policies/hibp: add invalid test case

2020-12-13 18:42:07 +01:00 · 2020-12-13 18:42:07 +01:00 · 7eed70cfe9
parent ea6ca23f57
commit 7eed70cfe9
2 changed files with 11 additions and 0 deletions
--- a/authentik/policies/hibp/models.py
+++ b/authentik/policies/hibp/models.py
@ -50,6 +50,7 @@ class HaveIBeenPwendPolicy(Policy):
                field=self.password_field,
                fields=request.context.keys(),
            )
+            return PolicyResult(False, _("Password not set in context"))
        password = request.context[self.password_field]

        pw_hash = sha1(password.encode("utf-8")).hexdigest()  # nosec
--- a/authentik/policies/hibp/tests.py
+++ b/authentik/policies/hibp/tests.py
@ -10,6 +10,16 @@ from authentik.providers.oauth2.generators import generate_client_secret
 class TestHIBPPolicy(TestCase):
    """Test HIBP Policy"""

+    def test_invalid(self):
+        """Test without password"""
+        policy = HaveIBeenPwendPolicy.objects.create(
+            name="test_invalid",
+        )
+        request = PolicyRequest(get_anonymous_user())
+        result: PolicyResult = policy.passes(request)
+        self.assertFalse(result.passing)
+        self.assertEqual(result.messages[0], "Password not set in context")
+
    def test_false(self):
        """Failing password case"""
        policy = HaveIBeenPwendPolicy.objects.create(