def _enforce_password_policy_compliance(request, user): try: password_policy_compliance.enforce_compliance_on_login(user, request.POST.get('password')) except password_policy_compliance.NonCompliantPasswordWarning as e: # Allow login, but warn the user that they will be required to reset their password soon. PageLevelMessages.register_warning_message(request, e.message) except password_policy_compliance.NonCompliantPasswordException as e: # Prevent the login attempt. raise AuthFailedError(e.message)
def _enforce_password_policy_compliance(request, user): try: password_policy_compliance.enforce_compliance_on_login( user, request.POST.get('password')) except password_policy_compliance.NonCompliantPasswordWarning as e: # Allow login, but warn the user that they will be required to reset their password soon. PageLevelMessages.register_warning_message(request, six.text_type(e)) except password_policy_compliance.NonCompliantPasswordException as e: send_password_reset_email_for_user(user, request) # Prevent the login attempt. raise AuthFailedError(HTML(six.text_type(e)))
def _enforce_password_policy_compliance(request, user): # lint-amnesty, pylint: disable=missing-function-docstring try: password_policy_compliance.enforce_compliance_on_login(user, request.POST.get('password')) except password_policy_compliance.NonCompliantPasswordWarning as e: # Allow login, but warn the user that they will be required to reset their password soon. PageLevelMessages.register_warning_message(request, str(e)) except password_policy_compliance.NonCompliantPasswordException as e: AUDIT_LOG.info("Password reset initiated for email %s.", user.email) send_password_reset_email_for_user(user, request) # Prevent the login attempt. raise AuthFailedError(HTML(str(e)), error_code=e.__class__.__name__) # lint-amnesty, pylint: disable=raise-missing-from
def test_enforce_compliance_on_login(self): """ Verify that compliance does not need to be enforced if: * Password is compliant * There is no compliance deadline Verify that compliance does need to be enforced if: * Deadline has passed and the password is not compliant Verify that a warning is thrown if: * Deadline is in the future """ user = UserFactory() password = '******' # Don't actually need a password or user as methods will be mocked # Test password is compliant with patch('openedx.core.djangoapps.password_policy.compliance._check_user_compliance') as \ mock_check_user_compliance: mock_check_user_compliance.return_value = True assert enforce_compliance_on_login(user, password) is None # Test no deadline is set with patch('openedx.core.djangoapps.password_policy.compliance._check_user_compliance') as \ mock_check_user_compliance: mock_check_user_compliance.return_value = False with patch('openedx.core.djangoapps.password_policy.compliance._get_compliance_deadline_for_user') as \ mock_get_compliance_deadline_for_user: mock_get_compliance_deadline_for_user.return_value = None assert enforce_compliance_on_login(user, password) is None # Test deadline is in the past with patch('openedx.core.djangoapps.password_policy.compliance._check_user_compliance') as \ mock_check_user_compliance: mock_check_user_compliance.return_value = False with patch('openedx.core.djangoapps.password_policy.compliance._get_compliance_deadline_for_user') as \ mock_get_compliance_deadline_for_user: mock_get_compliance_deadline_for_user.return_value = datetime.now( pytz.UTC) - timedelta(1) pytest.raises(NonCompliantPasswordException, enforce_compliance_on_login, user, password) # Test deadline is in the future with patch('openedx.core.djangoapps.password_policy.compliance._check_user_compliance') as \ mock_check_user_compliance: mock_check_user_compliance.return_value = False with patch('openedx.core.djangoapps.password_policy.compliance._get_compliance_deadline_for_user') as \ mock_get_compliance_deadline_for_user: mock_get_compliance_deadline_for_user.return_value = datetime.now( pytz.UTC) + timedelta(1) assert pytest.raises(NonCompliantPasswordWarning, enforce_compliance_on_login, user, password)
def test_enforce_compliance_on_login(self): """ Verify that compliance does not need to be enforced if: * Password is compliant * There is no compliance deadline Verify that compliance does need to be enforced if: * Deadline has passed and the password is not compliant Verify that a warning is thrown if: * Deadline is in the future """ user = UserFactory() password = '******' # Don't actually need a password or user as methods will be mocked # Test password is compliant with patch('openedx.core.djangoapps.password_policy.compliance._check_user_compliance') as \ mock_check_user_compliance: mock_check_user_compliance.return_value = True self.assertIsNone(enforce_compliance_on_login(user, password)) # Test no deadline is set with patch('openedx.core.djangoapps.password_policy.compliance._check_user_compliance') as \ mock_check_user_compliance: mock_check_user_compliance.return_value = False with patch('openedx.core.djangoapps.password_policy.compliance._get_compliance_deadline_for_user') as \ mock_get_compliance_deadline_for_user: mock_get_compliance_deadline_for_user.return_value = None self.assertIsNone(enforce_compliance_on_login(user, password)) # Test deadline is in the past with patch('openedx.core.djangoapps.password_policy.compliance._check_user_compliance') as \ mock_check_user_compliance: mock_check_user_compliance.return_value = False with patch('openedx.core.djangoapps.password_policy.compliance._get_compliance_deadline_for_user') as \ mock_get_compliance_deadline_for_user: mock_get_compliance_deadline_for_user.return_value = datetime.now(pytz.UTC) - timedelta(1) self.assertRaises(NonCompliantPasswordException, enforce_compliance_on_login, user, password) # Test deadline is in the future with patch('openedx.core.djangoapps.password_policy.compliance._check_user_compliance') as \ mock_check_user_compliance: mock_check_user_compliance.return_value = False with patch('openedx.core.djangoapps.password_policy.compliance._get_compliance_deadline_for_user') as \ mock_get_compliance_deadline_for_user: mock_get_compliance_deadline_for_user.return_value = datetime.now(pytz.UTC) + timedelta(1) self.assertRaises(NonCompliantPasswordWarning, enforce_compliance_on_login, user, password)
def clean(self): """ Overrides the clean method to allow for the enforcement of password policy requirements. """ cleaned_data = super(PasswordPolicyAwareAdminAuthForm, self).clean() if password_policy_compliance.should_enforce_compliance_on_login(): try: password_policy_compliance.enforce_compliance_on_login(self.user_cache, cleaned_data['password']) except password_policy_compliance.NonCompliantPasswordWarning as e: # Allow login, but warn the user that they will be required to reset their password soon. messages.warning(self.request, e.message) except password_policy_compliance.NonCompliantPasswordException as e: # Prevent the login attempt. raise ValidationError(e.message) return cleaned_data
def clean(self): """ Overrides the clean method to allow for the enforcement of password policy requirements. """ cleaned_data = super().clean() if password_policy_compliance.should_enforce_compliance_on_login(): try: password_policy_compliance.enforce_compliance_on_login(self.user_cache, cleaned_data['password']) except password_policy_compliance.NonCompliantPasswordWarning as e: # Allow login, but warn the user that they will be required to reset their password soon. messages.warning(self.request, HTML(str(e))) except password_policy_compliance.NonCompliantPasswordException as e: # Prevent the login attempt. raise ValidationError(HTML(str(e))) # lint-amnesty, pylint: disable=raise-missing-from return cleaned_data
def clean(self): """ Overrides the clean method to allow for the enforcement of password policy requirements. """ cleaned_data = super(PasswordPolicyAwareAdminAuthForm, self).clean() if password_policy_compliance.should_enforce_compliance_on_login(): try: password_policy_compliance.enforce_compliance_on_login( self.user_cache, cleaned_data['password']) except password_policy_compliance.NonCompliantPasswordWarning as e: # Allow login, but warn the user that they will be required to reset their password soon. messages.warning(self.request, e.message) except password_policy_compliance.NonCompliantPasswordException as e: # Prevent the login attempt. raise ValidationError(e.message) return cleaned_data
def _enforce_password_policy_compliance(request, user): # lint-amnesty, pylint: disable=missing-function-docstring try: password_policy_compliance.enforce_compliance_on_login( user, request.POST.get('password')) except password_policy_compliance.NonCompliantPasswordWarning as e: # Allow login, but warn the user that they will be required to reset their password soon. PageLevelMessages.register_warning_message(request, HTML(str(e))) except password_policy_compliance.NonCompliantPasswordException as e: # Increment the lockout counter to safguard from further brute force requests # if user's password has been compromised. if LoginFailures.is_feature_enabled(): LoginFailures.increment_lockout_counter(user) AUDIT_LOG.info("Password reset initiated for email %s.", user.email) send_password_reset_email_for_user(user, request) # Prevent the login attempt. raise AuthFailedError(HTML(str(e)), error_code=e.__class__.__name__) # lint-amnesty, pylint: disable=raise-missing-from