From d747389e2a70359512a491b61cece107ec28631d Mon Sep 17 00:00:00 2001 From: Chris Hill-Scott Date: Tue, 27 Sep 2016 12:24:46 +0100 Subject: [PATCH] Add variations on GOV.UK Notify to blacklist MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There’s a chance that someone will run out of imagination and use the name of the thing they’re signing up for as their password. This wouldn’t be caught by the generic blacklist. --- app/main/_blacklisted_passwords.py | 6 ++++++ tests/app/main/test_validators.py | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/app/main/_blacklisted_passwords.py b/app/main/_blacklisted_passwords.py index 430fc83bc..69204d136 100644 --- a/app/main/_blacklisted_passwords.py +++ b/app/main/_blacklisted_passwords.py @@ -1,4 +1,10 @@ blacklisted_passwords = [ + 'govuknotify', + 'GOVUKnotify', + 'GOV.UK Notify', + 'GOV.UK notify', + 'gov.uk notify' +] + [ '11111111', '12345678', '123456789', diff --git a/tests/app/main/test_validators.py b/tests/app/main/test_validators.py index 85661d4f2..c14c66184 100644 --- a/tests/app/main/test_validators.py +++ b/tests/app/main/test_validators.py @@ -6,7 +6,7 @@ from unittest.mock import Mock @pytest.mark.parametrize('password', [ - '11111111', 'kittykat', 'evangeli' + 'govuknotify', '11111111', 'kittykat', 'evangeli' ]) def test_should_raise_validation_error_for_password(app_, mock_get_user_by_email, password): with app_.test_request_context():