Fixed #25089 -- Added password validation to createsuperuser/changepassword.

2025-08-04 19:08:28 +00:00 · 2015-07-09 01:15:05 -05:00 · 2015-07-09 01:15:05 -05:00 · 53d28f8339
commit 53d28f8339
parent 264eeaf14a
3 changed files with 89 additions and 5 deletions
--- a/tests/auth_tests/test_management.py
+++ b/tests/auth_tests/test_management.py
@ -43,6 +43,8 @@ def mock_inputs(inputs):
                    if six.PY2:
                        # getpass on Windows only supports prompt as bytestring (#19807)
                        assert isinstance(prompt, six.binary_type)
+                    if callable(inputs['password']):
+                        return inputs['password']()
                    return inputs['password']

            def mock_input(prompt):
@ -107,6 +109,9 @@ class GetDefaultUsernameTestCase(TestCase):
        self.assertEqual(management.get_default_username(), 'julia')


+@override_settings(AUTH_PASSWORD_VALIDATORS=[
+    {'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'},
+])
 class ChangepasswordManagementCommandTestCase(TestCase):

    def setUp(self):
@ -139,11 +144,24 @@ class ChangepasswordManagementCommandTestCase(TestCase):
        mismatched passwords three times.
        """
        command = changepassword.Command()
-        command._get_pass = lambda *args: args or 'foo'
+        command._get_pass = lambda *args: str(args) or 'foo'

        with self.assertRaises(CommandError):
            command.execute(username="joe", stdout=self.stdout, stderr=self.stderr)

+    def test_password_validation(self):
+        """
+        A CommandError should be raised if the user enters in passwords which
+        fail validation three times.
+        """
+        command = changepassword.Command()
+        command._get_pass = lambda *args: '1234567890'
+
+        abort_msg = "Aborting password change for user 'joe' after 3 attempts"
+        with self.assertRaisesMessage(CommandError, abort_msg):
+            command.execute(username="joe", stdout=self.stdout, stderr=self.stderr)
+        self.assertIn('This password is entirely numeric.', self.stdout.getvalue())
+
    def test_that_changepassword_command_works_with_nonascii_output(self):
        """
        #21627 -- Executing the changepassword management command should allow
@ -158,7 +176,10 @@ class ChangepasswordManagementCommandTestCase(TestCase):
        command.execute(username="J\xfalia", stdout=self.stdout)


-@override_settings(SILENCED_SYSTEM_CHECKS=['fields.W342'])  # ForeignKey(unique=True)
+@override_settings(
+    SILENCED_SYSTEM_CHECKS=['fields.W342'],  # ForeignKey(unique=True)
+    AUTH_PASSWORD_VALIDATORS=[{'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'}],
+)
 class CreatesuperuserManagementCommandTestCase(TestCase):

    def test_basic_usage(self):
@ -443,6 +464,39 @@ class CreatesuperuserManagementCommandTestCase(TestCase):

        test(self)

+    def test_password_validation(self):
+        """
+        Creation should fail if the password fails validation.
+        """
+        new_io = six.StringIO()
+        # Returns '1234567890' the first two times it is called, then
+        # 'password' subsequently.
+        def bad_then_good_password(index=[0]):
+            index[0] += 1
+            if index[0] <= 2:
+                return '1234567890'
+            return 'password'
+
+        @mock_inputs({
+            'password': bad_then_good_password,
+            'username': 'joe1234567890',
+        })
+        def test(self):
+            call_command(
+                "createsuperuser",
+                interactive=True,
+                stdin=MockTTY(),
+                stdout=new_io,
+                stderr=new_io,
+            )
+            self.assertEqual(
+                new_io.getvalue().strip(),
+                "This password is entirely numeric.\n"
+                "Superuser created successfully."
+            )
+
+        test(self)
+

 class CustomUserModelValidationTestCase(SimpleTestCase):
    @override_settings(AUTH_USER_MODEL='auth.CustomUserNonListRequiredFields')