Mercurial Repository: p/roundup/code: test/test

comparison test/test_cgi.py @ 4484:52e13bf0bb40

Add new config-option 'migrate_passwords' in section 'web'... ...to auto-migrate passwords at web-login time. Default for the new option is "yes" so if you don't want that passwords are auto-migrated to a more secure password scheme on user login, set this to "no" before running your tracker(s) after the upgrade.

author	Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
date	Thu, 14 Apr 2011 18:10:58 +0000
parents	17f796a78647
children	95aace124a8e

comparison

equal deleted inserted replaced

-:22bc0426e348
+:52e13bf0bb40
 nodeid = self.db.user.create(username='2',
 password=password.Password('foo'))
 self.assertEqual(self.parseForm({'password': '',
 ':confirm:password': ''}, 'user', nodeid),
 ({('user', nodeid): {}}, []))
+def testPasswordMigration(self):
+chef = self.db.user.lookup('Chef')
+form = dict(__login_name='Chef', __login_password='foo')
+cl = self._make_client(form)
+# assume that the "best" algorithm is the first one and doesn't
+# need migration, all others should be migrated.
+for scheme in password.Password.known_schemes[1:]:
+pw1 = password.Password('foo', scheme=scheme)
+self.assertEqual(pw1.needs_migration(), True)
+self.db.user.set(chef, password=pw1)
+self.db.commit()
+actions.LoginAction(cl).handle()
+pw = self.db.user.get(chef, 'password')
+self.assertEqual(pw, 'foo')
+self.assertEqual(pw.needs_migration(), False)
+pw1 = pw
+self.assertEqual(pw1.needs_migration(), False)
+scheme = password.Password.known_schemes[0]
+self.assertEqual(scheme, pw1.scheme)
+actions.LoginAction(cl).handle()
+pw = self.db.user.get(chef, 'password')
+self.assertEqual(pw, 'foo')
+self.assertEqual(pw, pw1)
 #
 # Boolean
 #
 def testEmptyBoolean(self):

Mercurial > p > roundup > code

comparison test/test_cgi.py @ 4484:52e13bf0bb40