Fix missing password length check when change password (#3039) (#3071)

* fix missing password length check when change password

* add tests for change password
This commit is contained in:
Lunny Xiao 2017-12-03 09:49:25 +08:00 committed by GitHub
parent ce4a52c22c
commit 3d688bd2cc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 75 additions and 1 deletions

View file

@ -11,6 +11,7 @@ import (
"code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/context"
"github.com/go-macaron/session"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
macaron "gopkg.in/macaron.v1" macaron "gopkg.in/macaron.v1"
) )
@ -33,6 +34,9 @@ func MockContext(t *testing.T) *context.Context {
macaronContext.Render = &mockRender{ResponseWriter: macaronContext.Resp} macaronContext.Render = &mockRender{ResponseWriter: macaronContext.Resp}
return &context.Context{ return &context.Context{
Context: macaronContext, Context: macaronContext,
Flash: &session.Flash{
Values: make(url.Values),
},
} }
} }

View file

@ -223,7 +223,9 @@ func SettingsSecurityPost(ctx *context.Context, form auth.ChangePasswordForm) {
return return
} }
if ctx.User.IsPasswordSet() && !ctx.User.ValidatePassword(form.OldPassword) { if len(form.Password) < setting.MinPasswordLength {
ctx.Flash.Error(ctx.Tr("auth.password_too_short", setting.MinPasswordLength))
} else if ctx.User.IsPasswordSet() && !ctx.User.ValidatePassword(form.OldPassword) {
ctx.Flash.Error(ctx.Tr("settings.password_incorrect")) ctx.Flash.Error(ctx.Tr("settings.password_incorrect"))
} else if form.Password != form.Retype { } else if form.Password != form.Retype {
ctx.Flash.Error(ctx.Tr("form.password_not_match")) ctx.Flash.Error(ctx.Tr("form.password_not_match"))

View file

@ -0,0 +1,68 @@
// Copyright 2017 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package user
import (
"net/http"
"testing"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/test"
"github.com/stretchr/testify/assert"
)
func TestChangePassword(t *testing.T) {
oldPassword := "password"
setting.MinPasswordLength = 6
for _, req := range []struct {
OldPassword string
NewPassword string
Retype string
Message string
}{
{
OldPassword: oldPassword,
NewPassword: "123456",
Retype: "123456",
Message: "",
},
{
OldPassword: oldPassword,
NewPassword: "12345",
Retype: "12345",
Message: "auth.password_too_short",
},
{
OldPassword: "12334",
NewPassword: "123456",
Retype: "123456",
Message: "settings.password_incorrect",
},
{
OldPassword: oldPassword,
NewPassword: "123456",
Retype: "12345",
Message: "form.password_not_match",
},
} {
models.PrepareTestEnv(t)
ctx := test.MockContext(t, "user/settings/security")
test.LoadUser(t, ctx, 2)
test.LoadRepo(t, ctx, 1)
SettingsSecurityPost(ctx, auth.ChangePasswordForm{
OldPassword: req.OldPassword,
Password: req.NewPassword,
Retype: req.Retype,
})
assert.EqualValues(t, req.Message, ctx.Flash.ErrorMsg)
assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
}
}