Commit 05a3390b authored by Jérome Perrin's avatar Jérome Perrin

PasswordTool: verify password match confirmation

This is supposed to be catched by an external validator on the field,
but checking the one more time here supports custom dialogs where there
might not be form level validation.
parent 4cd0f2d8
Pipeline #28625 failed with stage
in 0 seconds
......@@ -230,6 +230,21 @@ class TestPasswordTool(ERP5TypeTestCase):
self.assertFalse(list(six.iterkeys(
self.portal.portal_password._password_request_dict)))
def test_password_reset_password_and_confirmation_do_not_match(self):
self.portal.portal_password.mailPasswordResetRequest(
user_login='userA-login', REQUEST=self.portal.REQUEST)
reset_key, = list(six.iterkeys(
self.portal.portal_password._password_request_dict))
ret = self.portal.portal_password.changeUserPassword(
user_login="userA-login",
password="new-password",
password_confirm="wrong-password",
password_key=reset_key)
query_string_param = parse_qsl(urlparse(str(ret)).query)
self.assertIn(("portal_status_message", "Password does not match the confirm password."), query_string_param)
self.assertIn(("portal_status_level", "error"), query_string_param)
def test_two_concurrent_password_reset(self):
self._createUser('userB')
self._assertUserExists('userA-login', 'userA-password')
......
......@@ -268,7 +268,6 @@ class PasswordTool(BaseTool):
"""
Reset the password for a given login
"""
# BBB: password_confirm: unused argument
def error(message):
# BBB: should "raise Redirect" instead of just returning, simplifying
# calling code and making mistakes more difficult
......@@ -293,6 +292,8 @@ class PasswordTool(BaseTool):
if user_login is not None and register_user_login != user_login:
# XXX: not descriptive enough
return error("Bad login provided.")
if password_confirm is not None and password_confirm != password:
return error("Password does not match the confirm password.")
if DateTime() > expiration_date:
return error("Date has expired.")
del self._password_request_dict[password_key]
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment