summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorMariusz Felisiak <felisiak.mariusz@gmail.com>2023-10-17 11:48:32 +0200
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2023-11-01 06:18:00 +0100
commitbb71d34551207b2472c493655d0d7f3b2975d686 (patch)
tree006d7151a31f44a20fa5e745e329854eb2746c3d /tests
parentacd4595ab0c9bbe852fda348fe0b10376cbafdbd (diff)
[5.0.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows.
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
Diffstat (limited to 'tests')
-rw-r--r--tests/auth_tests/test_forms.py7
1 files changed, 7 insertions, 0 deletions
diff --git a/tests/auth_tests/test_forms.py b/tests/auth_tests/test_forms.py
index 7a80adbf31..81c56a428e 100644
--- a/tests/auth_tests/test_forms.py
+++ b/tests/auth_tests/test_forms.py
@@ -14,6 +14,7 @@ from django.contrib.auth.forms import (
SetPasswordForm,
UserChangeForm,
UserCreationForm,
+ UsernameField,
)
from django.contrib.auth.models import User
from django.contrib.auth.signals import user_login_failed
@@ -154,6 +155,12 @@ class BaseUserCreationFormTest(TestDataMixin, TestCase):
self.assertNotEqual(user.username, ohm_username)
self.assertEqual(user.username, "testΩ") # U+03A9 GREEK CAPITAL LETTER OMEGA
+ def test_invalid_username_no_normalize(self):
+ field = UsernameField(max_length=254)
+ # Usernames are not normalized if they are too long.
+ self.assertEqual(field.to_python("½" * 255), "½" * 255)
+ self.assertEqual(field.to_python("ff" * 254), "ff" * 254)
+
def test_duplicate_normalized_unicode(self):
"""
To prevent almost identical usernames, visually identical but differing