tests: add check of password with 8bits characters

2015-04-11 21:32:57 +02:00 · 2015-04-11 21:32:57 +02:00 · 01bb7ef83c
parent 2a792d23d7
commit 01bb7ef83c
2 changed files with 46 additions and 2 deletions
--- a/tests/test_form_pages.py
+++ b/tests/test_form_pages.py
@ -1,4 +1,5 @@
 import pytest
+import hashlib

 from wcs.qommon.ident.password_accounts import PasswordAccount
 from wcs.formdef import FormDef
@ -17,6 +18,7 @@ def pytest_generate_tests(metafunc):
 def pub(request):
    pub = create_temporary_pub(sql_mode=(request.param == 'sql'))
    pub.cfg['identification'] = {'methods': ['password']}
+    pub.cfg['misc'] = {'charset': 'utf-8'}
    pub.write_cfg()

    if Category.count() == 0:
@ -469,3 +471,34 @@ def test_form_invalid_tracking_code(pub):
    resp = resp.forms[0].submit()
    assert resp.location == 'http://example.net/code/%s/load' % code.id
    resp = resp.follow(status=404)
+
+def form_password_field_submit(pub, password):
+    password = unicode(password).encode(pub.site_charset)
+    formdef = create_formdef()
+    formdef.fields = [fields.PasswordField(id='0', label='password',
+        formats=['sha1', 'md5', 'cleartext'])]
+    formdef.store()
+    page = get_app(pub).get('/test/')
+    formdef.data_class().wipe()
+    next_page = page.forms[0].submit('submit') # but the field is required
+    assert '<div class="error">required field</div>' in next_page.body
+    next_page.forms[0]['f0$pwd1'] = password
+    next_page.forms[0]['f0$pwd2'] = password
+    next_page = next_page.forms[0].submit('submit')
+    assert 'Check values then click submit.' in next_page.body
+    next_page = next_page.forms[0].submit('submit')
+    assert next_page.status_int == 302
+    next_page = next_page.follow()
+    assert 'The form has been recorded' in next_page.body
+    assert formdef.data_class().count() == 1
+    data_id = formdef.data_class().select()[0].id
+    data = formdef.data_class().get(data_id)
+    assert data.data == {'0': {
+        'sha1': hashlib.sha1(password).hexdigest(),
+        'md5': hashlib.md5(password).hexdigest(),
+        'cleartext': unicode(password, 'utf-8'),
+        }}
+
+def test_form_password_field_submit(pub):
+    form_password_field_submit(pub, 'foobar')
+    form_password_field_submit(pub, u'foobar\u00eb')
--- a/tests/test_register.py
+++ b/tests/test_register.py
@ -70,8 +70,8 @@ def do_user_registration(pub, username='foo', password='bar'):
    register_form = page.forms[0]
    register_form['username'] = username
    if password is not None:
-        register_form['password$pwd1'] = 'bar'
-        register_form['password$pwd2'] = 'bar'
+        register_form['password$pwd1'] = password
+        register_form['password$pwd2'] = password
    resp = register_form.submit()
    assert resp.status_int == 302
    assert resp.location == 'http://example.net/login'
@ -105,6 +105,17 @@ def test_user_password_hashing(pub):
    account = PasswordAccount.get('foo')
    assert account.password == hashlib.sha256('bar').hexdigest()

+def test_user_password_accents(pub):
+    pub.user_class.wipe()
+    PasswordAccount.wipe()
+    pub.cfg['passwords'] = {'generate': False, 'hashing_algo': None}
+    pub.write_cfg()
+    password = u'foo\u00eb'.encode('utf-8')
+    do_user_registration(pub, password=password)
+
+    account = PasswordAccount.get('foo')
+    assert account.password == password
+
 def test_admin_notification(pub):
    pub.cfg['identities'] = {'creation': 'self', 'notify-on-register': True}
    pub.write_cfg()