def clean_password(self): """Enforce password policies (if applicable)""" password = self.cleaned_data["password"] if ( self.enforce_username_neq_password and "username" in self.cleaned_data and self.cleaned_data["username"] == password ): raise ValidationError(_("Username and password fields cannot match")) if self.enforce_password_policy: try: validate_password_length(password) validate_password_complexity(password) validate_password_dictionary(password) except ValidationError, err: raise ValidationError(_("Password: "******"; ".join(err.messages))
def test_validate_password_max_length(self): self.password = '******' with self.assertRaisesRegexp(ValidationError,"[u'Invalid Length (must be 6 characters or less)']"): validate_password_length(self.password)
def create_account( request, post_override=None): # pylint: disable-msg=too-many-statements """ JSON call to create new edX account. Used by form in signup_modal.html, which is included into navigation.html """ js = {'success': False} # pylint: disable-msg=invalid-name post_vars = post_override if post_override else request.POST # allow for microsites to define their own set of required/optional/hidden fields extra_fields = microsite.get_value( 'REGISTRATION_EXTRA_FIELDS', getattr(settings, 'REGISTRATION_EXTRA_FIELDS', {})) if settings.FEATURES.get('ENABLE_THIRD_PARTY_AUTH') and pipeline.running( request): post_vars = dict(post_vars.items()) post_vars.update({'password': pipeline.make_random_password()}) # if doing signup for an external authorization, then get email, password, name from the eamap # don't use the ones from the form, since the user could have hacked those # unless originally we didn't get a valid email or name from the external auth DoExternalAuth = 'ExternalAuthMap' in request.session if DoExternalAuth: eamap = request.session['ExternalAuthMap'] try: validate_email(eamap.external_email) email = eamap.external_email except ValidationError: email = post_vars.get('email', '') if eamap.external_name.strip() == '': name = post_vars.get('name', '') else: name = eamap.external_name password = eamap.internal_password post_vars = dict(post_vars.items()) post_vars.update(dict(email=email, name=name, password=password)) log.debug(u'In create_account with external_auth: user = %s, email=%s', name, email) # Confirm we have a properly formed request for a in ['username', 'email', 'password', 'name']: if a not in post_vars: js['value'] = _("Error (401 {field}). E-mail us.").format(field=a) js['field'] = a return JsonResponse(js, status=400) if extra_fields.get('honor_code', 'required') == 'required' and \ post_vars.get('honor_code', 'false') != u'true': js['value'] = _("To enroll, you must follow the honor code.").format( field=a) js['field'] = 'honor_code' return JsonResponse(js, status=400) # Can't have terms of service for certain SHIB users, like at Stanford tos_required = (not settings.FEATURES.get("AUTH_USE_SHIB") or not settings.FEATURES.get("SHIB_DISABLE_TOS") or not DoExternalAuth or not eamap.external_domain.startswith( external_auth.views.SHIBBOLETH_DOMAIN_PREFIX)) if tos_required: if post_vars.get('terms_of_service', 'false') != u'true': js['value'] = _("You must accept the terms of service.").format( field=a) js['field'] = 'terms_of_service' return JsonResponse(js, status=400) # Confirm appropriate fields are there. # TODO: Check e-mail format is correct. # TODO: Confirm e-mail is not from a generic domain (mailinator, etc.)? Not sure if # this is a good idea # TODO: Check password is sane required_post_vars = ['username', 'email', 'name', 'password'] required_post_vars += [ fieldname for fieldname, val in extra_fields.items() if val == 'required' ] if tos_required: required_post_vars.append('terms_of_service') for field_name in required_post_vars: if field_name in ('gender', 'level_of_education'): min_length = 1 else: min_length = 2 if field_name not in post_vars or len( post_vars[field_name]) < min_length: error_str = { 'username': _('Username must be minimum of two characters long'), 'email': _('A properly formatted e-mail is required'), 'name': _('Your legal name must be a minimum of two characters long'), 'password': _('A valid password is required'), 'terms_of_service': _('Accepting Terms of Service is required'), 'honor_code': _('Agreeing to the Honor Code is required'), 'level_of_education': _('A level of education is required'), 'gender': _('Your gender is required'), 'year_of_birth': _('Your year of birth is required'), 'mailing_address': _('Your mailing address is required'), 'goals': _('A description of your goals is required'), 'city': _('A city is required'), 'country': _('A country is required') } if field_name in error_str: js['value'] = error_str[field_name] else: js['value'] = _('You are missing one or more required fields') js['field'] = field_name return JsonResponse(js, status=400) max_length = 75 if field_name == 'username': max_length = 30 if field_name in ('email', 'username') and len( post_vars[field_name]) > max_length: error_str = { 'username': _('Username cannot be more than {0} characters long').format( max_length), 'email': _('Email cannot be more than {0} characters long').format( max_length) } js['value'] = error_str[field_name] js['field'] = field_name return JsonResponse(js, status=400) try: validate_email(post_vars['email']) email_domain = post_vars['email'].split('@')[-1] white_list_domain = settings.FEATURES.get('WHITE_LIST_DOMAIN', []) mth = [x for x in white_list_domain if re.search(x, email_domain)] if not mth: raise ValidationError(_(u'Enter a valid e-mail.'), code='invalid') except ValidationError: js['value'] = _("Valid e-mail is required.").format(field=a) js['field'] = 'email' return JsonResponse(js, status=400) try: validate_slug(post_vars['username']) except ValidationError: js['value'] = _( "Username should only consist of A-Z and 0-9, with no spaces." ).format(field=a) js['field'] = 'username' return JsonResponse(js, status=400) # enforce password complexity as an optional feature # but not if we're doing ext auth b/c those pws never get used and are auto-generated so might not pass validation if settings.FEATURES.get('ENFORCE_PASSWORD_POLICY', False) and not DoExternalAuth: try: password = post_vars['password'] validate_password_length(password) validate_password_complexity(password) validate_password_dictionary(password) except ValidationError, err: js['value'] = _('Password: '******'; '.join(err.messages) js['field'] = 'password' return JsonResponse(js, status=400)
def test_validate_password_min_length(self): self.password = '' with self.assertRaisesRegexp(ValidationError,"[u'Invalid Length (must be 1 characters or more)']"): validate_password_length(self.password)