From 683145156bed229e08659f2f2abcf002ba46136a Mon Sep 17 00:00:00 2001 From: Feanil Patel Date: Thu, 28 Sep 2023 15:16:21 -0400 Subject: [PATCH 1/5] feat: Update the minimum password length. --- cms/envs/common.py | 21 +++------------------ lms/envs/common.py | 2 +- 2 files changed, 4 insertions(+), 19 deletions(-) diff --git a/cms/envs/common.py b/cms/envs/common.py index 2021d372bcc7..90227b44666f 100644 --- a/cms/envs/common.py +++ b/cms/envs/common.py @@ -121,6 +121,9 @@ # Methods to derive settings _make_mako_template_dirs, _make_locale_paths, + + # Password Validator Settings + AUTH_PASSWORD_VALIDATORS ) from path import Path as path from django.urls import reverse_lazy @@ -1878,24 +1881,6 @@ EVENT_TRACKING_SEGMENTIO_EMIT_WHITELIST = [] #### PASSWORD POLICY SETTINGS ##### -AUTH_PASSWORD_VALIDATORS = [ - { - "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", - }, - { - "NAME": "common.djangoapps.util.password_policy_validators.MinimumLengthValidator", - "OPTIONS": { - "min_length": 2 - } - }, - { - "NAME": "common.djangoapps.util.password_policy_validators.MaximumLengthValidator", - "OPTIONS": { - "max_length": 75 - } - }, -] - PASSWORD_POLICY_COMPLIANCE_ROLLOUT_CONFIG = { 'ENFORCE_COMPLIANCE_ON_LOGIN': False } diff --git a/lms/envs/common.py b/lms/envs/common.py index 2c12037e921b..e5089e86b0b2 100644 --- a/lms/envs/common.py +++ b/lms/envs/common.py @@ -3756,7 +3756,7 @@ def _make_locale_paths(settings): # pylint: disable=missing-function-docstring { "NAME": "common.djangoapps.util.password_policy_validators.MinimumLengthValidator", "OPTIONS": { - "min_length": 2 + "min_length": 8 } }, { From ae42b094eaed70c3d8206e55a17e7a814cbaf2e2 Mon Sep 17 00:00:00 2001 From: Feanil Patel Date: Thu, 28 Sep 2023 16:01:13 -0400 Subject: [PATCH 2/5] test: Fix validation tests. Make them resilient to the default changing where it makes sense. --- common/djangoapps/student/tests/test_email.py | 2 +- .../tests/test_password_policy_validators.py | 16 +++++++++++++--- .../user_authn/views/tests/test_register.py | 14 ++++++++++++-- 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/common/djangoapps/student/tests/test_email.py b/common/djangoapps/student/tests/test_email.py index 7f1287fba048..f39591c77945 100644 --- a/common/djangoapps/student/tests/test_email.py +++ b/common/djangoapps/student/tests/test_email.py @@ -136,7 +136,7 @@ def _create_account(self): params = { 'username': 'test_user', 'email': 'test_user@example.com', - 'password': 'edx', + 'password': 'long_password', 'name': 'Test User', 'honor_code': True, 'terms_of_service': True diff --git a/common/djangoapps/util/tests/test_password_policy_validators.py b/common/djangoapps/util/tests/test_password_policy_validators.py index f0ffe3c2b178..f5eea255bff2 100644 --- a/common/djangoapps/util/tests/test_password_policy_validators.py +++ b/common/djangoapps/util/tests/test_password_policy_validators.py @@ -45,6 +45,11 @@ def validation_errors_checker(self, password, msg, user=None): validate_password(password, user) assert msg in ' '.join(cm.value.messages) + @override_settings(AUTH_PASSWORD_VALIDATORS=[ + create_validator_config( + 'common.djangoapps.util.password_policy_validators.MinimumLengthValidator', {'min_length': 4} + ) + ]) def test_unicode_password(self): """ Tests that validate_password enforces unicode """ unicode_str = '𤭮' @@ -55,12 +60,17 @@ def test_unicode_password(self): assert len(unicode_str) == 1 # Test length check - self.validation_errors_checker(byte_str, 'This password is too short. It must contain at least 2 characters.') - self.validation_errors_checker(byte_str + byte_str, None) + self.validation_errors_checker(byte_str, 'This password is too short. It must contain at least 4 characters.') + self.validation_errors_checker(byte_str * 4, None) # Test badly encoded password self.validation_errors_checker(b'\xff\xff', 'Invalid password.') + @override_settings(AUTH_PASSWORD_VALIDATORS=[ + create_validator_config( + 'common.djangoapps.util.password_policy_validators.MinimumLengthValidator', {'min_length': 4} + ) + ]) def test_password_unicode_normalization(self): """ Tests that validate_password normalizes passwords """ # s ̣ ̇ (s with combining dot below and combining dot above) @@ -70,7 +80,7 @@ def