Fix missing password length check when change password (#3039)
* fix missing password length check when change password * add tests for change password
This commit is contained in:
parent
35cc5b0402
commit
b3d5ba6f90
3 changed files with 74 additions and 2 deletions
|
@ -34,7 +34,9 @@ func MockContext(t *testing.T, path string) *context.Context {
|
||||||
macaronContext.Data = map[string]interface{}{}
|
macaronContext.Data = map[string]interface{}{}
|
||||||
return &context.Context{
|
return &context.Context{
|
||||||
Context: &macaronContext,
|
Context: &macaronContext,
|
||||||
Flash: &session.Flash{},
|
Flash: &session.Flash{
|
||||||
|
Values: make(url.Values),
|
||||||
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -222,7 +222,9 @@ func SettingsSecurityPost(ctx *context.Context, form auth.ChangePasswordForm) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if ctx.User.IsPasswordSet() && !ctx.User.ValidatePassword(form.OldPassword) {
|
if len(form.Password) < setting.MinPasswordLength {
|
||||||
|
ctx.Flash.Error(ctx.Tr("auth.password_too_short", setting.MinPasswordLength))
|
||||||
|
} else if ctx.User.IsPasswordSet() && !ctx.User.ValidatePassword(form.OldPassword) {
|
||||||
ctx.Flash.Error(ctx.Tr("settings.password_incorrect"))
|
ctx.Flash.Error(ctx.Tr("settings.password_incorrect"))
|
||||||
} else if form.Password != form.Retype {
|
} else if form.Password != form.Retype {
|
||||||
ctx.Flash.Error(ctx.Tr("form.password_not_match"))
|
ctx.Flash.Error(ctx.Tr("form.password_not_match"))
|
||||||
|
|
68
routers/user/setting_test.go
Normal file
68
routers/user/setting_test.go
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
// Copyright 2017 The Gitea Authors. All rights reserved.
|
||||||
|
// Use of this source code is governed by a MIT-style
|
||||||
|
// license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
package user
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/models"
|
||||||
|
"code.gitea.io/gitea/modules/auth"
|
||||||
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
"code.gitea.io/gitea/modules/test"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestChangePassword(t *testing.T) {
|
||||||
|
oldPassword := "password"
|
||||||
|
setting.MinPasswordLength = 6
|
||||||
|
|
||||||
|
for _, req := range []struct {
|
||||||
|
OldPassword string
|
||||||
|
NewPassword string
|
||||||
|
Retype string
|
||||||
|
Message string
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
OldPassword: oldPassword,
|
||||||
|
NewPassword: "123456",
|
||||||
|
Retype: "123456",
|
||||||
|
Message: "",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
OldPassword: oldPassword,
|
||||||
|
NewPassword: "12345",
|
||||||
|
Retype: "12345",
|
||||||
|
Message: "auth.password_too_short",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
OldPassword: "12334",
|
||||||
|
NewPassword: "123456",
|
||||||
|
Retype: "123456",
|
||||||
|
Message: "settings.password_incorrect",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
OldPassword: oldPassword,
|
||||||
|
NewPassword: "123456",
|
||||||
|
Retype: "12345",
|
||||||
|
Message: "form.password_not_match",
|
||||||
|
},
|
||||||
|
} {
|
||||||
|
models.PrepareTestEnv(t)
|
||||||
|
ctx := test.MockContext(t, "user/settings/security")
|
||||||
|
test.LoadUser(t, ctx, 2)
|
||||||
|
test.LoadRepo(t, ctx, 1)
|
||||||
|
|
||||||
|
SettingsSecurityPost(ctx, auth.ChangePasswordForm{
|
||||||
|
OldPassword: req.OldPassword,
|
||||||
|
Password: req.NewPassword,
|
||||||
|
Retype: req.Retype,
|
||||||
|
})
|
||||||
|
|
||||||
|
assert.EqualValues(t, req.Message, ctx.Flash.ErrorMsg)
|
||||||
|
assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
|
||||||
|
}
|
||||||
|
}
|
Reference in a new issue