From d0b2f0c5a160f5fcd21c69d2e653c2acd62a116b Mon Sep 17 00:00:00 2001
From: Arthur Hanson <worldnomad@gmail.com>
Date: Thu, 29 Aug 2024 09:46:48 -0700
Subject: [PATCH] 17289 fix tests

---
 netbox/users/tests/test_api.py   | 61 ++++++++++++++++++++++++--------
 netbox/users/tests/test_views.py | 49 ++++++++++++++++++++-----
 2 files changed, 88 insertions(+), 22 deletions(-)

diff --git a/netbox/users/tests/test_api.py b/netbox/users/tests/test_api.py
index f37eaf764..63d3e1ff7 100644
--- a/netbox/users/tests/test_api.py
+++ b/netbox/users/tests/test_api.py
@@ -38,26 +38,26 @@ class UserTest(APIViewTestCases.APIViewTestCase):
         permissions[2].object_types.add(ObjectType.objects.get_by_natural_key('dcim', 'rack'))
 
         users = (
-            User(username='User1', password='password1'),
-            User(username='User2', password='password2'),
-            User(username='User3', password='password3'),
+            User(username='User1', password='FooBarFooBar1'),
+            User(username='User2', password='FooBarFooBar2'),
+            User(username='User3', password='FooBarFooBar3'),
         )
         User.objects.bulk_create(users)
 
         cls.create_data = [
             {
                 'username': 'User4',
-                'password': 'password4',
+                'password': 'FooBarFooBar4',
                 'permissions': [permissions[0].pk],
             },
             {
                 'username': 'User5',
-                'password': 'password5',
+                'password': 'FooBarFooBar5',
                 'permissions': [permissions[1].pk],
             },
             {
                 'username': 'User6',
-                'password': 'password6',
+                'password': 'FooBarFooBar6',
                 'permissions': [permissions[2].pk],
             },
         ]
@@ -77,12 +77,12 @@ class UserTest(APIViewTestCases.APIViewTestCase):
 
         user_credentials = {
             'username': 'newuser',
-            'password': 'abc123',
+            'password': 'abc123FOO',
         }
         user = User.objects.create_user(**user_credentials)
 
         data = {
-            'password': 'newpassword'
+            'password': 'FooBarFooBar1'
         }
         url = reverse('users-api:user-detail', kwargs={'pk': user.id})
         response = self.client.patch(url, data, format='json', **self.header)
@@ -90,10 +90,23 @@ class UserTest(APIViewTestCases.APIViewTestCase):
         user.refresh_from_db()
         self.assertTrue(user.check_password(data['password']))
 
-    @override_settings(AUTH_PASSWORD_VALIDATORS=[{
-        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
-        'OPTIONS': {'min_length': 8}
-    }])
+    @override_settings(AUTH_PASSWORD_VALIDATORS=[
+        {
+            "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
+        },
+        {
+            "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
+            "OPTIONS": {
+                "min_length": 8,
+            },
+        },
+        {
+            "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
+        },
+        {
+            "NAME": "utilities.password_validation.NumericAlphaPasswordValidator",
+        },
+    ])
     def test_password_validation_enforced(self):
         """
         Test that any configured password validation rules (AUTH_PASSWORD_VALIDATORS) are enforced.
@@ -102,7 +115,7 @@ class UserTest(APIViewTestCases.APIViewTestCase):
 
         data = {
             'username': 'new_user',
-            'password': 'foo',
+            'password': 'f1A',
         }
         url = reverse('users-api:user-list')
 
@@ -111,10 +124,30 @@ class UserTest(APIViewTestCases.APIViewTestCase):
         self.assertEqual(response.status_code, 400)
 
         # Password long enough
-        data['password'] = 'foobar123'
+        data['password'] = 'FooBar123'
         response = self.client.post(url, data, format='json', **self.header)
         self.assertEqual(response.status_code, 201)
 
+        # Password no number
+        data['password'] = 'foobarFoo'
+        response = self.client.post(url, data, format='json', **self.header)
+        self.assertEqual(response.status_code, 400)
+
+        # Password no letter
+        data['password'] = '123456789012'
+        response = self.client.post(url, data, format='json', **self.header)
+        self.assertEqual(response.status_code, 400)
+
+        # Password no uppercase
+        data['password'] = 'foobarfoo1'
+        response = self.client.post(url, data, format='json', **self.header)
+        self.assertEqual(response.status_code, 400)
+
+        # Password no lowercase
+        data['password'] = 'FOOBARFOO1'
+        response = self.client.post(url, data, format='json', **self.header)
+        self.assertEqual(response.status_code, 400)
+
 
 class GroupTest(APIViewTestCases.APIViewTestCase):
     model = Group
diff --git a/netbox/users/tests/test_views.py b/netbox/users/tests/test_views.py
index 435d7579c..1b4d821f8 100644
--- a/netbox/users/tests/test_views.py
+++ b/netbox/users/tests/test_views.py
@@ -60,10 +60,23 @@ class UserTestCase(
             'last_name': 'newlastname',
         }
 
-    @override_settings(AUTH_PASSWORD_VALIDATORS=[{
-        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
-        'OPTIONS': {'min_length': 8}
-    }])
+    @override_settings(AUTH_PASSWORD_VALIDATORS=[
+        {
+            "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
+        },
+        {
+            "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
+            "OPTIONS": {
+                "min_length": 8,
+            },
+        },
+        {
+            "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
+        },
+        {
+            "NAME": "utilities.password_validation.NumericAlphaPasswordValidator",
+        },
+    ])
     def test_password_validation_enforced(self):
         """
         Test that any configured password validation rules (AUTH_PASSWORD_VALIDATORS) are enforced.
@@ -71,8 +84,8 @@ class UserTestCase(
         self.add_permissions('users.add_user')
         data = {
             'username': 'new_user',
-            'password': 'foo',
-            'confirm_password': 'foo',
+            'password': 'F1a',
+            'confirm_password': 'F1a',
         }
 
         # Password too short
@@ -84,10 +97,30 @@ class UserTestCase(
         self.assertHttpStatus(response, 200)
 
         # Password long enough
-        data['password'] = 'foobar123AD'
-        data['confirm_password'] = 'foobar123AD'
+        data['password'] = 'fooBar12'
+        data['confirm_password'] = 'fooBar12'
         self.assertHttpStatus(self.client.post(**request), 302)
 
+        # Password no number
+        data['password'] = 'FooBarFooBar'
+        data['confirm_password'] = 'FooBarFooBar'
+        self.assertHttpStatus(self.client.post(**request), 200)
+
+        # Password no letter
+        data['password'] = '123456789123'
+        data['confirm_password'] = '123456789123'
+        self.assertHttpStatus(self.client.post(**request), 200)
+
+        # Password no uppercase
+        data['password'] = 'foobar123abc'
+        data['confirm_password'] = 'foobar123abc'
+        self.assertHttpStatus(self.client.post(**request), 200)
+
+        # Password no lowercase
+        data['password'] = 'FOOBAR123ABC'
+        data['confirm_password'] = 'FOOBAR123ABC'
+        self.assertHttpStatus(self.client.post(**request), 200)
+
 
 class GroupTestCase(
     ViewTestCases.GetObjectViewTestCase,