From 3d688bd2ccf3cf6f1f102a4eee1fc73c2054c694 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Sun, 3 Dec 2017 09:49:25 +0800 Subject: [PATCH] Fix missing password length check when change password (#3039) (#3071) * fix missing password length check when change password * add tests for change password --- modules/test/context_tests.go | 4 +++ routers/user/setting.go | 4 ++- routers/user/setting_test.go | 68 +++++++++++++++++++++++++++++++++++ 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 routers/user/setting_test.go diff --git a/modules/test/context_tests.go b/modules/test/context_tests.go index 6bb7ffe98..daf4d837e 100644 --- a/modules/test/context_tests.go +++ b/modules/test/context_tests.go @@ -11,6 +11,7 @@ import ( "code.gitea.io/gitea/modules/context" + "github.com/go-macaron/session" "github.com/stretchr/testify/assert" macaron "gopkg.in/macaron.v1" ) @@ -33,6 +34,9 @@ func MockContext(t *testing.T) *context.Context { macaronContext.Render = &mockRender{ResponseWriter: macaronContext.Resp} return &context.Context{ Context: macaronContext, + Flash: &session.Flash{ + Values: make(url.Values), + }, } } diff --git a/routers/user/setting.go b/routers/user/setting.go index a00f3f287..c0be4edd6 100644 --- a/routers/user/setting.go +++ b/routers/user/setting.go @@ -223,7 +223,9 @@ func SettingsSecurityPost(ctx *context.Context, form auth.ChangePasswordForm) { return } - if ctx.User.IsPasswordSet() && !ctx.User.ValidatePassword(form.OldPassword) { + if len(form.Password) < setting.MinPasswordLength { + ctx.Flash.Error(ctx.Tr("auth.password_too_short", setting.MinPasswordLength)) + } else if ctx.User.IsPasswordSet() && !ctx.User.ValidatePassword(form.OldPassword) { ctx.Flash.Error(ctx.Tr("settings.password_incorrect")) } else if form.Password != form.Retype { ctx.Flash.Error(ctx.Tr("form.password_not_match")) diff --git a/routers/user/setting_test.go b/routers/user/setting_test.go new file mode 100644 index 000000000..72b1b8314 --- /dev/null +++ b/routers/user/setting_test.go @@ -0,0 +1,68 @@ +// Copyright 2017 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package user + +import ( + "net/http" + "testing" + + "code.gitea.io/gitea/models" + "code.gitea.io/gitea/modules/auth" + "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/test" + + "github.com/stretchr/testify/assert" +) + +func TestChangePassword(t *testing.T) { + oldPassword := "password" + setting.MinPasswordLength = 6 + + for _, req := range []struct { + OldPassword string + NewPassword string + Retype string + Message string + }{ + { + OldPassword: oldPassword, + NewPassword: "123456", + Retype: "123456", + Message: "", + }, + { + OldPassword: oldPassword, + NewPassword: "12345", + Retype: "12345", + Message: "auth.password_too_short", + }, + { + OldPassword: "12334", + NewPassword: "123456", + Retype: "123456", + Message: "settings.password_incorrect", + }, + { + OldPassword: oldPassword, + NewPassword: "123456", + Retype: "12345", + Message: "form.password_not_match", + }, + } { + models.PrepareTestEnv(t) + ctx := test.MockContext(t, "user/settings/security") + test.LoadUser(t, ctx, 2) + test.LoadRepo(t, ctx, 1) + + SettingsSecurityPost(ctx, auth.ChangePasswordForm{ + OldPassword: req.OldPassword, + Password: req.NewPassword, + Retype: req.Retype, + }) + + assert.EqualValues(t, req.Message, ctx.Flash.ErrorMsg) + assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + } +}