Browse Source

Fix missing password length check when change password (#3039)

* fix missing password length check when change password

* add tests for change password
Lunny Xiao 2 years ago
parent
commit
b3d5ba6f90
3 changed files with 74 additions and 2 deletions
  1. 3 1
      modules/test/context_tests.go
  2. 3 1
      routers/user/setting.go
  3. 68 0
      routers/user/setting_test.go

+ 3 - 1
modules/test/context_tests.go

@@ -34,7 +34,9 @@ func MockContext(t *testing.T, path string) *context.Context {
34 34
 	macaronContext.Data = map[string]interface{}{}
35 35
 	return &context.Context{
36 36
 		Context: &macaronContext,
37
-		Flash:   &session.Flash{},
37
+		Flash: &session.Flash{
38
+			Values: make(url.Values),
39
+		},
38 40
 	}
39 41
 }
40 42
 

+ 3 - 1
routers/user/setting.go

@@ -222,7 +222,9 @@ func SettingsSecurityPost(ctx *context.Context, form auth.ChangePasswordForm) {
222 222
 		return
223 223
 	}
224 224
 
225
-	if ctx.User.IsPasswordSet() && !ctx.User.ValidatePassword(form.OldPassword) {
225
+	if len(form.Password) < setting.MinPasswordLength {
226
+		ctx.Flash.Error(ctx.Tr("auth.password_too_short", setting.MinPasswordLength))
227
+	} else if ctx.User.IsPasswordSet() && !ctx.User.ValidatePassword(form.OldPassword) {
226 228
 		ctx.Flash.Error(ctx.Tr("settings.password_incorrect"))
227 229
 	} else if form.Password != form.Retype {
228 230
 		ctx.Flash.Error(ctx.Tr("form.password_not_match"))

+ 68 - 0
routers/user/setting_test.go

@@ -0,0 +1,68 @@
1
+// Copyright 2017 The Gitea Authors. All rights reserved.
2
+// Use of this source code is governed by a MIT-style
3
+// license that can be found in the LICENSE file.
4
+
5
+package user
6
+
7
+import (
8
+	"net/http"
9
+	"testing"
10
+
11
+	"code.gitea.io/gitea/models"
12
+	"code.gitea.io/gitea/modules/auth"
13
+	"code.gitea.io/gitea/modules/setting"
14
+	"code.gitea.io/gitea/modules/test"
15
+
16
+	"github.com/stretchr/testify/assert"
17
+)
18
+
19
+func TestChangePassword(t *testing.T) {
20
+	oldPassword := "password"
21
+	setting.MinPasswordLength = 6
22
+
23
+	for _, req := range []struct {
24
+		OldPassword string
25
+		NewPassword string
26
+		Retype      string
27
+		Message     string
28
+	}{
29
+		{
30
+			OldPassword: oldPassword,
31
+			NewPassword: "123456",
32
+			Retype:      "123456",
33
+			Message:     "",
34
+		},
35
+		{
36
+			OldPassword: oldPassword,
37
+			NewPassword: "12345",
38
+			Retype:      "12345",
39
+			Message:     "auth.password_too_short",
40
+		},
41
+		{
42
+			OldPassword: "12334",
43
+			NewPassword: "123456",
44
+			Retype:      "123456",
45
+			Message:     "settings.password_incorrect",
46
+		},
47
+		{
48
+			OldPassword: oldPassword,
49
+			NewPassword: "123456",
50
+			Retype:      "12345",
51
+			Message:     "form.password_not_match",
52
+		},
53
+	} {
54
+		models.PrepareTestEnv(t)
55
+		ctx := test.MockContext(t, "user/settings/security")
56
+		test.LoadUser(t, ctx, 2)
57
+		test.LoadRepo(t, ctx, 1)
58
+
59
+		SettingsSecurityPost(ctx, auth.ChangePasswordForm{
60
+			OldPassword: req.OldPassword,
61
+			Password:    req.NewPassword,
62
+			Retype:      req.Retype,
63
+		})
64
+
65
+		assert.EqualValues(t, req.Message, ctx.Flash.ErrorMsg)
66
+		assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
67
+	}
68
+}