2015-03-08 14:07:57 +00:00
|
|
|
|
import os
|
|
|
|
|
|
2016-04-22 17:39:13 +00:00
|
|
|
|
from django.contrib.auth import validators
|
2015-03-08 14:07:57 +00:00
|
|
|
|
from django.contrib.auth.models import User
|
|
|
|
|
from django.contrib.auth.password_validation import (
|
|
|
|
|
CommonPasswordValidator,
|
|
|
|
|
MinimumLengthValidator,
|
|
|
|
|
NumericPasswordValidator,
|
|
|
|
|
UserAttributeSimilarityValidator,
|
|
|
|
|
get_default_password_validators,
|
|
|
|
|
get_password_validators,
|
|
|
|
|
password_changed,
|
|
|
|
|
password_validators_help_text_html,
|
|
|
|
|
password_validators_help_texts,
|
|
|
|
|
validate_password,
|
|
|
|
|
)
|
|
|
|
|
from django.core.exceptions import ValidationError
|
2016-07-22 08:51:38 +00:00
|
|
|
|
from django.db import models
|
2018-11-26 19:05:02 +00:00
|
|
|
|
from django.test import SimpleTestCase, TestCase, override_settings
|
2016-07-22 08:51:38 +00:00
|
|
|
|
from django.test.utils import isolate_apps
|
2018-01-03 00:51:06 +00:00
|
|
|
|
from django.utils.html import conditional_escape
|
2015-03-08 14:07:57 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@override_settings(
|
|
|
|
|
AUTH_PASSWORD_VALIDATORS=[
|
|
|
|
|
{"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
|
|
|
|
|
{
|
|
|
|
|
"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
|
|
|
|
|
"OPTIONS": {
|
|
|
|
|
"min_length": 12,
|
|
|
|
|
},
|
2022-02-03 19:24:19 +00:00
|
|
|
|
},
|
2015-03-08 14:07:57 +00:00
|
|
|
|
]
|
|
|
|
|
)
|
2018-11-26 19:05:02 +00:00
|
|
|
|
class PasswordValidationTest(SimpleTestCase):
|
2015-03-08 14:07:57 +00:00
|
|
|
|
def test_get_default_password_validators(self):
|
|
|
|
|
validators = get_default_password_validators()
|
|
|
|
|
self.assertEqual(len(validators), 2)
|
|
|
|
|
self.assertEqual(validators[0].__class__.__name__, "CommonPasswordValidator")
|
|
|
|
|
self.assertEqual(validators[1].__class__.__name__, "MinimumLengthValidator")
|
|
|
|
|
self.assertEqual(validators[1].min_length, 12)
|
|
|
|
|
|
|
|
|
|
def test_get_password_validators_custom(self):
|
|
|
|
|
validator_config = [
|
|
|
|
|
{"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"}
|
|
|
|
|
]
|
|
|
|
|
validators = get_password_validators(validator_config)
|
|
|
|
|
self.assertEqual(len(validators), 1)
|
|
|
|
|
self.assertEqual(validators[0].__class__.__name__, "CommonPasswordValidator")
|
|
|
|
|
|
|
|
|
|
self.assertEqual(get_password_validators([]), [])
|
|
|
|
|
|
|
|
|
|
def test_validate_password(self):
|
|
|
|
|
self.assertIsNone(validate_password("sufficiently-long"))
|
|
|
|
|
msg_too_short = (
|
|
|
|
|
"This password is too short. It must contain at least 12 characters."
