Fixed #26175 -- Removed SHA1 password hashes in tests.

author: Tim Graham <timograham@gmail.com> 2016-02-05 15:56:52 -0500
committer: Tim Graham <timograham@gmail.com> 2016-02-06 08:47:21 -0500
commit: 015fad9060a8a6fb273a33b8e8457e504ed26131 (patch)
tree: dc56db72ffaea2acbe5925a10c95021f7a26df39 /tests/auth_tests
parent: f8e865d78f9acb1ad976cffffb207d66ff8cef72 (diff)
7 files changed, 32 insertions, 184 deletions
diff --git a/tests/auth_tests/test_context_processors.py b/tests/auth_tests/test_context_processors.py
index 10f4d81612..3a8d800c74 100644
--- a/tests/auth_tests/test_context_processors.py
+++ b/tests/auth_tests/test_context_processors.py
@@ -1,5 +1,3 @@
-import datetime
-
 from django.contrib.auth import authenticate
 from django.contrib.auth.context_processors import PermLookupDict, PermWrapper
 from django.contrib.auth.models import Permission, User
@@ -59,12 +57,7 @@ class PermWrapperTests(SimpleTestCase):
             self.EQLimiterObject() in pldict
 
 
-@override_settings(
-    PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'],
-    ROOT_URLCONF='auth_tests.urls',
-    TEMPLATES=AUTH_TEMPLATES,
-    USE_TZ=False,                           # required for loading the fixture
-)
+@override_settings(ROOT_URLCONF='auth_tests.urls', TEMPLATES=AUTH_TEMPLATES)
 class AuthContextProcessorTests(TestCase):
     """
     Tests for the ``django.contrib.auth.context_processors.auth`` processor
@@ -72,13 +65,7 @@ class AuthContextProcessorTests(TestCase):
 
     @classmethod
     def setUpTestData(cls):
-        # password = "secret"
-        cls.u1 = User.objects.create(
-            password='sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158',
-            last_login=datetime.datetime(2007, 5, 30, 13, 20, 10), is_superuser=True, username='super',
-            first_name='Super', last_name='User', email='super@example.com',
-            is_staff=True, is_active=True, date_joined=datetime.datetime(2007, 5, 30, 13, 20, 10)
-        )
+        cls.superuser = User.objects.create_superuser(username='super', password='secret', email='super@example.com')
 
     @override_settings(MIDDLEWARE_CLASSES=AUTH_MIDDLEWARE_CLASSES)
     def test_session_not_accessed(self):
@@ -104,7 +91,7 @@ class AuthContextProcessorTests(TestCase):
             Permission.objects.get(
                 content_type=ContentType.objects.get_for_model(Permission),
                 codename='add_permission'))
-        self.client.login(username='normal', password='secret')
+        self.client.force_login(u)
         response = self.client.get('/auth_processor_perms/')
         self.assertContains(response, "Has auth permissions")
         self.assertContains(response, "Has auth.add_permission permissions")
@@ -123,7 +110,7 @@ class AuthContextProcessorTests(TestCase):
         self.assertNotContains(response, "nonexisting")
 
     def test_message_attrs(self):
-        self.client.login(username='super', password='secret')
+        self.client.force_login(self.superuser)
         response = self.client.get('/auth_processor_messages/')
         self.assertContains(response, "Message 1")
 
@@ -138,7 +125,7 @@ class AuthContextProcessorTests(TestCase):
         user = authenticate(username='super', password='secret')
         response = self.client.get('/auth_processor_user/')
         self.assertContains(response, "unicode: super")
-        self.assertContains(response, "id: %d" % self.u1.pk)
+        self.assertContains(response, "id: %d" % self.superuser.pk)
         self.assertContains(response, "username: super")
         # bug #12037 is tested by the {% url %} in the template:
         self.assertContains(response, "url: /userpage/super/")
diff --git a/tests/auth_tests/test_forms.py b/tests/auth_tests/test_forms.py
index 79f0f65628..1885326cf9 100644
--- a/tests/auth_tests/test_forms.py
+++ b/tests/auth_tests/test_forms.py
@@ -1,6 +1,5 @@
 from __future__ import unicode_literals
 
-import datetime
 import re
 
 from django import forms
@@ -27,44 +26,14 @@ class TestDataMixin(object):
 
