def test_too_frequent_password_resets(self): """ Assert that a user should not be able to password reset too frequently """ student = self._user_factory_with_history() grandfathered_student = self._user_factory_with_history(set_initial_history=False) self.assertTrue(PasswordHistory.is_password_reset_too_soon(student)) self.assertFalse(PasswordHistory.is_password_reset_too_soon(grandfathered_student)) staff_reset_time = timezone.now() + timedelta(days=100) with freeze_time(staff_reset_time): self.assertFalse(PasswordHistory.is_password_reset_too_soon(student))
def test_disabled_too_frequent_password_resets(self): """ Verify properly default behavior when feature is disabled """ student = self._user_factory_with_history() self.assertFalse(PasswordHistory.is_password_reset_too_soon(student))
def _validate_password_security(password, user): """ Check password reuse and similar operational security policy considerations. """ # Check reuse if not PasswordHistory.is_allowable_password_reuse(user, password): if user.is_staff: num_distinct = settings.ADVANCED_SECURITY_CONFIG[ 'MIN_DIFFERENT_STAFF_PASSWORDS_BEFORE_REUSE'] else: num_distinct = settings.ADVANCED_SECURITY_CONFIG[ 'MIN_DIFFERENT_STUDENT_PASSWORDS_BEFORE_REUSE'] raise SecurityPolicyError( ungettext( "You are re-using a password that you have used recently. " "You must have {num} distinct password before reusing a previous password.", "You are re-using a password that you have used recently. " "You must have {num} distinct passwords before reusing a previous password.", num_distinct).format(num=num_distinct)) # Check reset frequency if PasswordHistory.is_password_reset_too_soon(user): num_days = settings.ADVANCED_SECURITY_CONFIG[ 'MIN_TIME_IN_DAYS_BETWEEN_ALLOWED_RESETS'] raise SecurityPolicyError( ungettext( "You are resetting passwords too frequently. Due to security policies, " "{num} day must elapse between password resets.", "You are resetting passwords too frequently. Due to security policies, " "{num} days must elapse between password resets.", num_days).format(num=num_days))
def validate_password_security(password, user): """ Check password reuse and similar operational security policy considerations. """ # Check reuse if not PasswordHistory.is_allowable_password_reuse(user, password): if user.is_staff: num_distinct = settings.ADVANCED_SECURITY_CONFIG['MIN_DIFFERENT_STAFF_PASSWORDS_BEFORE_REUSE'] else: num_distinct = settings.ADVANCED_SECURITY_CONFIG['MIN_DIFFERENT_STUDENT_PASSWORDS_BEFORE_REUSE'] raise SecurityPolicyError(ungettext( "You are re-using a password that you have used recently. " "You must have {num} distinct password before reusing a previous password.", "You are re-using a password that you have used recently. " "You must have {num} distinct passwords before reusing a previous password.", num_distinct ).format(num=num_distinct)) # Check reset frequency if PasswordHistory.is_password_reset_too_soon(user): num_days = settings.ADVANCED_SECURITY_CONFIG['MIN_TIME_IN_DAYS_BETWEEN_ALLOWED_RESETS'] raise SecurityPolicyError(ungettext( "You are resetting passwords too frequently. Due to security policies, " "{num} day must elapse between password resets.", "You are resetting passwords too frequently. Due to security policies, " "{num} days must elapse between password resets.", num_days ).format(num=num_days))