Commit a7099dd7a4259f677f679ba5c504435ecfb26d6e
1 parent
7df95b98b6
Exists in
master
password minimum length is now 8
Showing 4 changed files with 28 additions and 17 deletions Side-by-side Diff
README.md
View file @
a7099dd
| ... | ... | @@ -2,7 +2,15 @@ |
| 2 | 2 | |
| 3 | 3 | All of these commands should be run from this directory (the one containing README.md) |
| 4 | 4 | |
| 5 | -## Setup | |
| 5 | +## Installing Flashy on Ubuntu 14.04 | |
| 6 | + | |
| 7 | +Ubuntu 14.04 is the officially supported platform for the | |
| 8 | + | |
| 9 | +Before running the setup process below, observe the following prerequisites: | |
| 10 | + - Python 2 must be installed. To avoid issues | |
| 11 | + | |
| 12 | + | |
| 13 | +## Setup | |
| 6 | 14 | |
| 7 | 15 | Flashy requires Python 2. Install this, and pip. |
| 8 | 16 |
flashcards/serializers.py
View file @
a7099dd
| ... | ... | @@ -17,12 +17,13 @@ |
| 17 | 17 | email = EmailField(required=True) |
| 18 | 18 | |
| 19 | 19 | |
| 20 | -class EmailPasswordSerializer(EmailSerializer): | |
| 20 | +class LoginSerializer(EmailSerializer): | |
| 21 | 21 | password = CharField(required=True) |
| 22 | 22 | |
| 23 | 23 | |
| 24 | -class RegistrationSerializer(EmailPasswordSerializer): | |
| 24 | +class RegistrationSerializer(Serializer): | |
| 25 | 25 | email = EmailField(required=True, validators=[UniqueValidator(queryset=User.objects.all())]) |
| 26 | + password = CharField(required=True, min_length=8) | |
| 26 | 27 | |
| 27 | 28 | |
| 28 | 29 | class PasswordResetRequestSerializer(EmailSerializer): |
| ... | ... | @@ -35,7 +36,7 @@ |
| 35 | 36 | |
| 36 | 37 | |
| 37 | 38 | class PasswordResetSerializer(Serializer): |
| 38 | - new_password = CharField(required=True, allow_blank=False) | |
| 39 | + new_password = CharField(required=True, allow_blank=False, min_length=8) | |
| 39 | 40 | uid = IntegerField(required=True) |
| 40 | 41 | token = CharField(required=True) |
| 41 | 42 | |
| ... | ... | @@ -53,7 +54,7 @@ |
| 53 | 54 | |
| 54 | 55 | class UserUpdateSerializer(Serializer): |
| 55 | 56 | old_password = CharField(required=False) |
| 56 | - new_password = CharField(required=False, allow_blank=False) | |
| 57 | + new_password = CharField(required=False, allow_blank=False, min_length=8) | |
| 57 | 58 | |
| 58 | 59 | def validate(self, data): |
| 59 | 60 | if 'new_password' in data and 'old_password' not in data: |
flashcards/tests/test_api.py
View file @
a7099dd
| ... | ... | @@ -67,7 +67,7 @@ |
| 67 | 67 | # capture the reset token from the email |
| 68 | 68 | capture = search('app/resetpassword/(\d+)/(.*)', |
| 69 | 69 | mail.outbox[0].body) |
| 70 | - patch_data = {'new_password': '4321'} | |
| 70 | + patch_data = {'new_password': '87654321'} | |
| 71 | 71 | patch_data['uid'] = capture.group(1) |
| 72 | 72 | reset_token = capture.group(2) |
| 73 | 73 | |
| 74 | 74 | |
| ... | ... | @@ -95,12 +95,12 @@ |
| 95 | 95 | self.assertContains(response, 'password', status_code=400) |
| 96 | 96 | |
| 97 | 97 | # missing email |
| 98 | - data = {'password': '1234'} | |
| 98 | + data = {'password': '12345678'} | |
| 99 | 99 | response = self.client.post(url, data, format='json') |
| 100 | 100 | self.assertContains(response, 'email', status_code=400) |
| 101 | 101 | |
| 102 | 102 | # create a user |
| 103 | - data = {'email': 'none@none.com', 'password': '1234'} | |
| 103 | + data = {'email': 'none@none.com', 'password': '12345678'} | |
| 104 | 104 | response = self.client.post(url, data, format='json') |
| 105 | 105 | self.assertEqual(response.status_code, HTTP_201_CREATED) |
| 106 | 106 | |
| ... | ... | @@ -116,7 +116,7 @@ |
| 116 | 116 | self.client.logout() |
| 117 | 117 | |
| 118 | 118 | # log the user in with their registered credentials |
| 119 | - self.client.login(email='none@none.com', password='1234') | |