     @classmethod
     def setUpTestData(cls):
-        cls.u1 = User.objects.create(
-            password='sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161',
-            last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False, username='testclient',
-            first_name='Test', last_name='Client', email='testclient@example.com', is_staff=False, is_active=True,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-        cls.u2 = User.objects.create(
-            password='sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161',
-            last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False, username='inactive',
-            first_name='Inactive', last_name='User', email='testclient2@example.com', is_staff=False, is_active=False,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-        cls.u3 = User.objects.create(
-            password='sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161',
-            last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False, username='staff',
-            first_name='Staff', last_name='Member', email='staffmember@example.com', is_staff=True, is_active=True,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-        cls.u4 = User.objects.create(
-            password='', last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False,
-            username='empty_password', first_name='Empty', last_name='Password', email='empty_password@example.com',
-            is_staff=False, is_active=True, date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-        cls.u5 = User.objects.create(
-            password='$', last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False,
-            username='unmanageable_password', first_name='Unmanageable', last_name='Password',
-            email='unmanageable_password@example.com', is_staff=False, is_active=True,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-        cls.u6 = User.objects.create(
-            password='foo$bar', last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False,
-            username='unknown_password', first_name='Unknown', last_name='Password',
-            email='unknown_password@example.com', is_staff=False, is_active=True,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
+        cls.u1 = User.objects.create_user(username='testclient', password='password', email='testclient@example.com')
+        cls.u2 = User.objects.create_user(username='inactive', password='password', is_active=False)
+        cls.u3 = User.objects.create_user(username='staff', password='password')
+        cls.u4 = User.objects.create(username='empty_password', password='')
+        cls.u5 = User.objects.create(username='unmanageable_password', password='$')
+        cls.u6 = User.objects.create(username='unknown_password', password='foo$bar')
 
 
-@override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'])
 class UserCreationFormTest(TestDataMixin, TestCase):
 
     def test_user_already_exists(self):
@@ -154,7 +123,6 @@ class UserCreationFormTest(TestDataMixin, TestCase):
         )
 
 
-@override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'])
 class AuthenticationFormTest(TestDataMixin, TestCase):
 
     def test_invalid_username(self):
@@ -264,7 +232,6 @@ class AuthenticationFormTest(TestDataMixin, TestCase):
         self.assertEqual(form.fields['username'].label, "")
 
 
-@override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'])
 class SetPasswordFormTest(TestDataMixin, TestCase):
 
     def test_password_verification(self):
@@ -315,7 +282,6 @@ class SetPasswordFormTest(TestDataMixin, TestCase):
         )
 
 
-@override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'])
 class PasswordChangeFormTest(TestDataMixin, TestCase):
 
     def test_incorrect_password(self):
@@ -366,7 +332,6 @@ class PasswordChangeFormTest(TestDataMixin, TestCase):
                          ['old_password', 'new_password1', 'new_password2'])
 
 
-@override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'])
 class UserChangeFormTest(TestDataMixin, TestCase):
 
     def test_username_validity(self):
@@ -431,7 +396,8 @@ class UserChangeFormTest(TestDataMixin, TestCase):
         form = UserChangeForm(instance=user, data=post_data)
 
         self.assertTrue(form.is_valid())
-        self.assertEqual(form.cleaned_data['password'], 'sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161')
+        # original hashed password contains $
+        self.assertIn('$', form.cleaned_data['password'])
 
     def test_bug_19349_bound_password_field(self):
         user = User.objects.get(username='testclient')
@@ -442,11 +408,7 @@ class UserChangeFormTest(TestDataMixin, TestCase):
         self.assertEqual(form.initial['password'], form['password'].value())
 
 
-@override_settings(
-    PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'],
-    TEMPLATES=AUTH_TEMPLATES,
-    USE_TZ=False,
-)
+@override_settings(TEMPLATES=AUTH_TEMPLATES)
 class PasswordResetFormTest(TestDataMixin, TestCase):
 
     @classmethod
@@ -623,7 +585,6 @@ class ReadOnlyPasswordHashTest(SimpleTestCase):
         self.assertFalse(field.has_changed('aaa', 'bbb'))
 
 
-@override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'])
 class AdminPasswordChangeFormTest(TestDataMixin, TestCase):
 
     @mock.patch('django.contrib.auth.password_validation.password_changed')
diff --git a/tests/auth_tests/test_models.py b/tests/auth_tests/test_models.py
index e5b00f5f29..8f8f3ff900 100644
--- a/tests/auth_tests/test_models.py
+++ b/tests/auth_tests/test_models.py
@@ -1,5 +1,3 @@
-import datetime
-
 from django.conf.global_settings import PASSWORD_HASHERS
 from django.contrib.auth import get_user_model
 from django.contrib.auth.hashers import get_hasher
@@ -12,49 +10,10 @@ from django.db.models.signals import post_save
 from django.test import TestCase, mock, override_settings
 
 
-@override_settings(USE_TZ=False)
 class NaturalKeysTestCase(TestCase):
 
