Refs #16860 -- Moved password_changed() logic to AbstractBaseUser.

Thanks Carl Meyer for review.
author: Tim Graham <timograham@gmail.com> 2015-07-06 18:12:26 -0400
committer: Tim Graham <timograham@gmail.com> 2015-07-20 13:44:26 -0400
commit: f5e9d67907510881c7f132d0a80e39f47caea5f6 (patch)
tree: bce7b04a9b9b243b456061defd19e520b936eafa /tests/auth_tests
parent: d7848c11e008ddeb036a95d389caa3b2c97b795e (diff)
2 files changed, 77 insertions, 8 deletions
diff --git a/tests/auth_tests/test_forms.py b/tests/auth_tests/test_forms.py
index 2771c09111..ab1cff3ea3 100644
--- a/tests/auth_tests/test_forms.py
+++ b/tests/auth_tests/test_forms.py
@@ -5,16 +5,16 @@ import re
 
 from django import forms
 from django.contrib.auth.forms import (
-    AuthenticationForm, PasswordChangeForm, PasswordResetForm,
-    ReadOnlyPasswordHashField, ReadOnlyPasswordHashWidget, SetPasswordForm,
-    UserChangeForm, UserCreationForm,
+    AdminPasswordChangeForm, AuthenticationForm, PasswordChangeForm,
+    PasswordResetForm, ReadOnlyPasswordHashField, ReadOnlyPasswordHashWidget,
+    SetPasswordForm, UserChangeForm, UserCreationForm,
 )
 from django.contrib.auth.models import User
 from django.contrib.sites.models import Site
 from django.core import mail
 from django.core.mail import EmailMultiAlternatives
 from django.forms.fields import CharField, Field
-from django.test import SimpleTestCase, TestCase, override_settings
+from django.test import SimpleTestCase, TestCase, mock, override_settings
 from django.utils import translation
 from django.utils.encoding import force_text
 from django.utils.text import capfirst
@@ -116,7 +116,8 @@ class UserCreationFormTest(TestDataMixin, TestCase):
         self.assertEqual(form['password1'].errors, required_error)
         self.assertEqual(form['password2'].errors, [])
 
-    def test_success(self):
+    @mock.patch('django.contrib.auth.password_validation.password_changed')
+    def test_success(self, password_changed):
         # The success case.
         data = {
             'username': 'jsmith@example.com',
@@ -125,7 +126,10 @@ class UserCreationFormTest(TestDataMixin, TestCase):
         }
         form = UserCreationForm(data)
         self.assertTrue(form.is_valid())
+        form.save(commit=False)
+        self.assertEqual(password_changed.call_count, 0)
         u = form.save()
+        self.assertEqual(password_changed.call_count, 1)
         self.assertEqual(repr(u), '<User: jsmith@example.com>')
 
 
@@ -254,7 +258,8 @@ class SetPasswordFormTest(TestDataMixin, TestCase):
         self.assertEqual(form["new_password2"].errors,
                          [force_text(form.error_messages['password_mismatch'])])
 
-    def test_success(self):
+    @mock.patch('django.contrib.auth.password_validation.password_changed')
+    def test_success(self, password_changed):
         user = User.objects.get(username='testclient')
         data = {
             'new_password1': 'abc123',
@@ -262,6 +267,10 @@ class SetPasswordFormTest(TestDataMixin, TestCase):
         }
         form = SetPasswordForm(user, data)
         self.assertTrue(form.is_valid())
+        form.save(commit=False)
+        self.assertEqual(password_changed.call_count, 0)
+        form.save()
+        self.assertEqual(password_changed.call_count, 1)
 
     @override_settings(AUTH_PASSWORD_VALIDATORS=[
         {'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'},
@@ -313,7 +322,8 @@ class PasswordChangeFormTest(TestDataMixin, TestCase):
         self.assertEqual(form["new_password2"].errors,
                          [force_text(form.error_messages['password_mismatch'])])
 
