Fix missing password length check when change password (#3039)

* fix missing password length check when change password * add tests for change password
7 years ago · b3d5ba6f90
parent 35cc5b0402
commit b3d5ba6f90
3 changed files with 74 additions and 2 deletions
--- a/modules/test/context_tests.go
+++ b/modules/test/context_tests.go
@ -34,7 +34,9 @@ func MockContext(t *testing.T, path string) *context.Context {
 	macaronContext.Data = map[string]interface{}{}
 	return &context.Context{
 		Context: &macaronContext,
-		Flash:   &session.Flash{},
+		Flash: &session.Flash{
 			Values: make(url.Values),
 		},
 	}
 }
--- a/routers/user/setting.go
+++ b/routers/user/setting.go
@ -222,7 +222,9 @@ func SettingsSecurityPost(ctx *context.Context, form auth.ChangePasswordForm) {
 		return
 	}
-	if ctx.User.IsPasswordSet() && !ctx.User.ValidatePassword(form.OldPassword) {
+	if len(form.Password) < setting.MinPasswordLength {
 		ctx.Flash.Error(ctx.Tr("auth.password_too_short", setting.MinPasswordLength))
 	} else if ctx.User.IsPasswordSet() && !ctx.User.ValidatePassword(form.OldPassword) {
 		ctx.Flash.Error(ctx.Tr("settings.password_incorrect"))
 	} else if form.Password != form.Retype {
 		ctx.Flash.Error(ctx.Tr("form.password_not_match"))
--- a/routers/user/setting_test.go
+++ b/routers/user/setting_test.go
@ -0,0 +1,68 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package user
 import (
 	"net/http"
 	"testing"
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/test"
 	"github.com/stretchr/testify/assert"
 )
 func TestChangePassword(t *testing.T) {
 	oldPassword := "password"
 	setting.MinPasswordLength = 6
 	for _, req := range []struct {
 		OldPassword string
 		NewPassword string
 		Retype      string
 		Message     string
 	}{
 		{
 			OldPassword: oldPassword,
 			NewPassword: "123456",
 			Retype:      "123456",
 			Message:     "",
 		},
 		{
 			OldPassword: oldPassword,
 			NewPassword: "12345",
 			Retype:      "12345",
 			Message:     "auth.password_too_short",
 		},
 		{
 			OldPassword: "12334",
 			NewPassword: "123456",
 			Retype:      "123456",
 			Message:     "settings.password_incorrect",
 		},
 		{
 			OldPassword: oldPassword,
 			NewPassword: "123456",
 			Retype:      "12345",
 			Message:     "form.password_not_match",
 		},
 	} {
 		models.PrepareTestEnv(t)
 		ctx := test.MockContext(t, "user/settings/security")
 		test.LoadUser(t, ctx, 2)
 		test.LoadRepo(t, ctx, 1)
 		SettingsSecurityPost(ctx, auth.ChangePasswordForm{
 			OldPassword: req.OldPassword,
 			Password:    req.NewPassword,
 			Retype:      req.Retype,
 		})
 		assert.EqualValues(t, req.Message, ctx.Flash.ErrorMsg)
 		assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
 	}
 }