From a96b981d84367fd41b1df40adf3ac9ca71a741dd Mon Sep 17 00:00:00 2001 From: Andrew Pinkham Date: Tue, 25 Apr 2017 15:26:58 -0400 Subject: Fixed #28127 -- Allowed UserCreationForm's password validation to check all user fields. --- tests/auth_tests/test_forms.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'tests') diff --git a/tests/auth_tests/test_forms.py b/tests/auth_tests/test_forms.py index 05f1f41961..e5cd05d0d8 100644 --- a/tests/auth_tests/test_forms.py +++ b/tests/auth_tests/test_forms.py @@ -239,6 +239,28 @@ class UserCreationFormTest(TestDataMixin, TestCase): '' ) + @override_settings(AUTH_PASSWORD_VALIDATORS=[ + {'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'}, + ]) + def test_user_create_form_validates_password_with_all_data(self): + """UserCreationForm password validation uses all of the form's data.""" + class CustomUserCreationForm(UserCreationForm): + class Meta(UserCreationForm.Meta): + model = User + fields = ('username', 'email', 'first_name', 'last_name') + form = CustomUserCreationForm({ + 'username': 'testuser', + 'password1': 'testpassword', + 'password2': 'testpassword', + 'first_name': 'testpassword', + 'last_name': 'lastname', + }) + self.assertFalse(form.is_valid()) + self.assertEqual( + form.errors['password2'], + ['The password is too similar to the first name.'], + ) + # To verify that the login form rejects inactive users, use an authentication # backend that allows them. -- cgit v1.3