|
2022-02-03 19:24:19 +00:00
|
|
|
|
)
|
2015-03-08 14:07:57 +00:00
|
|
|
|
|
2015-06-16 15:02:27 +00:00
|
|
|
|
with self.assertRaises(ValidationError) as cm:
|
2015-03-08 14:07:57 +00:00
|
|
|
|
validate_password("django4242")
|
|
|
|
|
self.assertEqual(cm.exception.messages, [msg_too_short])
|
2015-06-08 17:27:47 +00:00
|
|
|
|
self.assertEqual(cm.exception.error_list[0].code, "password_too_short")
|
2015-03-08 14:07:57 +00:00
|
|
|
|
|
|
|
|
|
with self.assertRaises(ValidationError) as cm:
|
|
|
|
|
validate_password("password")
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
cm.exception.messages, ["This password is too common.", msg_too_short]
|
|
|
|
|
)
|
2015-06-08 17:27:47 +00:00
|
|
|
|
self.assertEqual(cm.exception.error_list[0].code, "password_too_common")
|
2015-03-08 14:07:57 +00:00
|
|
|
|
|
|
|
|
|
self.assertIsNone(validate_password("password", password_validators=[]))
|
|
|
|
|
|
|
|
|
|
def test_password_changed(self):
|
|
|
|
|
self.assertIsNone(password_changed("password"))
|
|
|
|
|
|
2018-09-19 11:03:02 +00:00
|
|
|
|
def test_password_changed_with_custom_validator(self):
|
|
|
|
|
class Validator:
|
|
|
|
|
def password_changed(self, password, user):
|
|
|
|
|
self.password = password
|
|
|
|
|
self.user = user
|
|
|
|
|
|
|
|
|
|
user = object()
|
|
|
|
|
validator = Validator()
|
|
|
|
|
password_changed("password", user=user, password_validators=(validator,))
|
|
|
|
|
self.assertIs(validator.user, user)
|
|
|
|
|
self.assertEqual(validator.password, "password")
|
|
|
|
|
|
2015-03-08 14:07:57 +00:00
|
|
|
|
def test_password_validators_help_texts(self):
|
|
|
|
|
help_texts = password_validators_help_texts()
|
|
|
|
|
self.assertEqual(len(help_texts), 2)
|
2015-06-08 17:27:47 +00:00
|
|
|
|
self.assertIn("12 characters", help_texts[1])
|
2015-03-08 14:07:57 +00:00
|
|
|
|
|
|
|
|
|
self.assertEqual(password_validators_help_texts(password_validators=[]), [])
|
|
|
|
|
|
|
|
|
|
def test_password_validators_help_text_html(self):
|
|
|
|
|
help_text = password_validators_help_text_html()
|
|
|
|
|
self.assertEqual(help_text.count("<li>"), 2)
|
2015-06-08 17:27:47 +00:00
|
|
|
|
self.assertIn("12 characters", help_text)
|
2015-03-08 14:07:57 +00:00
|
|
|
|
|
2018-01-03 00:51:06 +00:00
|
|
|
|
def test_password_validators_help_text_html_escaping(self):
|
|
|
|
|
class AmpersandValidator:
|
|
|
|
|
def get_help_text(self):
|
|
|
|
|
return "Must contain &"
|
2022-02-03 19:24:19 +00:00
|
|
|
|
|
2018-01-03 00:51:06 +00:00
|
|
|
|
help_text = password_validators_help_text_html([AmpersandValidator()])
|
|
|
|
|
self.assertEqual(help_text, "<ul><li>Must contain &</li></ul>")
|
|
|
|
|
# help_text is marked safe and therefore unchanged by conditional_escape().
|
|
|
|
|
self.assertEqual(help_text, conditional_escape(help_text))
|
|
|
|
|
|
2015-09-25 21:32:23 +00:00
|
|
|
|
@override_settings(AUTH_PASSWORD_VALIDATORS=[])
|
|
|
|
|
def test_empty_password_validator_help_text_html(self):
|
|
|
|
|
self.assertEqual(password_validators_help_text_html(), "")
|
|
|
|
|
|
2015-03-08 14:07:57 +00:00
|
|
|
|
|
2018-11-26 19:05:02 +00:00
|
|
|
|
class MinimumLengthValidatorTest(SimpleTestCase):
|
2015-03-08 14:07:57 +00:00
|
|
|
|
def test_validate(self):
|
|
|
|
|
expected_error = (
|
|
|
|
|
"This password is too short. It must contain at least %d characters."
