From d75620654193858abb346bbb10cd23a81b47219d Mon Sep 17 00:00:00 2001 From: Jonathan Sandoval Date: Thu, 7 Apr 2016 11:55:45 -0500 Subject: [PATCH 1/3] Test with short and long username --- mediagoblin/tests/test_auth.py | 46 +++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/mediagoblin/tests/test_auth.py b/mediagoblin/tests/test_auth.py index cb971fdb..544cf4e0 100644 --- a/mediagoblin/tests/test_auth.py +++ b/mediagoblin/tests/test_auth.py @@ -1,4 +1,3 @@ - # GNU MediaGoblin -- federated, autonomous media hosting # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. # @@ -373,6 +372,51 @@ def test_authentication_views(test_app): assert not form.username.data == u'ANDREW' assert form.username.data == u'andrew' + # Successful login with short user + # ---------------- + short_user = fixture_add_user(username=u'me', password=u'sho') + template.clear_test_template_context() + response = test_app.post( + '/auth/login/', { + 'username': u'me', + 'password': 'sho'}) + + context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html'] + form = context['login_form'] + # User should be redirected + print('errors are', form.username.errors) + response.follow() + assert urlparse.urlsplit(response.location)[2] == '/' + assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT + + # Make sure user is in the session + context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html'] + session = context['request'].session + assert session['user_id'] == six.text_type(short_user.id) + + # Successful login with long user + # ---------------- + long_user = fixture_add_user( + username=u'realllylonguser@reallylongdomain.com.co', password=u'sho') + template.clear_test_template_context() + response = test_app.post( + '/auth/login/', { + 'username': u'me', + 'password': 'sho'}) + + context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html'] + form = context['login_form'] + # User should be redirected + print('errors are', form.username.errors) + response.follow() + assert urlparse.urlsplit(response.location)[2] == '/' + assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT + + # Make sure user is in the session + context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html'] + session = context['request'].session + assert session['user_id'] == six.text_type(short_user.id) + @pytest.fixture() def authentication_disabled_app(request): return get_app( From bf2f121a83bc646f43fe1214e4aab038b8487eda Mon Sep 17 00:00:00 2001 From: Jonathan Sandoval Date: Thu, 7 Apr 2016 16:29:15 -0500 Subject: [PATCH 2/3] Tests for short and long usernames. --- mediagoblin/tests/test_auth.py | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/mediagoblin/tests/test_auth.py b/mediagoblin/tests/test_auth.py index 544cf4e0..618d02b6 100644 --- a/mediagoblin/tests/test_auth.py +++ b/mediagoblin/tests/test_auth.py @@ -373,7 +373,7 @@ def test_authentication_views(test_app): assert form.username.data == u'andrew' # Successful login with short user - # ---------------- + # -------------------------------- short_user = fixture_add_user(username=u'me', password=u'sho') template.clear_test_template_context() response = test_app.post( @@ -381,11 +381,9 @@ def test_authentication_views(test_app): 'username': u'me', 'password': 'sho'}) - context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html'] - form = context['login_form'] # User should be redirected - print('errors are', form.username.errors) response.follow() + assert urlparse.urlsplit(response.location)[2] == '/' assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT @@ -394,6 +392,10 @@ def test_authentication_views(test_app): session = context['request'].session assert session['user_id'] == six.text_type(short_user.id) + # Must logout + template.clear_test_template_context() + response = test_app.get('/auth/logout/') + # Successful login with long user # ---------------- long_user = fixture_add_user( @@ -401,13 +403,10 @@ def test_authentication_views(test_app): template.clear_test_template_context() response = test_app.post( '/auth/login/', { - 'username': u'me', + 'username': u'realllylonguser@reallylongdomain.com.co', 'password': 'sho'}) - context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html'] - form = context['login_form'] # User should be redirected - print('errors are', form.username.errors) response.follow() assert urlparse.urlsplit(response.location)[2] == '/' assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT @@ -415,7 +414,10 @@ def test_authentication_views(test_app): # Make sure user is in the session context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html'] session = context['request'].session - assert session['user_id'] == six.text_type(short_user.id) + assert session['user_id'] == six.text_type(long_user.id) + + template.clear_test_template_context() + response = test_app.get('/auth/logout/') @pytest.fixture() def authentication_disabled_app(request): From 4106eef3a4e8764a1a89956046b01ebacec017a9 Mon Sep 17 00:00:00 2001 From: Jonathan Sandoval Date: Thu, 7 Apr 2016 16:34:00 -0500 Subject: [PATCH 3/3] No length check for login form --- mediagoblin/auth/tools.py | 18 ++++++++++++------ mediagoblin/plugins/basic_auth/forms.py | 2 +- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py index 9c16a980..ae6fadf6 100644 --- a/mediagoblin/auth/tools.py +++ b/mediagoblin/auth/tools.py @@ -34,14 +34,19 @@ from mediagoblin import auth _log = logging.getLogger(__name__) -def normalize_user_or_email_field(allow_email=True, allow_user=True): - """ - Check if we were passed a field that matches a username and/or email +def normalize_user_or_email_field(allow_email=True, allow_user=True, + is_login=False): + """Check if we were passed a field that matches a username and/or email pattern. This is useful for fields that can take either a username or email - address. Use the parameters if you want to only allow a username for - instance""" + address. Use the parameters if you want to only allow a username + for instance + + is_login : bool + If is_login is True, does not check the length of username. + + """ message = _(u'Invalid User name or email address.') nomail_msg = _(u"This field does not take email addresses.") nouser_msg = _(u"This field requires an email address.") @@ -56,7 +61,8 @@ def normalize_user_or_email_field(allow_email=True, allow_user=True): else: # lower case user names if not allow_user: raise wtforms.ValidationError(nouser_msg) - wtforms.validators.Length(min=3, max=30)(form, field) + if not is_login: + wtforms.validators.Length(min=3, max=30)(form, field) wtforms.validators.Regexp(r'^[-_\w]+$')(form, field) field.data = field.data.lower() if field.data is None: # should not happen, but be cautious anyway diff --git a/mediagoblin/plugins/basic_auth/forms.py b/mediagoblin/plugins/basic_auth/forms.py index 9a6db226..3d684e91 100644 --- a/mediagoblin/plugins/basic_auth/forms.py +++ b/mediagoblin/plugins/basic_auth/forms.py @@ -38,7 +38,7 @@ class LoginForm(wtforms.Form): username = wtforms.StringField( _('Username or Email'), [wtforms.validators.InputRequired(), - normalize_user_or_email_field()]) + normalize_user_or_email_field(is_login=True)]) password = wtforms.PasswordField( _('Password')) stay_logged_in = wtforms.BooleanField(