Mercurial > p > roundup > code
diff test/test_cgi.py @ 4484:52e13bf0bb40
Add new config-option 'migrate_passwords' in section 'web'...
...to auto-migrate passwords at web-login time. Default for the new
option is "yes" so if you don't want that passwords are auto-migrated
to a more secure password scheme on user login, set this to "no"
before running your tracker(s) after the upgrade.
| author | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
|---|---|
| date | Thu, 14 Apr 2011 18:10:58 +0000 |
| parents | 17f796a78647 |
| children | 95aace124a8e |
line wrap: on
line diff
--- a/test/test_cgi.py Thu Apr 14 15:42:41 2011 +0000 +++ b/test/test_cgi.py Thu Apr 14 18:10:58 2011 +0000 @@ -425,6 +425,30 @@ ':confirm:password': ''}, 'user', nodeid), ({('user', nodeid): {}}, [])) + def testPasswordMigration(self): + chef = self.db.user.lookup('Chef') + form = dict(__login_name='Chef', __login_password='foo') + cl = self._make_client(form) + # assume that the "best" algorithm is the first one and doesn't + # need migration, all others should be migrated. + for scheme in password.Password.known_schemes[1:]: + pw1 = password.Password('foo', scheme=scheme) + self.assertEqual(pw1.needs_migration(), True) + self.db.user.set(chef, password=pw1) + self.db.commit() + actions.LoginAction(cl).handle() + pw = self.db.user.get(chef, 'password') + self.assertEqual(pw, 'foo') + self.assertEqual(pw.needs_migration(), False) + pw1 = pw + self.assertEqual(pw1.needs_migration(), False) + scheme = password.Password.known_schemes[0] + self.assertEqual(scheme, pw1.scheme) + actions.LoginAction(cl).handle() + pw = self.db.user.get(chef, 'password') + self.assertEqual(pw, 'foo') + self.assertEqual(pw, pw1) + # # Boolean #