newforms-admin: Fixed #6943 and #7263 -- Handle multiple e-mail addresses when checking if it was mistakenly entered. Also prevent e-mail guessing by checking password before throwing an error. Thanks Michael Newman and Valera Grishin.

git-svn-id: http://code.djangoproject.com/svn/django/branches/newforms-admin@7694 bcc190cf-cafb-0310-a4f2-bffc1f526a37
author: Brian Rosner <brosner@gmail.com> 2008-06-18 19:05:16 +0000
committer: Brian Rosner <brosner@gmail.com> 2008-06-18 19:05:16 +0000
commit: 308cef40680050f2617400bb729a9e9a1fc0835a (patch)
tree: 4d1bf42d6d3fe0e93b687ffcc32567a4ab2f5706 /tests/regressiontests
parent: 86a946a1a6be09e3d857f981313661565df3a449 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/tests/regressiontests/admin_views/tests.py b/tests/regressiontests/admin_views/tests.py
index 3e6b625ca3..f5f44842b0 100644
--- a/tests/regressiontests/admin_views/tests.py
+++ b/tests/regressiontests/admin_views/tests.py
@@ -49,6 +49,14 @@ class AdminViewPermissionsTest(TestCase):
                      LOGIN_FORM_KEY: 1,
                      'username': 'super',
                      'password': 'secret'}
+        self.super_email_login = {'post_data': _encode_post_data({}),
+                     LOGIN_FORM_KEY: 1,
+                     'username': 'super@example.com',
+                     'password': 'secret'}
+        self.super_email_bad_login = {'post_data': _encode_post_data({}),
+                      LOGIN_FORM_KEY: 1,
+                      'username': 'super@example.com',
+                      'password': 'notsecret'}
         self.adduser_login = {'post_data': _encode_post_data({}),
                      LOGIN_FORM_KEY: 1,
                      'username': 'adduser',
@@ -83,6 +91,21 @@ class AdminViewPermissionsTest(TestCase):
         self.assertFalse(login.context)
         self.client.get('/test_admin/admin/logout/')
         
+        # Test if user enters e-mail address
+        request = self.client.get('/test_admin/admin/')
+        self.failUnlessEqual(request.status_code, 200)
+        login = self.client.post('/test_admin/admin/', self.super_email_login)
+        print login
+        self.assertContains(login, "Your e-mail address is not your username")
+        # only correct passwords get a username hint
+        login = self.client.post('/test_admin/admin/', self.super_email_bad_login)
+        self.assertContains(login, "Usernames cannot contain the &#39;@&#39; character")
+        new_user = User(username='jondoe', password='secret', email='super@example.com')
+        new_user.save()
+        # check to ensure if there are multiple e-mail addresses a user doesn't get a 500
+        login = self.client.post('/test_admin/admin/', self.super_email_login)
+        self.assertContains(login, "Usernames cannot contain the &#39;@&#39; character")        
+        
         # Add User
         request = self.client.get('/test_admin/admin/')
         self.failUnlessEqual(request.status_code, 200)
author	Brian Rosner <brosner@gmail.com>	2008-06-18 19:05:16 +0000
committer	Brian Rosner <brosner@gmail.com>	2008-06-18 19:05:16 +0000
commit	308cef40680050f2617400bb729a9e9a1fc0835a (patch)
tree	4d1bf42d6d3fe0e93b687ffcc32567a4ab2f5706 /tests/regressiontests
parent	86a946a1a6be09e3d857f981313661565df3a449 (diff)