-    @classmethod
-    def setUpTestData(cls):
-        cls.u1 = User.objects.create(
-            password='sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161',
-            last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False, username='testclient',
-            first_name='Test', last_name='Client', email='testclient@example.com', is_staff=False, is_active=True,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-        cls.u2 = User.objects.create(
-            password='sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161',
-            last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False, username='inactive',
-            first_name='Inactive', last_name='User', email='testclient2@example.com', is_staff=False, is_active=False,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-        cls.u3 = User.objects.create(
-            password='sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161',
-            last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False, username='staff',
-            first_name='Staff', last_name='Member', email='staffmember@example.com', is_staff=True, is_active=True,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-        cls.u4 = User.objects.create(
-            password='', last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False,
-            username='empty_password', first_name='Empty', last_name='Password', email='empty_password@example.com',
-            is_staff=False, is_active=True, date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-        cls.u5 = User.objects.create(
-            password='$', last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False,
-            username='unmanageable_password', first_name='Unmanageable', last_name='Password',
-            email='unmanageable_password@example.com', is_staff=False, is_active=True,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-        cls.u6 = User.objects.create(
-            password='foo$bar', last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False,
-            username='unknown_password', first_name='Unknown', last_name='Password',
-            email='unknown_password@example.com', is_staff=False, is_active=True,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-
     def test_user_natural_key(self):
-        staff_user = User.objects.get(username='staff')
+        staff_user = User.objects.create_user(username='staff')
         self.assertEqual(User.objects.get_by_natural_key('staff'), staff_user)
         self.assertEqual(staff_user.natural_key(), ('staff',))
 
@@ -63,7 +22,6 @@ class NaturalKeysTestCase(TestCase):
         self.assertEqual(Group.objects.get_by_natural_key('users'), users_group)
 
 
-@override_settings(USE_TZ=False)
 class LoadDataWithoutNaturalKeysTestCase(TestCase):
     fixtures = ['regular.json']
 
@@ -73,7 +31,6 @@ class LoadDataWithoutNaturalKeysTestCase(TestCase):
         self.assertEqual(group, user.groups.get())
 
 
-@override_settings(USE_TZ=False)
 class LoadDataWithNaturalKeysTestCase(TestCase):
     fixtures = ['natural.json']
 
diff --git a/tests/auth_tests/test_signals.py b/tests/auth_tests/test_signals.py
index e81c202211..b559fb53ce 100644
--- a/tests/auth_tests/test_signals.py
+++ b/tests/auth_tests/test_signals.py
@@ -1,30 +1,16 @@
-import datetime
-
 from django.contrib.auth import signals
 from django.contrib.auth.models import User
 from django.test import TestCase, override_settings
 from django.test.client import RequestFactory
 
 
-@override_settings(USE_TZ=False,
-    PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'],
-    ROOT_URLCONF='auth_tests.urls')
+@override_settings(ROOT_URLCONF='auth_tests.urls')
 class SignalTestCase(TestCase):
 
     @classmethod
     def setUpTestData(cls):
-        cls.u1 = User.objects.create(
-            password='sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161',
-            last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False, username='testclient',
-            first_name='Test', last_name='Client', email='testclient@example.com', is_staff=False, is_active=True,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-        cls.u3 = User.objects.create(
-            password='sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161',
-            last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False, username='staff',
-            first_name='Staff', last_name='Member', email='staffmember@example.com', is_staff=True, is_active=True,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
+        cls.u1 = User.objects.create_user(username='testclient', password='password')
+        cls.u3 = User.objects.create_user(username='staff', password='password')
 
     def listener_login(self, user, **kwargs):
         self.logged_in.append(user)
@@ -87,8 +73,7 @@ class SignalTestCase(TestCase):
 
         user.username = "This username shouldn't get saved"
         request = RequestFactory().get('/login')
-        signals.user_logged_in.send(sender=user.__class__, request=request,
-            user=user)
-        user = User.objects.get(pk=self.u3.pk)
+        signals.user_logged_in.send(sender=user.__class__, request=request, user=user)
+        user.refresh_from_db()
         self.assertEqual(user.username, 'staff')
         self.assertNotEqual(user.last_login, old_last_login)
diff --git a/tests/auth_tests/test_templates.py b/tests/auth_tests/test_templates.py
index 75c4e8b784..781ffcb735 100644
--- a/tests/auth_tests/test_templates.py
+++ b/tests/auth_tests/test_templates.py
@@ -10,10 +10,7 @@ from django.utils.encoding import force_bytes, force_text
 from django.utils.http import urlsafe_base64_encode
 