|
2022-02-03 19:24:19 +00:00
|
|
|
|
)
|
2015-03-08 14:07:57 +00:00
|
|
|
|
self.assertIsNone(MinimumLengthValidator().validate("12345678"))
|
|
|
|
|
self.assertIsNone(MinimumLengthValidator(min_length=3).validate("123"))
|
|
|
|
|
|
|
|
|
|
with self.assertRaises(ValidationError) as cm:
|
|
|
|
|
MinimumLengthValidator().validate("1234567")
|
|
|
|
|
self.assertEqual(cm.exception.messages, [expected_error % 8])
|
2015-06-08 17:27:47 +00:00
|
|
|
|
self.assertEqual(cm.exception.error_list[0].code, "password_too_short")
|
2015-03-08 14:07:57 +00:00
|
|
|
|
|
|
|
|
|
with self.assertRaises(ValidationError) as cm:
|
|
|
|
|
MinimumLengthValidator(min_length=3).validate("12")
|
|
|
|
|
self.assertEqual(cm.exception.messages, [expected_error % 3])
|
|
|
|
|
|
|
|
|
|
def test_help_text(self):
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
MinimumLengthValidator().get_help_text(),
|
|
|
|
|
"Your password must contain at least 8 characters.",
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class UserAttributeSimilarityValidatorTest(TestCase):
|
|
|
|
|
def test_validate(self):
|
2016-02-05 20:56:52 +00:00
|
|
|
|
user = User.objects.create_user(
|
|
|
|
|
username="testclient",
|
|
|
|
|
password="password",
|
|
|
|
|
email="testclient@example.com",
|
|
|
|
|
first_name="Test",
|
|
|
|
|
last_name="Client",
|
2015-03-08 14:07:57 +00:00
|
|
|
|
)
|
|
|
|
|
expected_error = "The password is too similar to the %s."
|
|
|
|
|
|
|
|
|
|
self.assertIsNone(UserAttributeSimilarityValidator().validate("testclient"))
|
|
|
|
|
|
|
|
|
|
with self.assertRaises(ValidationError) as cm:
|
|
|
|
|
UserAttributeSimilarityValidator().validate("testclient", user=user),
|
|
|
|
|
self.assertEqual(cm.exception.messages, [expected_error % "username"])
|
2015-06-08 17:27:47 +00:00
|
|
|
|
self.assertEqual(cm.exception.error_list[0].code, "password_too_similar")
|
2015-03-08 14:07:57 +00:00
|
|
|
|
|
|
|
|
|
with self.assertRaises(ValidationError) as cm:
|
|
|
|
|
UserAttributeSimilarityValidator().validate("example.com", user=user),
|
|
|
|
|
self.assertEqual(cm.exception.messages, [expected_error % "email address"])
|
|
|
|
|
|
|
|
|
|
with self.assertRaises(ValidationError) as cm:
|
2015-06-08 17:27:47 +00:00
|
|
|
|
UserAttributeSimilarityValidator(
|
|
|
|
|
user_attributes=["first_name"],
|
|
|
|
|
max_similarity=0.3,
|
|
|
|
|
).validate("testclient", user=user)
|
2015-03-08 14:07:57 +00:00
|
|
|
|
self.assertEqual(cm.exception.messages, [expected_error % "first name"])
|
2016-11-10 11:30:38 +00:00
|
|
|
|
# max_similarity=1 doesn't allow passwords that are identical to the
|
|
|
|
|
# attribute's value.
|
|
|
|
|
with self.assertRaises(ValidationError) as cm:
|
|
|
|
|
UserAttributeSimilarityValidator(
|
|
|
|
|
user_attributes=["first_name"],
|
|
|
|
|
max_similarity=1,
|
|
|
|
|
).validate(user.first_name, user=user)
|
|
|
|
|
self.assertEqual(cm.exception.messages, [expected_error % "first name"])