-    def test_success(self):
+    @mock.patch('django.contrib.auth.password_validation.password_changed')
+    def test_success(self, password_changed):
         # The success case.
         user = User.objects.get(username='testclient')
         data = {
@@ -323,6 +333,10 @@ class PasswordChangeFormTest(TestDataMixin, TestCase):
         }
         form = PasswordChangeForm(user, data)
         self.assertTrue(form.is_valid())
+        form.save(commit=False)
+        self.assertEqual(password_changed.call_count, 0)
+        form.save()
+        self.assertEqual(password_changed.call_count, 1)
 
     def test_field_order(self):
         # Regression test - check the order of fields:
@@ -586,3 +600,21 @@ class ReadOnlyPasswordHashTest(SimpleTestCase):
     def test_readonly_field_has_changed(self):
         field = ReadOnlyPasswordHashField()
         self.assertFalse(field.has_changed('aaa', 'bbb'))
+
+
+@override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'])
+class AdminPasswordChangeFormTest(TestDataMixin, TestCase):
+
+    @mock.patch('django.contrib.auth.password_validation.password_changed')
+    def test_success(self, password_changed):
+        user = User.objects.get(username='testclient')
+        data = {
+            'password1': 'test123',
+            'password2': 'test123',
+        }
+        form = AdminPasswordChangeForm(user, data)
+        self.assertTrue(form.is_valid())
+        form.save(commit=False)
+        self.assertEqual(password_changed.call_count, 0)
+        form.save()
+        self.assertEqual(password_changed.call_count, 1)
diff --git a/tests/auth_tests/test_models.py b/tests/auth_tests/test_models.py
index c02414b385..dd42e3b879 100644
--- a/tests/auth_tests/test_models.py
+++ b/tests/auth_tests/test_models.py
@@ -1,13 +1,15 @@
 import datetime
 
+from django.conf.global_settings import PASSWORD_HASHERS
 from django.contrib.auth import get_user_model
+from django.contrib.auth.hashers import get_hasher
 from django.contrib.auth.models import (
     AbstractUser, Group, Permission, User, UserManager,
 )
 from django.contrib.contenttypes.models import ContentType
 from django.core import mail
 from django.db.models.signals import post_save
-from django.test import TestCase, override_settings
+from django.test import TestCase, mock, override_settings
 
 
 @override_settings(USE_TZ=False)
@@ -216,6 +218,41 @@ class AbstractUserTestCase(TestCase):
         user2 = User.objects.create_user(username='user2')
         self.assertIsNone(user2.last_login)
 
+    def test_user_double_save(self):
+        """
+        Calling user.save() twice should trigger password_changed() once.
+        """
+        user = User.objects.create_user(username='user', password='foo')
+        user.set_password('bar')
+        with mock.patch('django.contrib.auth.password_validation.password_changed') as pw_changed:
+            user.save()
+            self.assertEqual(pw_changed.call_count, 1)
+            user.save()
+            self.assertEqual(pw_changed.call_count, 1)
+
+    @override_settings(PASSWORD_HASHERS=PASSWORD_HASHERS)
+    def test_check_password_upgrade(self):
+        """
+        password_changed() shouldn't be called if User.check_password()
+        triggers a hash iteration upgrade.
+        """
+        user = User.objects.create_user(username='user', password='foo')
+        initial_password = user.password
+        self.assertTrue(user.check_password('foo'))
+        hasher = get_hasher('default')
+        self.assertEqual('pbkdf2_sha256', hasher.algorithm)
+
+        old_iterations = hasher.iterations
+        try:
+            # Upgrade the password iterations
+            hasher.iterations = old_iterations + 1
+            with mock.patch('django.contrib.auth.password_validation.password_changed') as pw_changed:
+                user.check_password('foo')
+                self.assertEqual(pw_changed.call_count, 0)
+            self.assertNotEqual(initial_password, user.password)
+        finally:
+            hasher.iterations = old_iterations
+
 
 class IsActiveTestCase(TestCase):
     """
author	Tim Graham <timograham@gmail.com>	2015-07-06 18:12:26 -0400
committer	Tim Graham <timograham@gmail.com>	2015-07-20 13:44:26 -0400
commit	f5e9d67907510881c7f132d0a80e39f47caea5f6 (patch)
tree	bce7b04a9b9b243b456061defd19e520b936eafa /tests/auth_tests
parent	d7848c11e008ddeb036a95d389caa3b2c97b795e (diff)