Skip to content

Commit

Permalink
Allow user to dismiss password validation
Browse files Browse the repository at this point in the history
  • Loading branch information
@rafalp
rafalp committed Sep 1, 2018
1 parent 1cb1472 commit ea93911
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 11 deletions.
27 changes: 21 additions & 6 deletions misago/users/management/commands/createsuperuser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
from getpass import getpass

from django.contrib.auth import get_user_model
from django.contrib.auth.password_validation import validate_password
from django.core.exceptions import ValidationError
from django.core.management.base import BaseCommand
from django.db import DEFAULT_DB_ALIAS, IntegrityError
Expand Down Expand Up @@ -36,13 +37,13 @@ def add_arguments(self, parser):
'--email',
dest='email',
default=None,
help="Specifies the username for the superuser.",
help="Specifies the e-mail for the superuser.",
)
parser.add_argument(
'--password',
dest='password',
default=None,
help="Specifies the username for the superuser.",
help="Specifies the password for the superuser.",
)
parser.add_argument(
'--noinput',
Expand Down Expand Up @@ -130,12 +131,26 @@ def handle(self, *args, **options):
self.stderr.write(u'\n'.join(e.messages))

while not password:
password = getpass("Enter password: ")
password2 = getpass("Repeat password")
if password != password2:
raw_value = getpass("Enter password: ")
password_repeat = getpass("Repeat password:")
if raw_value != password_repeat:
self.stderr.write("Error: Your passwords didn't match.")
if password.strip() == '':
# Don't validate passwords that don't match.
continue
if raw_value.strip() == '':
self.stderr.write("Error: Blank passwords aren't allowed.")
# Don't validate blank passwords.
continue
try:
validate_password(
raw_value, user=UserModel(username=username, email=email)
)
except ValidationError as e:
self.stderr.write(u'\n'.join(e.messages))
response = input('Bypass password validation and create user anyway? [y/N]: ')
if response.lower() != 'y':
continue
password = raw_value

# Call User manager's create_superuser using our wrapper
self.create_superuser(username, email, password, verbosity)
Expand Down
4 changes: 0 additions & 4 deletions misago/users/models/user.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,10 +67,6 @@ def create_user(

validate_username(username)
validate_email(email)

if password:
# password is conditional: users created with social-auth don't have one
validate_password(password, user=user)

if not 'rank' in extra_fields:
user.rank = Rank.objects.get_default()
Expand Down
2 changes: 1 addition & 1 deletion misago/users/tests/test_createsuperuser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@


class CreateSuperuserTests(TestCase):
def test_create_superuser(self):
def test_valid_input_creates_superuser(self):
"""command creates superuser"""
out = StringIO()

Expand Down
13 changes: 13 additions & 0 deletions misago/users/tests/test_user_create_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,19 @@ def test_registration_validates_email_registration_ban(self):
'email': ["You can't register account like this."],
})

def test_registration_requires_password(self):
"""api uses django's validate_password to validate registrations"""
response = self.client.post(
self.api_link,
data={
'username': 'Bob',
'email': 'loremipsum@dolor.met',
'password': '',
},
)

self.assertContains(response, "This field is required", status_code=400)

def test_registration_validates_password(self):
"""api uses django's validate_password to validate registrations"""
response = self.client.post(
Expand Down

0 comments on commit ea93911

Please sign in to comment.