108536374: Implement a validator to exclude passwords on a blacklist

2026-02-05 10:53:28 -05:00 · 2015-12-01 15:51:09 +00:00
parent 9e2cf2fa4c
commit 3b96b6e5ca
4 changed files with 44 additions and 1 deletions
--- a/tests/app/main/test_validators.py
+++ b/tests/app/main/test_validators.py
@@ -0,0 +1,17 @@
+from pytest import fail
+
+from app.main.forms import RegisterUserForm
+
+
+def test_should_raise_validation_error_for_password(notifications_admin):
+    form = RegisterUserForm()
+    form.name.data = 'test'
+    form.email_address.data = 'teset@example.gov.uk'
+    form.mobile_number.data = '+441231231231'
+    form.password.data = 'password1234'
+
+    try:
+        form.validate()
+        fail()
+    except:
+        assert 'That password is blacklisted, too common' in form.errors['password']
--- a/tests/app/main/views/test_register.py
+++ b/tests/app/main/views/test_register.py
@@ -37,3 +37,14 @@ def test_should_return_400_when_email_is_not_gov_uk(notifications_admin, notific

    assert response.status_code == 400
    assert 'Please enter a gov.uk email address' in response.get_data(as_text=True)
+
+
+def test_should_return_400_if_password_is_blacklisted(notifications_admin, notifications_admin_db):
+    response = notifications_admin.test_client().post('/register',
+                                                      data={'name': 'Bad Mobile',
+                                                            'email_address': 'bad_mobile@example.not.right',
+                                                            'mobile_number': '+44123412345',
+                                                            'password': 'password'})
+
+    response.status_code == 400
+    assert 'That password is blacklisted, too common' in response.get_data(as_text=True)