|
2021-12-27 13:48:03 +00:00
|
|
|
|
# Very low max_similarity is rejected.
|
|
|
|
|
msg = "max_similarity must be at least 0.1"
|
|
|
|
|
with self.assertRaisesMessage(ValueError, msg):
|
|
|
|
|
UserAttributeSimilarityValidator(max_similarity=0.09)
|
2016-11-10 11:30:38 +00:00
|
|
|
|
# Passes validation.
|
2015-03-08 14:07:57 +00:00
|
|
|
|
self.assertIsNone(
|
|
|
|
|
UserAttributeSimilarityValidator(user_attributes=["first_name"]).validate(
|
|
|
|
|
"testclient", user=user
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
|
2016-07-22 08:51:38 +00:00
|
|
|
|
@isolate_apps("auth_tests")
|
|
|
|
|
def test_validate_property(self):
|
|
|
|
|
class TestUser(models.Model):
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
@property
|
|
|
|
|
def username(self):
|
|
|
|
|
return "foobar"
|
|
|
|
|
|
|
|
|
|
with self.assertRaises(ValidationError) as cm:
|
|
|
|
|
UserAttributeSimilarityValidator().validate("foobar", user=TestUser()),
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
cm.exception.messages, ["The password is too similar to the username."]
|
|
|
|
|
)
|
|
|
|
|
|
2015-03-08 14:07:57 +00:00
|
|
|
|
def test_help_text(self):
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
UserAttributeSimilarityValidator().get_help_text(),
|
2019-06-27 16:39:47 +00:00
|
|
|
|
"Your password can’t be too similar to your other personal information.",
|
2015-03-08 14:07:57 +00:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2018-11-26 19:05:02 +00:00
|
|
|
|
class CommonPasswordValidatorTest(SimpleTestCase):
|
2015-03-08 14:07:57 +00:00
|
|
|
|
def test_validate(self):
|
|
|
|
|
expected_error = "This password is too common."
|
|
|
|
|
self.assertIsNone(CommonPasswordValidator().validate("a-safe-password"))
|
|
|
|
|
|
|
|
|
|
with self.assertRaises(ValidationError) as cm:
|
|
|
|
|
CommonPasswordValidator().validate("godzilla")
|
|
|
|
|
self.assertEqual(cm.exception.messages, [expected_error])
|
|
|
|
|
|
|
|
|
|
def test_validate_custom_list(self):
|
2017-01-20 13:01:02 +00:00
|
|
|
|
path = os.path.join(
|
|
|
|
|
os.path.dirname(os.path.realpath(__file__)), "common-passwords-custom.txt"
|
|
|
|
|
)
|
2015-03-08 14:07:57 +00:00
|
|
|
|
validator = CommonPasswordValidator(password_list_path=path)
|
|
|
|
|
expected_error = "This password is too common."
|
|
|
|
|
self.assertIsNone(validator.validate("a-safe-password"))
|
|
|
|
|
|
|
|
|
|
with self.assertRaises(ValidationError) as cm:
|
|
|
|
|
validator.validate("from-my-custom-list")
|
|
|
|
|
self.assertEqual(cm.exception.messages, [expected_error])
|
2015-06-08 17:27:47 +00:00
|
|
|
|
self.assertEqual(cm.exception.error_list[0].code, "password_too_common")
|
2015-03-08 14:07:57 +00:00
|
|
|
|
|
2018-11-15 19:11:03 +00:00
|
|
|
|
def test_validate_django_supplied_file(self):
|
|
|
|
|
validator = CommonPasswordValidator()
|
|
|
|
|
for password in validator.passwords:
|
|
|
|
|
self.assertEqual(password, password.lower())
|
|
|
|
|
|
2015-03-08 14:07:57 +00:00
|
|
|
|
def test_help_text(self):
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
CommonPasswordValidator().get_help_text(),
|
2019-06-27 16:39:47 +00:00
|
|
|
|
"Your password can’t be a commonly used password.",
|
2015-03-08 14:07:57 +00:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2018-11-26 19:05:02 +00:00
|
|
|
|
class NumericPasswordValidatorTest(SimpleTestCase):
|
2015-03-08 14:07:57 +00:00
|
|
|
|
def test_validate(self):
|
|
|
|
|
expected_error = "This password is entirely numeric."
