Fakultas Ilmu Komputer UI

Commit 9f2ac896 authored by Gregorius Aprisunnea's avatar Gregorius Aprisunnea
Browse files

Merge branch '1706039710-116' into 'master'

1706039710 116

See merge request !67
parents 4f46489b e35df9a3
Pipeline #59948 passed with stages
in 23 minutes and 11 seconds
......@@ -67,6 +67,7 @@ from .views import (
)
from app.forms import SuntingProfilForm, year_choices
from app.utils.fileManagementUtil import get_random_filename, remove_image_exifdata
from app.utils.PasswordValidator import PasswordPolicyValidator
ERROR_403_MESSAGE = "Kamu harus login untuk mengakses halaman ini"
......@@ -3002,3 +3003,32 @@ class SeeRatedMateriByUser(TestCase):
self.assertEqual(list(response.context['rating_list']),
[self.rating_test_2, self.rating_test_1, self.rating_test_3])
class PasswordValidatorPolicyTest(TestCase):
def setUp(self):
self.password_no_lowercase = "PASSW0RD!"
self.password_no_uppercase = "passw0rd!"
self.password_no_digit = "Password!"
self.password_no_special_char = "Passw0rd"
self.password_length_lower_than_8 = "P4ss!"
self.password_enforcing_policy = "Passw0rd!"
self.validator = PasswordPolicyValidator()
def test_using_password_no_lowercase(self):
self.assertRaises(ValidationError, self.validator.validate, self.password_no_lowercase)
def test_using_password_no_upprcase(self):
self.assertRaises(ValidationError, self.validator.validate, self.password_no_uppercase)
def test_using_password_no_digit(self):
self.assertRaises(ValidationError, self.validator.validate, self.password_no_digit)
def test_using_password_no_special_char(self):
self.assertRaises(ValidationError, self.validator.validate, self.password_no_special_char)
def test_using_password_with_length_less_than_8(self):
self.assertRaises(ValidationError, self.validator.validate, self.password_length_lower_than_8)
def test_using_password_using_correct_policy(self):
self.assertEquals(self.validator.validate(self.password_enforcing_policy), None)
\ No newline at end of file
import string
from django.core.exceptions import ValidationError
class PasswordPolicyValidator(object):
def validate(self, password, user=None):
if sum(c.isdigit() for c in password) < 1:
msg = 'Password must contain at least 1 number.'
raise ValidationError(msg)
if not any(c.isupper() for c in password):
msg = 'Password must contain at least 1 uppercase letter.'
raise ValidationError(msg)
if not any(c.islower() for c in password):
msg = 'Password must contain at least 1 lowercase letter.'
raise ValidationError(msg)
if not any(c for c in password if c in string.punctuation):
msg = 'Password must contain at least 1 special letter.'
raise ValidationError(msg)
if len(password) < 8 :
msg = 'Password must have at least 8 characters.'
raise ValidationError(msg)
def get_help_text(self):
return (
"Password must contains at least 8 character with combination of lower case letter, upper case letter, digit, and symbol."
)
......@@ -127,10 +127,7 @@ STATICFILES_DIRS = (os.path.join(BASE_DIR, "staticfiles"),)
AUTH_USER_MODEL = "authentication.User"
AUTH_PASSWORD_VALIDATORS = [
{"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", },
{"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", },
{"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", },
{"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator", },
{"NAME": "app.utils.PasswordValidator.PasswordPolicyValidator", },
]
......
from django.contrib.auth.hashers import make_password
from django.contrib.auth.password_validation import validate_password
from django.core.exceptions import ValidationError
class RegistrationService:
@staticmethod
def create_new_contributor(data, form):
create_result = dict()
create_result["success"] = True
new_user = form.save(commit=False)
new_user.password = make_password(data["password"])
new_user.is_contributor = True
new_user.save()
return new_user
try:
password = form.cleaned_data['password']
validate_password(password, new_user)
new_user.password = make_password(data["password"])
new_user.is_contributor = True
new_user.save()
create_result["user"] = new_user
except ValidationError as e:
create_result["success"] = False
form.add_error('password', e)
create_result["form"] = form
return create_result
@staticmethod
def create_new_admin(data, form):
create_result = dict()
create_result["success"] = True
new_user = form.save(commit=False)
new_user.password = make_password(data["password"])
new_user.is_admin = True
new_user.is_active = False
new_user.save()
\ No newline at end of file
try:
password = form.cleaned_data['password']
validate_password(password, new_user)
new_user.password = make_password(data["password"])
new_user.is_admin = True
new_user.is_active = False
new_user.save()
create_result["user"] = new_user
except ValidationError as e:
create_result["success"] = False
form.add_error('password', e)
create_result["form"] = form
return create_result
\ No newline at end of file
......@@ -10,6 +10,7 @@ from register import views
class RegisterPageTest(TestCase):
def setUp(self):
self.client = Client()
self.password = "Passw0rd!"
