Mercurial > p > roundup > code
diff test/test_security.py @ 4480:1613754d2646
Fix first part of Password handling security issue2550688
(thanks Joseph Myers for reporting and Eli Collins for fixing)
Small change against original patch: We still accept plaintext passwords
(in known_schemes) when parsing encrypted password (e.g. from database).
This way existing databases with plaintext passwords continue to work (I
don't know of any, this would need patching on the users side) and all
regression tests pass.
| author | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
|---|---|
| date | Thu, 14 Apr 2011 12:24:59 +0000 |
| parents | 8137456a86f3 |
| children | 6e3e4f24c753 |
line wrap: on
line diff
--- a/test/test_security.py Thu Apr 14 09:21:23 2011 +0000 +++ b/test/test_security.py Thu Apr 14 12:24:59 2011 +0000 @@ -23,7 +23,7 @@ import os, unittest, shutil from roundup import backends -from roundup.password import Password +import roundup.password from db_test_base import setupSchema, MyTestCase, config class PermissionTest(MyTestCase): @@ -233,6 +233,10 @@ self.assertEquals(has(uimu, 'issue', 'messages.recipients'), 1) self.assertEquals(has(uimu, 'issue', 'messages.recipients.username'), 1) + # roundup.password has its own built-in test, call it. + def test_password(self): + roundup.password.test() + def test_suite(): suite = unittest.TestSuite() suite.addTest(unittest.makeSuite(PermissionTest))