mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #34977 -- Improved accessibility in the UserChangeForm by replacing the reset password link with a button.

Browse Source 
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
This commit is contained in:
Fabian Braun
2024-03-11 16:24:02 +01:00
committed by Natalia
parent d658a3162f
commit 944745afe2
5 changed files with 42 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
tests/auth_tests/test_forms.py
View File

@@ -1023,34 +1023,42 @@ class UserChangeFormTest(TestDataMixin, TestCase):
self.assertEqual(form.initial["password"], form["password"].value())
@override_settings(ROOT_URLCONF="auth_tests.urls_admin")
def test_link_to_password_reset_in_helptext_via_to_field(self):
def test_link_to_password_reset_in_user_change_form(self):
cases = [
(
"testclient",
'you can change or unset the password using <a href="(.*?)">',
"Raw passwords are not stored, so there is no way to see "
"the users password.",
"Reset password",
),
(
"unusable_password",
"Enable password-based authentication for this user by setting "
'a password using <a href="(.*?)">this form</a>.',
"Enable password-based authentication for this user by setting a "
"password.",
"Set password",
),
]
for username, expected_help_text in cases:
password_reset_link = r'<a class="button" href="([^"]*)">([^<]*)</a>'
for username, expected_help_text, expected_button_label in cases:
with self.subTest(username=username):
user = User.objects.get(username=username)
form = UserChangeForm(data={}, instance=user)
password_help_text = form.fields["password"].help_text
matches = re.search(expected_help_text, password_help_text)
self.assertEqual(password_help_text, expected_help_text)
matches = re.search(password_reset_link, form.as_p())
self.assertIsNotNone(matches)
self.assertEqual(len(matches.groups()), 2)
url_prefix = f"admin:{user._meta.app_label}_{user._meta.model_name}"
# URL to UserChangeForm in admin via to_field (instead of pk).
user_change_url = reverse(f"{url_prefix}_change", args=(user.username,))
user_change_url = reverse(f"{url_prefix}_change", args=(user.pk,))
joined_url = urllib.parse.urljoin(user_change_url, matches.group(1))
pw_change_url = reverse(
f"{url_prefix}_password_change", args=(user.pk,)
)
self.assertEqual(joined_url, pw_change_url)
self.assertEqual(matches.group(2), expected_button_label)
def test_custom_form(self):
class CustomUserChangeForm(UserChangeForm):
@@ -1345,11 +1353,14 @@ class ReadOnlyPasswordHashTest(SimpleTestCase):
self.assertHTMLEqual(
widget.render("name", value, {"id": "id_password"}),
'<div id="id_password">'
" <p>"
" <strong>algorithm</strong>: <bdi>pbkdf2_sha256</bdi>"
" <strong>iterations</strong>: <bdi>100000</bdi>"
" <strong>salt</strong>: <bdi>a6Pucb******</bdi>"
" <strong>hash</strong>: "
" <bdi>WmCkn9**************************************</bdi>"
" </p>"
' <p><a class="button" href="../password/">Reset password</a></p>'
"</div>",
)

4
tests/auth_tests/test_views.py
View File

@@ -1442,7 +1442,7 @@ class ChangelistTests(MessagesTestMixin, AuthViewsTestCase):
response = self.client.get(user_change_url)
# Test the link inside password field help_text.
rel_link = re.search(
r'change or unset the password using <a href="([^"]*)">this form</a>',
r'<a class="button" href="([^"]*)">Reset password</a>',
response.content.decode(),
)[1]
self.assertEqual(urljoin(user_change_url, rel_link), password_change_url)
@@ -1538,7 +1538,7 @@ class ChangelistTests(MessagesTestMixin, AuthViewsTestCase):
response = self.client.get(user_change_url)
# Test the link inside password field help_text.
rel_link = re.search(
r'by setting a password using <a href="([^"]*)">this form</a>',
r'<a class="button" href="([^"]*)">Set password</a>',
response.content.decode(),
)[1]
self.assertEqual(urljoin(user_change_url, rel_link), password_change_url)