def test_set_unusable_password(self): pwd = 'password' u = XmppUser.objects.create(jid='*****@*****.**') xmpp_backend.create_user(u.node, u.domain, pwd) self.assertTrue(u.check_password(pwd)) self.assertTrue(xmpp_backend.check_password(u.node, u.domain, pwd)) u.set_unusable_password() self.assertFalse(u.check_password(pwd)) self.assertFalse(xmpp_backend.check_password(u.node, u.domain, pwd))
def form_valid(self, form): password = form.cleaned_data['password'] request = self.request user = request.user if not xmpp_backend.check_password(user.node, user.domain, password=password): form.add_error('password', _('The password is incorrect.')) return self.form_invalid(form) address = request.META['REMOTE_ADDR'] lang = request.LANGUAGE_CODE base_url = '%s://%s' % (request.scheme, request.get_host()) send_confirmation_task.delay( user_pk=user.pk, purpose=PURPOSE_DELETE, language=lang, address=address, to=user.email, base_url=base_url, hostname=request.site['NAME']) messages.success(request, _( 'We sent you an email to %(email)s to confirm your request.') % {'email': user.email, }) user.log(ugettext_noop('Requested deletion of account.'), address) stat(STAT_DELETE_ACCOUNT) AddressActivity.objects.log(request, ACTIVITY_SET_EMAIL, note=user.email) return HttpResponseRedirect(reverse('account:detail'))
def test_registration(self): """Test basic registration.""" self.selenium.get('%s%s' % (self.live_server_url, reverse('account:register'))) #fg_username = self.find('#fg_username') node = self.selenium.find_element_by_id('id_username_0') #domain = self.selenium.find_element_by_id('id_username_1') #fg_email = self.find('#fg_email') email = self.selenium.find_element_by_id('id_email') node.send_keys(NODE) email.send_keys(EMAIL) self.wait_for_valid_form() with self.mock_celery() as mocked, freeze_time(NOW_STR): self.selenium.find_element_by_css_selector('button[type="submit"]').click() self.wait_for_page_load() self.assertTaskCount(mocked, 1) user = User.objects.get(username='******' % (NODE, DOMAIN)) lang = get_language().split('-', 1)[0] site = settings.XMPP_HOSTS[settings.DEFAULT_XMPP_HOST] self.assertTaskCall( mocked, send_confirmation_task, user_pk=user.pk, purpose=PURPOSE_REGISTER, to=EMAIL, hostname=site['NAME'], base_url=self.live_server_url, language=lang, address='127.0.0.1' ) self.assertEqual(len(mail.outbox), 1) self.assertEqual(user.registered, NOW) self.assertEqual(user.last_activity, NOW) self.assertIsNone(user.confirmed) self.assertFalse(user.created_in_backend) self.assertFalse(user.blocked) self.assertDisplayed('#email-confirmed.table-danger') confirmation = Confirmation.objects.get(user=user, purpose=PURPOSE_REGISTER) self.selenium.get('%s%s' % (self.live_server_url, confirmation.urlpath)) self.wait_for_page_load() self.find('#id_new_password1').send_keys(PWD) self.find('#id_new_password2').send_keys(PWD) self.wait_for_valid_form() with freeze_time(NOW2_STR): self.find('button[type="submit"]').click() self.wait_for_page_load() # get user again user = User.objects.get(username='******' % (NODE, DOMAIN)) self.assertEqual(user.confirmed, NOW2) # TODO: currently not updated? #self.assertEqual(user.last_activity, NOW2) self.assertTrue(user.check_password(PWD)) self.assertTrue(xmpp_backend.check_password(user.node, user.domain, PWD)) # just to be sure self.assertTrue(user.created_in_backend) self.assertFalse(user.blocked) self.assertDisplayed('#email-confirmed.table-success')
