=200)

  		




  
  85
  
    
    resp.form.set('new_password1', '1234==aA')

  		




  
  86
  
    
    resp.form.set('new_password2', '1234')

  		




  
  87
  
    
    resp = resp.form.submit()

  		




  
  88
  
    

  		




  
  89
  
    
    assert 'Passwords do not match.' in resp

  		




  
  90
  
    

  		




  
  91
  
    

  		




  71
  92
  
    
def test_can_reset_by_username(app, db, simple_user, settings, mailoutbox):

  		




  72
  93
  
    
    resp = app.get('/password/reset/')

  		




  73
  94
  
    
    assert 'email_or_username' not in resp.form.fields

  		




  74
  
  
    
-