def test_register_url_is_exist(self):
# Positive tests
......@@ -64,8 +65,8 @@ class RegisterPageTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "1234",
"password2": "1234",
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.all().count(), 1)
......@@ -80,8 +81,8 @@ class RegisterPageTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "1234",
"password2": "12345",
"password": self.password,
"password2": "different passwd",
},
)
self.assertEqual(User.objects.all().count(), 0)
......@@ -97,8 +98,8 @@ class RegisterPageTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "1234",
"password2": "1234",
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.all().count(), 1)
......@@ -111,8 +112,8 @@ class RegisterPageTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "1234",
"password2": "1234",
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.all().count(), 1)
......@@ -129,8 +130,8 @@ class RegisterPageTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726601",
"password": "123456",
"password2": "123456",
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.all().count(), 1)
......@@ -144,8 +145,8 @@ class RegisterPageTest(TestCase):
"alamat": "bekasi",
"email": "budi@company.com",
"nomor_telpon": "087878726602",
"password": "123456",
"password2": "123456",
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.all().count(), 1)
......@@ -162,8 +163,8 @@ class RegisterPageTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "123456",
"password2": "123456",
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.all().count(), 1)
......@@ -177,8 +178,8 @@ class RegisterPageTest(TestCase):
"alamat": "bekasi",
"email": "budi@company.com",
"nomor_telpon": "087878726602",
"password": "123456",
"password2": "123456",
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.all().count(), 1)
......@@ -195,17 +196,102 @@ class RegisterPageTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "abcdefghijkl",
"password": "1234",
"password2": "12345",
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.all().count(), 0)
self.assertIn(b"Hanya masukkan angka", response.content)
def test_create_user_weak_password_no_lowercase(self):
response = self.client.post(
"/registrasi/",
{
"name": "bob",
"instansi": "university",
"nik": "3201234567890001",
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "PASSW0RD!",
"password2": "PASSW0RD!",
},
)
self.assertEqual(User.objects.all().count(), 0)
self.assertIn(b"Password must contain at least 1 lowercase letter", response.content)
def test_create_user_weak_password_no_uppercase(self):
response = self.client.post(
"/registrasi/",
{
"name": "bob",
"instansi": "university",
"nik": "3201234567890001",
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "passw0rd!",
"password2": "passw0rd!",
},
)
self.assertEqual(User.objects.all().count(), 0)
self.assertIn(b"Password must contain at least 1 uppercase letter", response.content)
def test_create_user_weak_password_no_special_char(self):
response = self.client.post(
"/registrasi/",
{
"name": "bob",
"instansi": "university",
"nik": "3201234567890001",
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "Passw0rd",
"password2": "Passw0rd",
},
)
self.assertEqual(User.objects.all().count(), 0)
self.assertIn(b"Password must contain at least 1 special letter", response.content)
def test_create_user_weak_password_no_number(self):
response = self.client.post(
"/registrasi/",
{
"name": "bob",
"instansi": "university",
"nik": "3201234567890001",
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "Password!",
"password2": "Password!",
},
)
self.assertEqual(User.objects.all().count(), 0)
self.assertIn(b"Password must contain at least 1 number", response.content)
def test_create_user_weak_password_less_than_8_chars(self):
response = self.client.post(
"/registrasi/",
{
"name": "bob",
"instansi": "university",
"nik": "3201234567890001",
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "P4ss!",
"password2": "P4ss!",
},
)
self.assertEqual(User.objects.all().count(), 0)
self.assertIn(b"Password must have at least 8 characters", response.content)
class RegisterAdminTest(TestCase):
def setUp(self):
self.client = Client()
self.random_password = id_generator()
self.password = "Passw0rd!"