| 119 | + self.client.login(email='none@none.com', password='12345678') | |
| 120 | 120 | |
| 121 | 121 | # try activating with an invalid key |
| 122 | 122 | |
| 123 | 123 | |
| 124 | 124 | |
| 125 | 125 | |
| 126 | 126 | |
| ... | ... | @@ -166,22 +166,23 @@ |
| 166 | 166 | user = User.objects.get(email='none@none.com') |
| 167 | 167 | self.assertTrue(user.check_password('1234')) |
| 168 | 168 | |
| 169 | - response = self.client.patch(url, {'new_password': '4321', 'old_password': '1234'}, format='json') | |
| 169 | + # check that we can't change a password when logged out | |
| 170 | + response = self.client.patch(url, {'new_password': '12345678', 'old_password': '1234'}, format='json') | |
| 170 | 171 | self.assertEqual(response.status_code, HTTP_403_FORBIDDEN) |
| 171 | 172 | |
| 172 | 173 | self.client.login(email='none@none.com', password='1234') |
| 173 | - response = self.client.patch(url, {'new_password': '4321'}, format='json') | |
| 174 | + response = self.client.patch(url, {'new_password': '12345678'}, format='json') | |
| 174 | 175 | self.assertContains(response, 'old_password is required', status_code=400) |
| 175 | 176 | |
| 176 | - response = self.client.patch(url, {'new_password': '4321', 'old_password': '4321'}, format='json') | |
| 177 | + response = self.client.patch(url, {'new_password': '12345678', 'old_password': '4321'}, format='json') | |
| 177 | 178 | self.assertContains(response, 'old_password is incorrect', status_code=400) |
| 178 | 179 | |
| 179 | - response = self.client.patch(url, {'new_password': '4321', 'old_password': '1234'}, format='json') | |
| 180 | + response = self.client.patch(url, {'new_password': '12345678', 'old_password': '1234'}, format='json') | |
| 180 | 181 | self.assertEqual(response.status_code, 200) |
| 181 | 182 | user = User.objects.get(email='none@none.com') |
| 182 | 183 | |
| 183 | 184 | self.assertFalse(user.check_password('1234')) |
| 184 | - self.assertTrue(user.check_password('4321')) | |
| 185 | + self.assertTrue(user.check_password('12345678')) | |
| 185 | 186 | |
| 186 | 187 | |
| 187 | 188 | class DeleteUserTest(APITestCase): |
flashcards/views.py
View file @
a7099dd
| ... | ... | @@ -7,9 +7,10 @@ |
| 7 | 7 | from flashcards.models import Section, User, Flashcard, FlashcardHide, UserFlashcardQuiz, \ |
| 8 | 8 | FlashcardAlreadyPulledException, FlashcardNotInDeckException, FlashcardAlreadyHiddenException |
| 9 | 9 | from flashcards.serializers import SectionSerializer, UserUpdateSerializer, RegistrationSerializer, UserSerializer, \ |
| 10 | - PasswordResetSerializer, PasswordResetRequestSerializer, EmailPasswordSerializer, FlashcardSerializer, \ | |
| 10 | + PasswordResetSerializer, PasswordResetRequestSerializer, FlashcardSerializer, \ | |
| 11 | 11 | FlashcardUpdateSerializer, QuizRequestSerializer, QuizResponseSerializer, SubscribeViewSerializer, \ |
| 12 | - QuizAnswerRequestSerializer, DeepSectionSerializer, EmailVerificationSerializer, FeedRequestSerializer | |
| 12 | + QuizAnswerRequestSerializer, DeepSectionSerializer, EmailVerificationSerializer, FeedRequestSerializer, \ | |
| 13 | + LoginSerializer | |
| 13 | 14 | from flashy.settings import FEED_PAGE_SIZE |
| 14 | 15 | from rest_framework.decorators import detail_route, permission_classes, api_view, list_route |
| 15 | 16 | from rest_framework.generics import ListAPIView, GenericAPIView |
| ... | ... | @@ -270,7 +271,7 @@ |
| 270 | 271 | response_serializer: UserSerializer |
| 271 | 272 | """ |
| 272 | 273 | |
| 273 | - data = EmailPasswordSerializer(data=request.data) | |
| 274 | + data = LoginSerializer(data=request.data) | |
| 274 | 275 | data.is_valid(raise_exception=True) |
| 275 | 276 | user = authenticate(**data.validated_data) |
| 276 | 277 |