0001-PasswordResetConfirmView-fix-handling-PasswordChange.patch
src/authentic2/views.py | ||
---|---|---|
994 | 994 |
def form_valid(self, form): |
995 | 995 |
# Changing password by mail validate the email |
996 | 996 |
form.user.set_email_verified(True) |
997 |
form.save() |
|
997 |
try: |
|
998 |
form.save() |
|
999 |
except utils_misc.PasswordChangeError as e: |
|
1000 |
form.add_error('new_password1', e.message) |
|
1001 |
return self.form_invalid(form) |
|
998 | 1002 |
hooks.call_hooks('event', name='password-reset-confirm', user=form.user, token=self.token, form=form) |
999 | 1003 |
logger.info('password reset for user %s with token %r', self.user, self.token.uuid) |
1000 | 1004 |
self.token.delete() |
tests/test_ldap.py | ||
---|---|---|
1102 | 1102 |
assert 'account is from ldap but it could not be retrieved' in caplog.text |
1103 | 1103 | |
1104 | 1104 | |
1105 |
def test_reset_password_refused_by_ldap_server(slapd, settings, app, db, caplog): |
|
1106 |
settings.LDAP_AUTH_SETTINGS = [ |
|
1107 |
{ |
|
1108 |
'url': [slapd.ldap_url], |
|
1109 |
'binddn': force_str(slapd.root_bind_dn), |
|
1110 |
'bindpw': force_str(slapd.root_bind_password), |
|
1111 |
'basedn': 'o=ôrga', |
|
1112 |
'use_tls': False, |
|
1113 |
'attributes': ['uid', 'carLicense'], |
|
1114 |
'can_reset_password': True, |
|
1115 |
} |
|
1116 |
] |
|
1117 | ||
1118 |
assert User.objects.count() == 0 |
|
1119 |
# first login |
|
1120 |
response = app.get('/login/') |
|
1121 |
response.form['username'] = USERNAME |
|
1122 |
response.form['password'] = PASS |
|
1123 |
response = response.form.submit('login-password-submit').follow() |
|
1124 |
assert User.objects.count() == 1 |
|
1125 |
assert 'Étienne Michu' in str(response) |
|
1126 |
user = User.objects.get() |
|
1127 |
assert user.email == EMAIL |
|
1128 |
# logout |
|
1129 |
response = response.click('Logout').maybe_follow() |
|
1130 | ||
1131 |
# password reset |
|
1132 |
response = response.click('Reset it!') |
|
1133 |
response.form['email'] = EMAIL |
|
1134 |
assert len(mail.outbox) == 0 |
|
1135 |
response = response.form.submit() |
|
1136 |
assert response['Location'].endswith('/instructions/') |
|
1137 |
assert len(mail.outbox) == 1 |
|
1138 |
url = utils.get_link_from_mail(mail.outbox[0]) |
|
1139 |
relative_url = url.split('testserver')[1] |
|
1140 |
response = app.get(relative_url, status=200) |
|
1141 |
response.form.set('new_password1', '1234==aA') |
|
1142 |
response.form.set('new_password2', '1234==aA') |
|
1143 | ||
1144 |
# Make LDAP directory as read-only to trigger an error |
|
1145 |
conn = slapd.get_connection_admin() |
|
1146 |
ldif = [ |
|
1147 |
( |
|
1148 |
ldap.MOD_REPLACE, |
|
1149 |
'olcReadOnly', |
|
1150 |
b'TRUE', |
|
1151 |
) |
|
1152 |
] |
|
1153 |
conn.modify_s('olcDatabase={%s}mdb,cn=config' % (slapd.db_index - 1), ldif) |
|
1154 | ||
1155 |
response = response.form.submit() |
|
1156 |
assert 'LDAP directory refused the password change' in response |
|
1157 | ||
1158 | ||
1105 | 1159 |
def test_user_cannot_change_password(slapd, settings, app, db): |
1106 | 1160 |
settings.LDAP_AUTH_SETTINGS = [ |
1107 | 1161 |
{ |
tests/test_password_reset.py | ||
---|---|---|
68 | 68 |
app.get(url, status=404) |
69 | 69 | |
70 | 70 | |
71 |
def test_reset_by_email_passwords_not_match(app, simple_user, mailoutbox, settings): |
|
72 |
url = reverse('password_reset') |
|
73 |
resp = app.get(url, status=200) |
|
74 |
resp.form.set('email', simple_user.email) |
|
75 |
assert len(mailoutbox) == 0 |
|
76 |
settings.DEFAULT_FROM_EMAIL = 'show only addr <noreply@example.net>' |
|
77 |
resp = resp.form.submit() |
|
78 |
utils.assert_event('user.password.reset.request', user=simple_user, email=simple_user.email) |
|
79 |
assert resp['Location'].endswith('/instructions/') |
|
80 |
resp = resp.follow() |
|
81 |
assert len(mailoutbox) == 1 |
|
82 |
url = utils.get_link_from_mail(mailoutbox[0]) |
|
83 |
relative_url = url.split('testserver')[1] |
|
84 |
resp = app.get(relative_url, status=200) |
|
85 |
resp.form.set('new_password1', '1234==aA') |
|
86 |
resp.form.set('new_password2', '1234') |
|
87 |
resp = resp.form.submit() |
|
88 | ||
89 |
assert 'Passwords do not match.' in resp |
|
90 | ||
91 | ||
71 | 92 |
def test_can_reset_by_username(app, db, simple_user, settings, mailoutbox): |
72 | 93 |
resp = app.get('/password/reset/') |
73 | 94 |
assert 'email_or_username' not in resp.form.fields |
74 |
- |