def _validate_password(password, username=None, email=None):
"""Validate the format of the user's password.
Passwords cannot be the same as the username of the account,
so we create a temp_user using the username and email to test the password against.
This user is never saved.
Arguments:
password (unicode): The proposed password.
username (unicode): The username associated with the user's account.
email (unicode): The email associated with the user's account.
Returns:
None
Raises:
errors.AccountPasswordInvalid
"""
try:
_validate_type(password, six.string_types,
accounts.PASSWORD_BAD_TYPE_MSG)
temp_user = User(username=username, email=email) if username else None
validate_password(password, user=temp_user)
except errors.AccountDataBadType as invalid_password_err:
raise errors.AccountPasswordInvalid(text_type(invalid_password_err))
except ValidationError as validation_err:
raise errors.AccountPasswordInvalid(' '.join(validation_err.messages))
def test_just_return_signals(self, mock_log_error):
"""
Ensure that disabling Sailthru just returns
"""
update_email_marketing_config(enabled=False)
add_email_marketing_cookies(None)
self.assertFalse(mock_log_error.called)
email_marketing_register_user(None, None, None)
self.assertFalse(mock_log_error.called)
update_email_marketing_config(enabled=True)
# test anonymous users
anon = AnonymousUser()
email_marketing_register_user(None, anon, None)
self.assertFalse(mock_log_error.called)
email_marketing_user_field_changed(None, user=anon)
self.assertFalse(mock_log_error.called)
user = User(username='******', email='*****@*****.**')
email_marketing_user_field_changed(None, user=user)
self.assertFalse(mock_log_error.called)
def _validate_password(password,
username=None,
email=None,
reset_password_page=False):
"""Validate the format of the user's password.
Passwords cannot be the same as the username of the account,
so we create a temp_user using the username and email to test the password against.
This user is never saved.
Arguments:
password (unicode): The proposed password.
username (unicode): The username associated with the user's account.
email (unicode): The email associated with the user's account.
reset_password_page (bool): The flag that determines the validation page.
Returns:
None
Raises:
errors.AccountPasswordInvalid
"""
try:
_validate_type(password, str, accounts.PASSWORD_BAD_TYPE_MSG)
temp_user = User(username=username, email=email) if username else None
validate_password(password, user=temp_user)
except errors.AccountDataBadType as invalid_password_err:
raise errors.AccountPasswordInvalid(str(invalid_password_err))
except ValidationError as validation_err:
raise errors.AccountPasswordInvalid(' '.join(validation_err.messages))
if ((settings.ENABLE_AUTHN_RESET_PASSWORD_HIBP_POLICY
and reset_password_page)
or (settings.ENABLE_AUTHN_REGISTER_HIBP_POLICY
and not reset_password_page)):
pwned_response = check_pwned_password(password)
if pwned_response.get('vulnerability', 'no') == 'yes':
if (reset_password_page or pwned_response.get('frequency', 0) >=
settings.HIBP_REGISTRATION_PASSWORD_FREQUENCY_THRESHOLD):
raise errors.AccountPasswordInvalid(
accounts.AUTHN_PASSWORD_COMPROMISED_MSG)
def _validate_password(password,
username=None,
email=None,
reset_password_page=False):
"""Validate the format of the user's password.
Passwords cannot be the same as the username of the account,
so we create a temp_user using the username and email to test the password against.
This user is never saved.
Arguments:
password (unicode): The proposed password.
username (unicode): The username associated with the user's account.
email (unicode): The email associated with the user's account.
reset_password_page (bool): The flag that determines the validation page.
Returns:
None
Raises:
errors.AccountPasswordInvalid
"""
try:
_validate_type(password, str, accounts.PASSWORD_BAD_TYPE_MSG)
temp_user = User(username=username, email=email) if username else None
validate_password(password, user=temp_user)
except errors.AccountDataBadType as invalid_password_err:
raise errors.AccountPasswordInvalid(str(invalid_password_err))
except ValidationError as validation_err:
raise errors.AccountPasswordInvalid(' '.join(validation_err.messages))
# TODO: VAN-666 - Restrict this feature to reset password page for now until it is
# enabled on account sign in and register.
if settings.ENABLE_AUTHN_RESET_PASSWORD_HIBP_POLICY and reset_password_page:
pwned_response = check_pwned_password(password)
if pwned_response.get('vulnerability', 'no') == 'yes':
raise errors.AccountPasswordInvalid(
accounts.AUTHN_PASSWORD_COMPROMISED_MSG)