Commit 3235a34b authored by Kostas Papadimitriou's avatar Kostas Papadimitriou
Browse files

astakos: Prevent empty passwords in profile form

parent 7bfb0d39
......@@ -1080,7 +1080,8 @@ class ExtendedProfileForm(ProfileForm):
password, email = True, True
profile = super(ExtendedProfileForm, self).is_valid()
if profile and self.cleaned_data.get('change_password', None):
self.password_change_form.fields['new_password1'].required = True
self.password_change_form.fields['new_password2'].required = True
password = self.password_change_form.is_valid()
self.save_extra_forms.append('password')
if profile and self.cleaned_data.get('change_email'):
......
......@@ -321,6 +321,17 @@ class ShibbolethTests(TestCase):
self.assertTrue(user.has_auth_provider('shibboleth'))
self.assertTrue(user.check_password('111'))
self.assertTrue(user.has_usable_password())
# change password via profile form
r = client.post(ui_url("profile"), {
'old_password': '111',
'new_password': '',
'new_password2': '',
'change_password': 'on',
}, follow=False)
self.assertEqual(r.status_code, 200)
self.assertFalse(r.context['profile_form'].is_valid())
self.client.logout()
# now we can login
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment