Mercurial Repository: p/roundup/code: test/test

comparison test/test_actions.py @ 6684:9ca5cbffa0c4

Switch off using blank passwords for login There is now a config.ini setting [web] login_empty_passwords to enable logins for users without a password set. By default it's off and every user must have a password.

author	John Rouillard <rouilj@ieee.org>
date	Mon, 23 May 2022 17:31:50 -0400
parents	8269e89530e5
children	273c8c2b5042

comparison

equal deleted inserted replaced

-:12c5ddf865b1
+:9ca5cbffa0c4
 self.client.db.Otk = MockNull()
 self.client.db.Otk.data = {}
 self.client.db.Otk.getall = self.data_get
 self.client.db.Otk.set = self.data_set
 self.client.db.config.WEB_LOGIN_ATTEMPTS_MIN = 20
+self.client.db.config.WEB_LOGIN_EMPTY_PASSWORDS = 0
 self.client._ok_message = []
 self.client._error_message = []
 self.client.add_error_message = lambda x, escape=True: add_message(
 self.client._error_message, x, escape=escape)
 self.client.add_ok_message = lambda x : add_message(
 self.assertEqual(username, 'foo')
 self.client.opendb = opendb
 self.assertLoginLeavesMessages([], 'foo', 'right')
+def testBlankPasswordLogin(self):
+self.client.db.security.hasPermission = lambda *args, **kwargs: True
+self.client.db.user.get = lambda a,b: None
+def opendb(username):
+self.assertEqual(username, 'blank')
+self.client.opendb = opendb
+self.assertEqual(self.client.db.config.WEB_LOGIN_EMPTY_PASSWORDS, 0)
+self.assertLoginLeavesMessages(['Invalid login'], 'blank', '' )
+self.client.db.config.WEB_LOGIN_EMPTY_PASSWORDS = 1
+self.form.value[:] = []  # reset form
+self.client._error_message = [] # reset errors
+self.assertLoginLeavesMessages([], 'blank', '' )
+# reset
+self.client.db.user.get = lambda a,b: 'right'
+self.client.db.config.WEB_LOGIN_EMPTY_PASSWORDS = 0
 def testCorrectLoginRedirect(self):
 self.client.db.security.hasPermission = lambda *args, **kwargs: True
 def opendb(username):
 self.assertEqual(username, 'foo')
 self.client.opendb = opendb
 Default limit is 3/min, but that means we sleep for 20
 seconds so I override the default limit to speed this up.
 '''
 # Do the first login setting an invalid login name
 self.assertLoginLeavesMessages(['Invalid login'], 'nouser')
-# use up the rest of the 20 login attempts
+# use up the rest of the 20 login attempts. Login name
+# persists.
 for i in range(19):
 self.client._error_message = []
 self.assertLoginLeavesMessages(['Invalid login'])
 self.assertRaisesMessage(Reject, LoginAction(self.client).handle,

Mercurial > p > roundup > code

comparison test/test_actions.py @ 6684:9ca5cbffa0c4