Password must change when changing password

incuna · Aug 10, 2015 · 3c391a9 · 3c391a9
1 parent 3cc8c95
commit 3c391a9
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## v12.0.1 (Upcoming)
+
+* Ensure new and old passwords differ when changing password.
+
 ## v12.0.0
 
 * Update factories to use `class Meta:` syntax instead of `FACTORY_FOR`.

diff --git a/user_management/api/serializers.py b/user_management/api/serializers.py
@@ -104,6 +104,9 @@ def validate(self, attrs):
         if attrs.get('new_password') != attrs['new_password2']:
             msg = _('Your new passwords do not match.')
             raise serializers.ValidationError({'new_password2': msg})
+        if attrs.get('old_password') == attrs.get('new_password'):
+            msg = _('Your password has not changed.')
+            raise serializers.ValidationError({'new_password': msg})
         return attrs
 
 

diff --git a/user_management/api/tests/test_serializers.py b/user_management/api/tests/test_serializers.py
@@ -93,6 +93,21 @@ def test_deserialize_mismatched_passwords(self):
         })
         self.assertFalse(serializer.is_valid())
 
+    def test_no_change_password(self):
+        """A password cannot be changed if it doesn't change!"""
+        password = 'Same_passw0rd'
+
+        user = UserFactory.create(password=password)
+
+        serializer = serializers.PasswordChangeSerializer(user, data={
+            'old_password': password,
+            'new_password': password,
+            'new_password2': password,
+            }
+        )
+        self.assertFalse(serializer.is_valid())
+        self.assertIn('new_password', serializer.errors)
+
 
 class PasswordResetSerializerTest(TestCase):
     def test_deserialize_passwords(self):