From c6424efbc6114eeefe7ec7545de7e127ed189e92 Mon Sep 17 00:00:00 2001 From: Vincenzo Pandolfo Date: Mon, 14 Mar 2016 20:21:05 +0000 Subject: [1.9.x] Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields. Backport of d0fe6c915665fa3220e84bd691ba7002a357e5c5 from master --- tests/auth_tests/test_forms.py | 56 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) (limited to 'tests') diff --git a/tests/auth_tests/test_forms.py b/tests/auth_tests/test_forms.py index 918fe3801a..e902cdd339 100644 --- a/tests/auth_tests/test_forms.py +++ b/tests/auth_tests/test_forms.py @@ -169,6 +169,17 @@ class UserCreationFormTest(TestDataMixin, TestCase): form = CustomUserCreationForm(data) self.assertTrue(form.is_valid()) + def test_password_whitespace_not_stripped(self): + data = { + 'username': 'testuser', + 'password1': ' testpassword ', + 'password2': ' testpassword ', + } + form = UserCreationForm(data) + self.assertTrue(form.is_valid()) + self.assertEqual(form.cleaned_data['password1'], data['password1']) + self.assertEqual(form.cleaned_data['password2'], data['password2']) + @override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher']) class AuthenticationFormTest(TestDataMixin, TestCase): @@ -279,6 +290,15 @@ class AuthenticationFormTest(TestDataMixin, TestCase): form = CustomAuthenticationForm() self.assertEqual(form.fields['username'].label, "") + def test_password_whitespace_not_stripped(self): + data = { + 'username': 'testuser', + 'password': ' pass ', + } + form = AuthenticationForm(None, data) + form.is_valid() # Not necessary to have valid credentails for the test. + self.assertEqual(form.cleaned_data['password'], data['password']) + @override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher']) class SetPasswordFormTest(TestDataMixin, TestCase): @@ -330,6 +350,17 @@ class SetPasswordFormTest(TestDataMixin, TestCase): form["new_password2"].errors ) + def test_password_whitespace_not_stripped(self): + user = User.objects.get(username='testclient') + data = { + 'new_password1': ' password ', + 'new_password2': ' password ', + } + form = SetPasswordForm(user, data) + self.assertTrue(form.is_valid()) + self.assertEqual(form.cleaned_data['new_password1'], data['new_password1']) + self.assertEqual(form.cleaned_data['new_password2'], data['new_password2']) + @override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher']) class PasswordChangeFormTest(TestDataMixin, TestCase): @@ -381,6 +412,20 @@ class PasswordChangeFormTest(TestDataMixin, TestCase): self.assertEqual(list(PasswordChangeForm(user, {}).fields), ['old_password', 'new_password1', 'new_password2']) + def test_password_whitespace_not_stripped(self): + user = User.objects.get(username='testclient') + user.set_password(' oldpassword ') + data = { + 'old_password': ' oldpassword ', + 'new_password1': ' pass ', + 'new_password2': ' pass ', + } + form = PasswordChangeForm(user, data) + self.assertTrue(form.is_valid()) + self.assertEqual(form.cleaned_data['old_password'], data['old_password']) + self.assertEqual(form.cleaned_data['new_password1'], data['new_password1']) + self.assertEqual(form.cleaned_data['new_password2'], data['new_password2']) + @override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher']) class UserChangeFormTest(TestDataMixin, TestCase): @@ -673,3 +718,14 @@ class AdminPasswordChangeFormTest(TestDataMixin, TestCase): self.assertEqual(password_changed.call_count, 0) form.save() self.assertEqual(password_changed.call_count, 1) + + def test_password_whitespace_not_stripped(self): + user = User.objects.get(username='testclient') + data = { + 'password1': ' pass ', + 'password2': ' pass ', + } + form = AdminPasswordChangeForm(user, data) + self.assertTrue(form.is_valid()) + self.assertEqual(form.cleaned_data['password1'], data['password1']) + self.assertEqual(form.cleaned_data['password2'], data['password2']) -- cgit v1.3