Merge pull request #2229 from bookwyrm-social/password-validation

Password validation
2022-07-15 11:53:27 -07:00 · 2022-07-15 11:53:27 -07:00 · 086ec10849
commit 086ec10849
parent b66ce2e6a5 65117fe3c6
9 changed files with 158 additions and 63 deletions
--- a/bookwyrm/tests/views/landing/test_password.py
+++ b/bookwyrm/tests/views/landing/test_password.py
@ -104,7 +104,9 @@ class PasswordViews(TestCase):
        """reset from code"""
        view = views.PasswordReset.as_view()
        code = models.PasswordReset.objects.create(user=self.local_user)
-        request = self.factory.post("", {"password": "hi", "confirm-password": "hi"})
+        request = self.factory.post(
+            "", {"password": "longwordsecure", "confirm_password": "longwordsecure"}
+        )
        with patch("bookwyrm.views.landing.password.login"):
            resp = view(request, code.code)
        self.assertEqual(resp.status_code, 302)
@ -114,7 +116,9 @@ class PasswordViews(TestCase):
        """reset from code"""
        view = views.PasswordReset.as_view()
        models.PasswordReset.objects.create(user=self.local_user)
-        request = self.factory.post("", {"password": "hi", "confirm-password": "hi"})
+        request = self.factory.post(
+            "", {"password": "longwordsecure", "confirm_password": "longwordsecure"}
+        )
        resp = view(request, "jhgdkfjgdf")
        validate_html(resp.render())
        self.assertTrue(models.PasswordReset.objects.exists())
@ -123,7 +127,18 @@ class PasswordViews(TestCase):
        """reset from code"""
        view = views.PasswordReset.as_view()
        code = models.PasswordReset.objects.create(user=self.local_user)
-        request = self.factory.post("", {"password": "hi", "confirm-password": "hihi"})
+        request = self.factory.post(
+            "", {"password": "longwordsecure", "confirm_password": "hihi"}
+        )
+        resp = view(request, code.code)
+        validate_html(resp.render())
+        self.assertTrue(models.PasswordReset.objects.exists())
+
+    def test_password_reset_invalid(self):
+        """reset from code"""
+        view = views.PasswordReset.as_view()
+        code = models.PasswordReset.objects.create(user=self.local_user)
+        request = self.factory.post("", {"password": "a", "confirm_password": "a"})
        resp = view(request, code.code)
        validate_html(resp.render())
        self.assertTrue(models.PasswordReset.objects.exists())
--- a/bookwyrm/tests/views/landing/test_register.py
+++ b/bookwyrm/tests/views/landing/test_register.py
@ -122,6 +122,17 @@ class RegisterViews(TestCase):
        self.assertEqual(models.User.objects.count(), 1)
        validate_html(response.render())

+    def test_register_invalid_password(self, *_):
+        """gotta have an email"""
+        view = views.Register.as_view()
+        self.assertEqual(models.User.objects.count(), 1)
+        request = self.factory.post(
+            "register/", {"localname": "nutria", "password": "password", "email": "aa"}
+        )
+        response = view(request)
+        self.assertEqual(models.User.objects.count(), 1)
+        validate_html(response.render())
+
    def test_register_error_and_invite(self, *_):
        """redirect to the invite page"""
        view = views.Register.as_view()
--- a/bookwyrm/tests/views/preferences/test_change_password.py
+++ b/bookwyrm/tests/views/preferences/test_change_password.py
@ -46,14 +46,15 @@ class ChangePasswordViews(TestCase):
            "",
            {
                "current_password": "password",
-                "password": "hi",
-                "confirm-password": "hi",
+                "password": "longwordsecure",
+                "confirm_password": "longwordsecure",
            },
        )
        request.user = self.local_user
        with patch("bookwyrm.views.preferences.change_password.login"):
            result = view(request)
        validate_html(result.render())
+        self.local_user.refresh_from_db()
        self.assertNotEqual(self.local_user.password, password_hash)

    def test_password_change_wrong_current(self):
@ -64,13 +65,14 @@ class ChangePasswordViews(TestCase):
            "",
            {
                "current_password": "not my password",
-                "password": "hi",
-                "confirm-password": "hihi",
+                "password": "longwordsecure",
+                "confirm_password": "hihi",
            },
        )
        request.user = self.local_user
        result = view(request)
        validate_html(result.render())
+        self.local_user.refresh_from_db()
        self.assertEqual(self.local_user.password, password_hash)

    def test_password_change_mismatch(self):
@ -81,11 +83,30 @@ class ChangePasswordViews(TestCase):
            "",
            {
                "current_password": "password",
-                "password": "hi",
-                "confirm-password": "hihi",
+                "password": "longwordsecure",
+                "confirm_password": "hihi",
            },
        )
        request.user = self.local_user
        result = view(request)
        validate_html(result.render())
+        self.local_user.refresh_from_db()
+        self.assertEqual(self.local_user.password, password_hash)
+
+    def test_password_change_invalid(self):
+        """change password"""
+        view = views.ChangePassword.as_view()
+        password_hash = self.local_user.password
+        request = self.factory.post(
+            "",
+            {
+                "current_password": "password",
+                "password": "hi",
+                "confirm_password": "hi",
+            },
+        )
+        request.user = self.local_user
+        result = view(request)
+        validate_html(result.render())
+        self.local_user.refresh_from_db()
        self.assertEqual(self.local_user.password, password_hash)