p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed #27467 -- Made UserAttributeSimilarityValidator max_similarity=0/1 work as documented. 

Thanks goblinJoel for the report and feedback.
This commit is contained in:
Tim Graham 2016-11-10 06:30:38 -05:00
parent 45e01df373
commit 0d9ff873d9
3 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
django/contrib/auth/password_validation.py
View File

@ -147,7 +147,7 @@ class UserAttributeSimilarityValidator(object):
continue continue
value_parts = re.split(r'\W+', value) + [value] value_parts = re.split(r'\W+', value) + [value]
for value_part in value_parts: for value_part in value_parts:
if SequenceMatcher(a=password.lower(), b=value_part.lower()).quick_ratio() > self.max_similarity: if SequenceMatcher(a=password.lower(), b=value_part.lower()).quick_ratio() >= self.max_similarity:
try: try:
verbose_name = force_text(user._meta.get_field(attribute_name).verbose_name) verbose_name = force_text(user._meta.get_field(attribute_name).verbose_name)
except FieldDoesNotExist: except FieldDoesNotExist:

9
docs/topics/auth/passwords.txt
View File

@ -545,11 +545,10 @@ Django includes four validators:
is used: ``'username', 'first_name', 'last_name', 'email'``. is used: ``'username', 'first_name', 'last_name', 'email'``.
Attributes that don't exist are ignored. Attributes that don't exist are ignored.
The maximum similarity the password can have, before it is rejected, can The minimum similarity of a rejected password can be set on a scale of 0 to
be set with the ``max_similarity`` parameter, on a scale of 0 to 1. 1 with the ``max_similarity`` parameter. A setting of 0 rejects all
A setting of 0 will cause all passwords to be rejected, whereas a setting passwords, whereas a setting of 1 rejects only passwords that are identical
of 1 will cause it to only reject passwords that are identical to an to an attribute's value.
attribute's value.
.. class:: CommonPasswordValidator(password_list_path=DEFAULT_PASSWORD_LIST_PATH) .. class:: CommonPasswordValidator(password_list_path=DEFAULT_PASSWORD_LIST_PATH)

17
tests/auth_tests/test_validators.py
View File

@ -124,7 +124,22 @@ class UserAttributeSimilarityValidatorTest(TestCase):
max_similarity=0.3, max_similarity=0.3,
).validate('testclient', user=user) ).validate('testclient', user=user)
self.assertEqual(cm.exception.messages, [expected_error % "first name"]) self.assertEqual(cm.exception.messages, [expected_error % "first name"])
# max_similarity=1 doesn't allow passwords that are identical to the
# attribute's value.
with self.assertRaises(ValidationError) as cm:
UserAttributeSimilarityValidator(
user_attributes=['first_name'],
max_similarity=1,
).validate(user.first_name, user=user)
self.assertEqual(cm.exception.messages, [expected_error % "first name"])
# max_similarity=0 rejects all passwords.
with self.assertRaises(ValidationError) as cm:
UserAttributeSimilarityValidator(
user_attributes=['first_name'],
max_similarity=0,
).validate('XXX', user=user)
self.assertEqual(cm.exception.messages, [expected_error % "first name"])
# Passes validation.
self.assertIsNone( self.assertIsNone(
UserAttributeSimilarityValidator(user_attributes=['first_name']).validate('testclient', user=user) UserAttributeSimilarityValidator(user_attributes=['first_name']).validate('testclient', user=user)
) )