def form_valid(self, form): password = form.cleaned_data['password'] request = self.request user = request.user # Check the password of the user again if not xmpp_backend.check_password(user.node, user.domain, password=password): form.add_error('password', _('The password is incorrect.')) return self.form_invalid(form) # Verify the confirmation key key = get_object_or_404(self.queryset.filter(user=user), key=self.kwargs['key']) # Log the user out, delete data logout(request) xmpp_backend.remove_user(user.node, user.domain) key.delete() user.delete() stat(STAT_DELETE_ACCOUNT_CONFIRMED) return HttpResponseRedirect(reverse('blog:home'))
def test_password_validation(self): user = User.objects.create(username=JID, email=EMAIL) addr = Address.objects.create(address='127.0.0.1') conf = Confirmation.objects.create(user=user, purpose=PURPOSE_REGISTER, language='en', address=addr, to=EMAIL) self.selenium.get('%s%s' % (self.live_server_url, conf.urlpath)) self.wait_for_page_load() fg_pwd = self.find('#fg_new_password1') pwd = fg_pwd.find_element_by_css_selector('#id_new_password1') fg_pwd2 = self.find('#fg_new_password2') pwd2 = fg_pwd2.find_element_by_css_selector('#id_new_password2') self.assertNotValidated(fg_pwd, pwd) self.assertNotValidated(fg_pwd2, pwd2) pwd.send_keys(PWD) pwd2.send_keys(PWD2) self.wait_for_valid(pwd) self.wait_for_invalid(pwd2) self.assertValid(fg_pwd, pwd) self.assertInvalid(fg_pwd2, pwd2, 'password_mismatch') # clear input - it's required though for i in range(0, len(PWD2)): pwd2.send_keys(Keys.BACKSPACE) self.assertValid(fg_pwd, pwd) self.assertInvalid(fg_pwd2, pwd2, 'required') # test server-side validation for i in range(0, len(PWD)): pwd.send_keys(Keys.BACKSPACE) pwd.send_keys('12345678') pwd2.send_keys('12345678') self.wait_for_valid(pwd) self.wait_for_valid(pwd2) self.assertValid(fg_pwd, pwd) self.assertValid(fg_pwd2, pwd2) self.find('button[type="submit"]').click() self.wait_for_page_load() fg_pwd = self.find('#fg_new_password1') pwd = fg_pwd.find_element_by_css_selector('#id_new_password1') fg_pwd2 = self.find('#fg_new_password2') pwd2 = fg_pwd2.find_element_by_css_selector('#id_new_password2') self.assertInvalid(fg_pwd, pwd, 'password_entirely_numeric', 'password_too_common') self.assertInvalid(fg_pwd2, pwd2, 'password_entirely_numeric', 'password_too_common') # Send JID as password, which is always "too similar" pwd.send_keys(JID) pwd2.send_keys(JID) self.find('button[type="submit"]').click() self.wait_for_page_load() fg_pwd = self.find('#fg_new_password1') pwd = fg_pwd.find_element_by_css_selector('#id_new_password1') fg_pwd2 = self.find('#fg_new_password2') pwd2 = fg_pwd2.find_element_by_css_selector('#id_new_password2') self.assertInvalid(fg_pwd, pwd, 'password_too_similar') self.assertInvalid(fg_pwd2, pwd2, 'password_too_similar') # Send very common password pwd.send_keys(COMMON_PWD) pwd2.send_keys(COMMON_PWD) self.wait_for_valid(pwd) self.wait_for_valid(pwd2) self.assertValid(fg_pwd, pwd) self.assertValid(fg_pwd2, pwd2) self.wait_for_valid_form() with freeze_time(NOW2_STR): self.find('button[type="submit"]').click() self.wait_for_page_load() fg_pwd = self.find('#fg_new_password1') pwd = fg_pwd.find_element_by_css_selector('#id_new_password1') fg_pwd2 = self.find('#fg_new_password2') pwd2 = fg_pwd2.find_element_by_css_selector('#id_new_password2') self.assertInvalid(fg_pwd, pwd, 'password_too_common') self.assertInvalid(fg_pwd2, pwd2, 'password_too_common') # send correct password pwd.send_keys(PWD) pwd2.send_keys(PWD) self.wait_for_valid(pwd2) self.assertValid(fg_pwd, pwd) self.assertValid(fg_pwd2, pwd2) self.wait_for_valid_form() with freeze_time(NOW2_STR): self.find('button[type="submit"]').click() self.wait_for_page_load() # get user again user = User.objects.get(username='******' % (NODE, DOMAIN)) self.assertEqual(user.confirmed, NOW2) # TODO: currently not updated? #self.assertEqual(user.last_activity, NOW2) self.assertTrue(user.created_in_backend) self.assertTrue(user.check_password(PWD)) self.assertTrue( xmpp_backend.check_password(user.node, user.domain, PWD)) # just to be sure self.assertFalse(user.blocked)
