kallithea Changeset - caaf0d07c168

Changeset - caaf0d07c168

Parent rev.

Child rev.

[Not reviewed]

default

0 4 0

Mads Kiilerich - 10 years ago 2015-07-31 15:44:07
madski@unity3d.com

auth: make ValidPasswordsMatch more explicit and strict about which fields are being checked

4 files changed with 14 insertions and 12 deletions:

kallithea/model/forms.py

kallithea/model/validators.py

kallithea/tests/functional/test_login.py

kallithea/tests/other/test_validators.py

0 comments (0 inline, 0 general)

kallithea/model/forms.py

➞

Show inline comments

@@ @@ -99,29 +99,32 @@ def UserForm(edit=False, old_data={}): @@
+            )
             password_confirmation = All(
                 v.ValidPassword(),
                 v.UnicodeString(strip=False, min=6, not_empty=False),
+            )
             admin = v.StringBoolean(if_missing=False)
             chained_validators = [v.ValidPasswordsMatch('new_password',
                                                         'password_confirmation')]
         else:
             password = All(
                 v.ValidPassword(),
                 v.UnicodeString(strip=False, min=6, not_empty=True)
+            )
             password_confirmation = All(
                 v.ValidPassword(),
                 v.UnicodeString(strip=False, min=6, not_empty=False)
+            )
             chained_validators = [v.ValidPasswordsMatch('password',
                                                         'password_confirmation')]
         active = v.StringBoolean(if_missing=False)
         firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
         lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
         email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
         extern_name = v.UnicodeString(strip=True)
         extern_type = v.UnicodeString(strip=True)
         chained_validators = [v.ValidPasswordsMatch()]
     return _UserForm
 def UserGroupForm(edit=False, old_data={}, available_members=[]):
     class _UserGroupForm(formencode.Schema):
         allow_extra_fields = True
@@ @@ -193,13 +196,14 @@ def RegisterForm(edit=False, old_data={} @@
+        )
         active = v.StringBoolean(if_missing=False)
         firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
         lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
         email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
         chained_validators = [v.ValidPasswordsMatch()]
         chained_validators = [v.ValidPasswordsMatch('password',
                                                     'password_confirmation')]
     return _RegisterForm
 def PasswordResetForm():
     class _PasswordResetForm(formencode.Schema):

kallithea/model/validators.py

➞

Show inline comments

@@ @@ -277,25 +277,23 @@ def ValidOldPassword(username): @@
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(current_password=msg)
+                )
     return _validator
-def ValidPasswordsMatch(passwd='new_password', passwd_confirmation='password_confirmation'):
+def ValidPasswordsMatch(password_field, password_confirmation_field):
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'password_mismatch': _('Passwords do not match'),
+        }
         def validate_python(self, value, state):
             pass_val = value.get('password') or value.get(passwd)
             if pass_val != value[passwd_confirmation]:
             if value.get(password_field) != value[password_confirmation_field]:
                 msg = M(self, 'password_mismatch', state)
                 raise formencode.Invalid(msg, value, state,
-                     error_dict={passwd:msg, passwd_confirmation: msg}
+                     error_dict={password_field:msg, password_confirmation_field: msg}
+                )
     return _validator
 def ValidAuth():
     class _validator(formencode.validators.FancyValidator):

kallithea/tests/functional/test_login.py

➞

Show inline comments

@@ @@ -295,13 +295,13 @@ class TestLoginController(TestController @@
                                             {'username': 'xs',
                                              'password': '123qwe',
                                              'password_confirmation': 'qwe123',
                                              'email': 'goodmailm@test.plxa',
                                              'firstname': 'test',
                                              'lastname': 'test'})
         msg = validators.ValidPasswordsMatch()._messages['password_mismatch']
+        msg = validators.ValidPasswordsMatch('password', 'password_confirmation')._messages['password_mismatch']
         response.mustcontain(msg)
     def test_register_ok(self):
         username = 'test_regular4'
         password = 'qweqwe'
         email = 'username@test.com'

kallithea/tests/other/test_validators.py

➞

Show inline comments

@@ @@ -97,29 +97,29 @@ class TestRepoGroups(BaseTestCase): @@
         validator = v.ValidPassword()
         self.assertEqual('lol', validator.to_python('lol'))
         self.assertEqual(None, validator.to_python(None))
         self.assertRaises(formencode.Invalid, validator.to_python, 'ąćżź')
     def test_ValidPasswordsMatch(self):
         validator = v.ValidPasswordsMatch()
+        validator = v.ValidPasswordsMatch('new_password', 'password_confirmation')
         self.assertRaises(formencode.Invalid,
-                    validator.to_python, {'password': 'pass',
+                    validator.to_python, {'new_password': 'pass',
                                           'password_confirmation': 'pass2'})
         self.assertRaises(formencode.Invalid,
                     validator.to_python, {'new_password': 'pass',
                                           'password_confirmation': 'pass2'})
         self.assertEqual({'new_password': 'pass',
                           'password_confirmation': 'pass'},
                     validator.to_python({'new_password': 'pass',
                                          'password_confirmation': 'pass'}))
-        self.assertEqual({'password': 'pass',
+        self.assertEqual({'new_password': 'pass',
                           'password_confirmation': 'pass'},
-                    validator.to_python({'password': 'pass',
+                    validator.to_python({'new_password': 'pass',
                                          'password_confirmation': 'pass'}))
     def test_ValidAuth(self):
         validator = v.ValidAuth()
         valid_creds = {
             'username': TEST_USER_REGULAR2_LOGIN,

0 comments (0 inline, 0 general)