 
-@override_settings(
-    PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'],
-    ROOT_URLCONF='auth_tests.urls',
-)
+@override_settings(ROOT_URLCONF='auth_tests.urls')
 class AuthTemplateTests(TestCase):
 
     def test_titles(self):
diff --git a/tests/auth_tests/test_validators.py b/tests/auth_tests/test_validators.py
index a9f47eac1f..5d758cd342 100644
--- a/tests/auth_tests/test_validators.py
+++ b/tests/auth_tests/test_validators.py
@@ -97,9 +97,9 @@ class MinimumLengthValidatorTest(TestCase):
 
 class UserAttributeSimilarityValidatorTest(TestCase):
     def test_validate(self):
-        user = User.objects.create(
-            username='testclient', first_name='Test', last_name='Client', email='testclient@example.com',
-            password='sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161',
+        user = User.objects.create_user(
+            username='testclient', password='password', email='testclient@example.com',
+            first_name='Test', last_name='Client',
         )
         expected_error = "The password is too similar to the %s."
 
diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py
index 336e9a1482..7fd493ca34 100644
--- a/tests/auth_tests/test_views.py
+++ b/tests/auth_tests/test_views.py
@@ -35,13 +35,9 @@ from .settings import AUTH_TEMPLATES
 
 
 @override_settings(
-    LANGUAGES=[
-        ('en', 'English'),
-    ],
+    LANGUAGES=[('en', 'English')],
     LANGUAGE_CODE='en',
     TEMPLATES=AUTH_TEMPLATES,
-    USE_TZ=False,
-    PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'],
     ROOT_URLCONF='auth_tests.urls',
 )
 class AuthViewsTestCase(TestCase):
@@ -51,41 +47,8 @@ class AuthViewsTestCase(TestCase):
 
     @classmethod
     def setUpTestData(cls):
-        cls.u1 = User.objects.create(
-            password='sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161',
-            last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False, username='testclient',
-            first_name='Test', last_name='Client', email='testclient@example.com', is_staff=False, is_active=True,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-        cls.u2 = User.objects.create(
-            password='sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161',
-            last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False, username='inactive',
-            first_name='Inactive', last_name='User', email='testclient2@example.com', is_staff=False, is_active=False,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-        cls.u3 = User.objects.create(
-            password='sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161',
-            last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False, username='staff',
-            first_name='Staff', last_name='Member', email='staffmember@example.com', is_staff=True, is_active=True,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-        cls.u4 = User.objects.create(
-            password='', last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False,
-            username='empty_password', first_name='Empty', last_name='Password', email='empty_password@example.com',
-            is_staff=False, is_active=True, date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-        cls.u5 = User.objects.create(
-            password='$', last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False,
-            username='unmanageable_password', first_name='Unmanageable', last_name='Password',
-            email='unmanageable_password@example.com', is_staff=False, is_active=True,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
-        cls.u6 = User.objects.create(
-            password='foo$bar', last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), is_superuser=False,
-            username='unknown_password', first_name='Unknown', last_name='Password',
-            email='unknown_password@example.com', is_staff=False, is_active=True,
-            date_joined=datetime.datetime(2006, 12, 17, 7, 3, 31)
-        )
+        cls.u1 = User.objects.create_user(username='testclient', password='password', email='testclient@example.com')
+        cls.u3 = User.objects.create_user(username='staff', password='password', email='staffmember@example.com')
 
     def login(self, username='testclient', password='password'):
         response = self.client.post('/login/', {
@@ -373,10 +336,11 @@ class CustomUserPasswordResetTest(AuthViewsTestCase):
     @classmethod
     def setUpTestData(cls):
         cls.u1 = CustomUser.custom_objects.create(
-            password='sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161',
-            last_login=datetime.datetime(2006, 12, 17, 7, 3, 31), email='staffmember@example.com', is_active=True,
-            is_admin=False, date_of_birth=datetime.date(1976, 11, 8)
+            email='staffmember@example.com',
+            date_of_birth=datetime.date(1976, 11, 8),
         )
+        cls.u1.set_password('password')
+        cls.u1.save()
 
     def _test_confirm_start(self):
         # Start by creating the email
@@ -892,10 +856,7 @@ class LogoutTest(AuthViewsTestCase):
 
 # Redirect in test_user_change_password will fail if session auth hash
 # isn't updated after password change (#21649)
-@override_settings(
-    PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'],
-    ROOT_URLCONF='auth_tests.urls_admin',
-)
+@override_settings(ROOT_URLCONF='auth_tests.urls_admin')
 class ChangelistTests(AuthViewsTestCase):
 
     def setUp(self):
author	Tim Graham <timograham@gmail.com>	2016-02-05 15:56:52 -0500
committer	Tim Graham <timograham@gmail.com>	2016-02-06 08:47:21 -0500
commit	015fad9060a8a6fb273a33b8e8457e504ed26131 (patch)
tree	dc56db72ffaea2acbe5925a10c95021f7a26df39 /tests/auth_tests
parent	f8e865d78f9acb1ad976cffffb207d66ff8cef72 (diff)