From 3b96b6e5ca196ba26ec2894d691995b46d3df862 Mon Sep 17 00:00:00 2001 From: Rebecca Law Date: Tue, 1 Dec 2015 15:51:09 +0000 Subject: [PATCH] 108536374: Implement a validator to exclude passwords on a blacklist --- app/main/forms.py | 5 ++++- app/main/validators.py | 12 ++++++++++++ tests/app/main/test_validators.py | 17 +++++++++++++++++ tests/app/main/views/test_register.py | 11 +++++++++++ 4 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 app/main/validators.py create mode 100644 tests/app/main/test_validators.py diff --git a/app/main/forms.py b/app/main/forms.py index bc013fccc..9cb3fe6de 100644 --- a/app/main/forms.py +++ b/app/main/forms.py @@ -2,6 +2,8 @@ from flask_wtf import Form from wtforms import StringField, PasswordField from wtforms.validators import DataRequired, Email, Length, Regexp +from app.main.validators import Blacklist + class LoginForm(Form): email_address = StringField('Email address', validators=[ @@ -32,4 +34,5 @@ class RegisterUserForm(Form): Regexp(regex=mobile_number, message='Please enter a +44 mobile number')]) password = PasswordField('Password', validators=[DataRequired(message='Please enter your password'), - Length(10, 255, message='Password must be at least 10 characters')]) + Length(10, 255, message='Password must be at least 10 characters'), + Blacklist(message='That password is blacklisted, too common')]) diff --git a/app/main/validators.py b/app/main/validators.py new file mode 100644 index 000000000..2638bd5e2 --- /dev/null +++ b/app/main/validators.py @@ -0,0 +1,12 @@ +from wtforms import ValidationError + + +class Blacklist(object): + def __init__(self, message=None): + if not message: + message = 'Password is blacklisted.' + self.message = message + + def __call__(self, form, field): + if field.data in ['password1234', 'passw0rd1234']: + raise ValidationError(self.message) diff --git a/tests/app/main/test_validators.py b/tests/app/main/test_validators.py new file mode 100644 index 000000000..a1cc52192 --- /dev/null +++ b/tests/app/main/test_validators.py @@ -0,0 +1,17 @@ +from pytest import fail + +from app.main.forms import RegisterUserForm + + +def test_should_raise_validation_error_for_password(notifications_admin): + form = RegisterUserForm() + form.name.data = 'test' + form.email_address.data = 'teset@example.gov.uk' + form.mobile_number.data = '+441231231231' + form.password.data = 'password1234' + + try: + form.validate() + fail() + except: + assert 'That password is blacklisted, too common' in form.errors['password'] diff --git a/tests/app/main/views/test_register.py b/tests/app/main/views/test_register.py index 2c6e384a0..ccafc9629 100644 --- a/tests/app/main/views/test_register.py +++ b/tests/app/main/views/test_register.py @@ -37,3 +37,14 @@ def test_should_return_400_when_email_is_not_gov_uk(notifications_admin, notific assert response.status_code == 400 assert 'Please enter a gov.uk email address' in response.get_data(as_text=True) + + +def test_should_return_400_if_password_is_blacklisted(notifications_admin, notifications_admin_db): + response = notifications_admin.test_client().post('/register', + data={'name': 'Bad Mobile', + 'email_address': 'bad_mobile@example.not.right', + 'mobile_number': '+44123412345', + 'password': 'password'}) + + response.status_code == 400 + assert 'That password is blacklisted, too common' in response.get_data(as_text=True) \ No newline at end of file