|
|
|
|
|
self.assertIsNone(NumericPasswordValidator().validate("a-safe-password"))
|
|
|
|
|
|
|
|
|
|
with self.assertRaises(ValidationError) as cm:
|
|
|
|
|
NumericPasswordValidator().validate("42424242")
|
|
|
|
|
self.assertEqual(cm.exception.messages, [expected_error])
|
2015-06-08 17:27:47 +00:00
|
|
|
|
self.assertEqual(cm.exception.error_list[0].code, "password_entirely_numeric")
|
2015-03-08 14:07:57 +00:00
|
|
|
|
|
|
|
|
|
def test_help_text(self):
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
NumericPasswordValidator().get_help_text(),
|
2019-06-27 16:39:47 +00:00
|
|
|
|
"Your password can’t be entirely numeric.",
|
2015-03-08 14:07:57 +00:00
|
|
|
|
)
|
2016-04-22 17:39:13 +00:00
|
|
|
|
|
|
|
|
|
|
2018-11-26 19:05:02 +00:00
|
|
|
|
class UsernameValidatorsTests(SimpleTestCase):
|
2016-04-22 17:39:13 +00:00
|
|
|
|
def test_unicode_validator(self):
|
|
|
|
|
valid_usernames = ["joe", "René", "ᴮᴵᴳᴮᴵᴿᴰ", "أحمد"]
|
|
|
|
|
invalid_usernames = [
|
|
|
|
|
"o'connell",
|
|
|
|
|
"عبد ال",
|
|
|
|
|
"zerowidth\u200Bspace",
|
|
|
|
|
"nonbreaking\u00A0space",
|
2019-03-22 17:16:26 +00:00
|
|
|
|
"en\u2013dash",
|
|
|
|
|
"trailingnewline\u000A",
|
2016-04-22 17:39:13 +00:00
|
|
|
|
]
|
|
|
|
|
v = validators.UnicodeUsernameValidator()
|
|
|
|
|
for valid in valid_usernames:
|
2017-03-07 21:00:43 +00:00
|
|
|
|
with self.subTest(valid=valid):
|
|
|
|
|
v(valid)
|
2016-04-22 17:39:13 +00:00
|
|
|
|
for invalid in invalid_usernames:
|
2017-03-07 21:00:43 +00:00
|
|
|
|
with self.subTest(invalid=invalid):
|
|
|
|
|
with self.assertRaises(ValidationError):
|
|
|
|
|
v(invalid)
|
2016-04-22 17:39:13 +00:00
|
|
|
|
|
|
|
|
|
def test_ascii_validator(self):
|
|
|
|
|
valid_usernames = ["glenn", "GLEnN", "jean-marc"]
|
2019-03-22 17:16:26 +00:00
|
|
|
|
invalid_usernames = [
|
|
|
|
|
"o'connell",
|
|
|
|
|
"Éric",
|
|
|
|
|
"jean marc",
|
|
|
|
|
"أحمد",
|
|
|
|
|
"trailingnewline\n",
|
|
|
|
|
]
|
2016-04-22 17:39:13 +00:00
|
|
|
|
v = validators.ASCIIUsernameValidator()
|
|
|
|
|
for valid in valid_usernames:
|
2017-03-07 21:00:43 +00:00
|
|
|
|
with self.subTest(valid=valid):
|
|
|
|
|
v(valid)
|
2016-04-22 17:39:13 +00:00
|
|
|
|
for invalid in invalid_usernames:
|
2017-03-07 21:00:43 +00:00
|
|
|
|
with self.subTest(invalid=invalid):
|
|
|
|
|
with self.assertRaises(ValidationError):
|
|
|
|
|
v(invalid)
|