def test_register_url_is_exist(self):
# Positive tests
......@@ -260,8 +346,8 @@ class RegisterAdminTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "1234",
"password2": "1234",
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.all().count(), 1)
......@@ -276,8 +362,8 @@ class RegisterAdminTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "1234",
"password2": "12345",
"password": self.password,
"password2": "different passwd",
},
)
self.assertEqual(User.objects.all().count(), 0)
......@@ -293,8 +379,8 @@ class RegisterAdminTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": self.random_password,
"password2": self.random_password,
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.all().count(), 1)
......@@ -307,8 +393,8 @@ class RegisterAdminTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": self.random_password,
"password2": self.random_password,
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.all().count(), 1)
......@@ -325,8 +411,8 @@ class RegisterAdminTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": self.random_password,
"password2": self.random_password,
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.filter(name="bob").get().is_active, False)
......@@ -341,8 +427,8 @@ class RegisterAdminTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": self.random_password,
"password2": self.random_password,
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.count(), 1)
......@@ -358,8 +444,8 @@ class RegisterAdminTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726601",
"password": self.random_password,
"password2": self.random_password,
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.all().count(), 1)
......@@ -372,8 +458,8 @@ class RegisterAdminTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": self.random_password,
"password2": self.random_password,
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.all().count(), 1)
......@@ -390,8 +476,8 @@ class RegisterAdminTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726601",
"password": self.random_password,
"password2": self.random_password,
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.all().count(), 1)
......@@ -404,8 +490,8 @@ class RegisterAdminTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726601",
"password": self.random_password,
"password2": self.random_password,
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.all().count(), 1)
......@@ -422,9 +508,94 @@ class RegisterAdminTest(TestCase):
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "abcdefghij",
"password": self.random_password,
"password2": self.random_password,
"password": self.password,
"password2": self.password,
},
)
self.assertEqual(User.objects.all().count(), 0)
self.assertIn(b"Hanya masukkan angka", response.content)
def test_create_user_weak_password_no_lowercase(self):
response = self.client.post(
"/registrasi/admin/",
{
"name": "bob",
"instansi": "university",
"nik": "3201234567890001",
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "PASSW0RD!",
"password2": "PASSW0RD!",
},
)
self.assertEqual(User.objects.all().count(), 0)
self.assertIn(b"Password must contain at least 1 lowercase letter", response.content)
def test_create_user_weak_password_no_uppercase(self):
response = self.client.post(
"/registrasi/admin/",
{
"name": "bob",
"instansi": "university",
"nik": "3201234567890001",
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "passw0rd!",
"password2": "passw0rd!",
},
)
self.assertEqual(User.objects.all().count(), 0)
self.assertIn(b"Password must contain at least 1 uppercase letter", response.content)
def test_create_user_weak_password_no_special_char(self):
response = self.client.post(
"/registrasi/admin/",
{
"name": "bob",
"instansi": "university",
"nik": "3201234567890001",
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "Passw0rd",
"password2": "Passw0rd",
},
)
self.assertEqual(User.objects.all().count(), 0)
self.assertIn(b"Password must contain at least 1 special letter", response.content)
def test_create_user_weak_password_no_number(self):
response = self.client.post(
"/registrasi/admin/",
{
"name": "bob",
"instansi": "university",
"nik": "3201234567890001",
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "Password!",
"password2": "Password!",
},
)
self.assertEqual(User.objects.all().count(), 0)
self.assertIn(b"Password must contain at least 1 number", response.content)
def test_create_user_weak_password_less_than_8_chars(self):
response = self.client.post(
"/registrasi/admin/",
{
"name": "bob",
"instansi": "university",
"nik": "3201234567890001",
"alamat": "bekasi",
"email": "bob@company.com",
"nomor_telpon": "087878726602",
"password": "P4ss!",
"password2": "P4ss!",
},
)
self.assertEqual(User.objects.all().count(), 0)
self.assertIn(b"Hanya masukkan angka", response.content)
\ No newline at end of file
self.assertIn(b"Password must have at least 8 characters", response.content)
\ No newline at end of file
......@@ -18,8 +18,13 @@ class index(TemplateView):
data = request.POST.copy()
form = UserForm(request.POST)
if form.is_valid():
new_user = RegistrationService.create_new_contributor(data, form)
login(request, new_user)
create_user_service = RegistrationService.create_new_contributor(data, form)
if not create_user_service["success"]:
context = self.get_context_data(**kwargs)
context["form"] = create_user_service["form"]
return self.render_to_response(context)
login(request, create_user_service["user"])
return HttpResponseRedirect("/sukses-kontributor/")
else:
context = self.get_context_data(**kwargs)
......@@ -46,7 +51,12 @@ class RegistrasiAdmin(TemplateView):
context = self.get_context_data(**kwargs)
context["form"] = form
if form.is_valid():
RegistrationService.create_new_admin(data, form)
create_user_service = RegistrationService.create_new_admin(data, form)
if not create_user_service["success"]:
context = self.get_context_data(**kwargs)
context["form"] = create_user_service["form"]
return self.render_to_response(context)
context["message"] = "Please wait for our internal team to accept your admin account"
return self.render_to_response(context)
return self.render_to_response(context)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment