Fix #883: Prevent usage of too weak passwords

2019-09-21 16:11:08 +02:00 · 2019-09-21 16:11:08 +02:00 · f44abfecfb
commit f44abfecfb
parent def555bd50
6 changed files with 91 additions and 13 deletions
--- a/api/tests/users/test_serializers.py
+++ b/api/tests/users/test_serializers.py
@ -0,0 +1,44 @@
+import pytest
+
+from funkwhale_api.users import serializers
+
+
+@pytest.mark.parametrize(
+    "data, expected_error",
+    [
+        (
+            {
+                "username": "myusername",
+                "email": "test@hello.com",
+                "password1": "myusername",
+            },
+            r".*password is too similar.*",
+        ),
+        (
+            {"username": "myusername", "email": "test@hello.com", "password1": "test"},
+            r".*must contain at least 8 characters.*",
+        ),
+        (
+            {
+                "username": "myusername",
+                "email": "test@hello.com",
+                "password1": "superman",
+            },
+            r".*password is too common.*",
+        ),
+        (
+            {
+                "username": "myusername",
+                "email": "test@hello.com",
+                "password1": "123457809878",
+            },
+            r".*password is entirely numeric.*",
+        ),
+    ],
+)
+def test_registration_serializer_validates_password_properly(data, expected_error, db):
+    data["password2"] = data["password1"]
+    serializer = serializers.RegisterSerializer(data=data)
+
+    with pytest.raises(serializers.serializers.ValidationError, match=expected_error):
+        serializer.is_valid(raise_exception=True)