def test_password_validation(self): user = User.objects.create(username=JID, email=EMAIL) addr = Address.objects.create(address='127.0.0.1') conf = Confirmation.objects.create(user=user, purpose=PURPOSE_REGISTER, language='en', address=addr, to=EMAIL) self.selenium.get('%s%s' % (self.live_server_url, conf.urlpath)) self.wait_for_page_load() fg_pwd = self.find('#fg_new_password1') pwd = fg_pwd.find_element_by_css_selector('#id_new_password1') fg_pwd2 = self.find('#fg_new_password2') pwd2 = fg_pwd2.find_element_by_css_selector('#id_new_password2') self.assertNotValidated(fg_pwd, pwd) self.assertNotValidated(fg_pwd2, pwd2) pwd.send_keys(PWD) pwd2.send_keys(PWD2) self.wait_for_valid(pwd) self.wait_for_invalid(pwd2) self.assertValid(fg_pwd, pwd) self.assertInvalid(fg_pwd2, pwd2, 'password_mismatch') # clear input - it's required though for i in range(0, len(PWD2)): pwd2.send_keys(Keys.BACKSPACE) self.assertValid(fg_pwd, pwd) self.assertInvalid(fg_pwd2, pwd2, 'required') # test server-side validation for i in range(0, len(PWD)): pwd.send_keys(Keys.BACKSPACE) pwd.send_keys('12345678') pwd2.send_keys('12345678') self.wait_for_valid(pwd) self.wait_for_valid(pwd2) self.assertValid(fg_pwd, pwd) self.assertValid(fg_pwd2, pwd2) self.find('button[type="submit"]').click() self.wait_for_page_load() fg_pwd = self.find('#fg_new_password1') pwd = fg_pwd.find_element_by_css_selector('#id_new_password1') fg_pwd2 = self.find('#fg_new_password2') pwd2 = fg_pwd2.find_element_by_css_selector('#id_new_password2') self.assertInvalid(fg_pwd, pwd, 'password_entirely_numeric', 'password_too_common') self.assertInvalid(fg_pwd2, pwd2, 'password_entirely_numeric', 'password_too_common') # Send JID as password, which is always "too similar" pwd.send_keys(JID) pwd2.send_keys(JID) self.find('button[type="submit"]').click() self.wait_for_page_load() fg_pwd = self.find('#fg_new_password1') pwd = fg_pwd.find_element_by_css_selector('#id_new_password1') fg_pwd2 = self.find('#fg_new_password2') pwd2 = fg_pwd2.find_element_by_css_selector('#id_new_password2') self.assertInvalid(fg_pwd, pwd, 'password_too_similar') self.assertInvalid(fg_pwd2, pwd2, 'password_too_similar') # Send very common password pwd.send_keys(COMMON_PWD) pwd2.send_keys(COMMON_PWD) self.wait_for_valid(pwd) self.wait_for_valid(pwd2) self.assertValid(fg_pwd, pwd) self.assertValid(fg_pwd2, pwd2) self.wait_for_valid_form() with freeze_time(NOW2_STR): self.find('button[type="submit"]').click() self.wait_for_page_load() fg_pwd = self.find('#fg_new_password1') pwd = fg_pwd.find_element_by_css_selector('#id_new_password1') fg_pwd2 = self.find('#fg_new_password2') pwd2 = fg_pwd2.find_element_by_css_selector('#id_new_password2') self.assertInvalid(fg_pwd, pwd, 'password_too_common') self.assertInvalid(fg_pwd2, pwd2, 'password_too_common') # send correct password pwd.send_keys(PWD) pwd2.send_keys(PWD) self.wait_for_valid(pwd2) self.assertValid(fg_pwd, pwd) self.assertValid(fg_pwd2, pwd2) self.wait_for_valid_form() with freeze_time(NOW2_STR): self.find('button[type="submit"]').click() self.wait_for_page_load() # get user again user = User.objects.get(username='******' % (NODE, DOMAIN)) self.assertEqual(user.confirmed, NOW2) # TODO: currently not updated? #self.assertEqual(user.last_activity, NOW2) self.assertTrue(user.created_in_backend) self.assertTrue(user.check_password(PWD)) self.assertTrue(xmpp_backend.check_password(user.node, user.domain, PWD)) # just to be sure self.assertFalse(user.blocked)