Add variations on GOV.UK Notify to blacklist

There’s a chance that someone will run out of imagination and use
the name of the thing they’re signing up for as their password.

This wouldn’t be caught by the generic blacklist.
This commit is contained in:
Chris Hill-Scott
2016-09-27 12:24:46 +01:00
parent 68a6ceec78
commit d747389e2a
2 changed files with 7 additions and 1 deletions

View File

@@ -1,4 +1,10 @@
blacklisted_passwords = [
'govuknotify',
'GOVUKnotify',
'GOV.UK Notify',
'GOV.UK notify',
'gov.uk notify'
] + [
'11111111',
'12345678',
'123456789',

View File

@@ -6,7 +6,7 @@ from unittest.mock import Mock
@pytest.mark.parametrize('password', [
'11111111', 'kittykat', 'evangeli'
'govuknotify', '11111111', 'kittykat', 'evangeli'
])
def test_should_raise_validation_error_for_password(app_, mock_get_user_by_email, password):
with app_.test_request_context():