test_password_unicode_normalization(self): # When we normalize we expect the not_normalized password to fail # because it should be normalized to '\u1E69' -> ṩ self.validation_errors_checker(not_normalized_password, - 'This password is too short. It must contain at least 2 characters.') + 'This password is too short. It must contain at least 4 characters.') @data( ([create_validator_config('common.djangoapps.util.password_policy_validators.MinimumLengthValidator', {'min_length': 2})], # lint-amnesty, pylint: disable=line-too-long diff --git a/openedx/core/djangoapps/user_authn/views/tests/test_register.py b/openedx/core/djangoapps/user_authn/views/tests/test_register.py index 0bc05545f775..8e73ab2ec3c9 100644 --- a/openedx/core/djangoapps/user_authn/views/tests/test_register.py +++ b/openedx/core/djangoapps/user_authn/views/tests/test_register.py @@ -2689,20 +2689,30 @@ def test_username_invalid_ascii_validation_decision(self, username): {"username": str(USERNAME_INVALID_CHARS_ASCII)} ) + @override_settings(AUTH_PASSWORD_VALIDATORS=[ + create_validator_config( + 'common.djangoapps.util.password_policy_validators.MinimumLengthValidator', {'min_length': 4} + ) + ]) def test_password_empty_validation_decision(self): # 2 is the default setting for minimum length found in lms/envs/common.py # under AUTH_PASSWORD_VALIDATORS.MinimumLengthValidator - msg = 'This password is too short. It must contain at least 2 characters.' + msg = 'This password is too short. It must contain at least 4 characters.' self.assertValidationDecision( {'password': ''}, {"password": msg} ) + @override_settings(AUTH_PASSWORD_VALIDATORS=[ + create_validator_config( + 'common.djangoapps.util.password_policy_validators.MinimumLengthValidator', {'min_length': 4} + ) + ]) def test_password_bad_min_length_validation_decision(self): password = 'p' # 2 is the default setting for minimum length found in lms/envs/common.py # under AUTH_PASSWORD_VALIDATORS.MinimumLengthValidator - msg = 'This password is too short. It must contain at least 2 characters.' + msg = 'This password is too short. It must contain at least 4 characters.' self.assertValidationDecision( {'password': password}, {"password": msg} From 1e2ea85372cf777122cb1f13c7c6a63c982b8790 Mon Sep 17 00:00:00 2001 From: Feanil Patel Date: Fri, 29 Sep 2023 13:24:31 -0400 Subject: [PATCH 3/5] test: Update more tests that had short passwords. --- .../tests/test_course_create_rerun.py | 2 +- .../contentstore/tests/test_course_listing.py | 4 +- .../tests/test_course_settings.py | 4 +- .../contentstore/tests/test_i18n.py | 2 +- .../tests/test_users_default_role.py | 2 +- cms/djangoapps/contentstore/tests/tests.py | 2 +- .../views/tests/test_certificates.py | 10 ++-- .../views/tests/test_organizations.py | 5 +- cms/djangoapps/maintenance/tests.py | 16 +++--- .../course_modes/tests/test_admin.py | 2 +- common/djangoapps/student/tests/factories.py | 4 +- .../student/tests/test_admin_views.py | 17 ++++--- .../student/tests/test_bulk_email_settings.py | 2 +- .../djangoapps/student/tests/test_filters.py | 2 +- .../student/tests/test_retirement.py | 2 +- .../student/tests/test_userstanding.py | 2 +- common/djangoapps/student/tests/test_views.py | 7 ++- common/djangoapps/student/tests/tests.py | 29 ++++++----- .../third_party_auth/tests/specs/base.py | 2 +- .../third_party_auth/tests/test_admin.py | 7 ++- lms/djangoapps/badges/api/tests.py | 2 +- .../bulk_email/tests/test_course_optout.py | 10 ++-- lms/djangoapps/bulk_email/tests/test_email.py | 2 +- .../bulk_email/tests/test_err_handling.py | 2 +- .../bulk_email/tests/test_signals.py | 4 +- lms/djangoapps/ccx/api/v0/tests/test_views.py | 8 +-- lms/djangoapps/ccx/tests/test_views.py | 31 ++++++------ lms/djangoapps/ccx/tests/utils.py | 6 +-- .../commerce/api/v1/tests/test_views.py | 2 +- lms/djangoapps/commerce/tests/test_views.py | 5 +- .../course_api/blocks/tests/test_views.py | 14 +++--- .../transformers/tests/helpers.py | 4 +- lms/djangoapps/course_wiki/tests/tests.py | 2 +- lms/djangoapps/courseware/tests/helpers.py | 4 +- lms/djangoapps/courseware/tests/test_about.py | 2 +- .../courseware/tests/test_access.py | 6 +-- .../courseware/tests/test_block_render.py | 4 +- .../courseware/tests/test_course_survey.py | 2 +- .../tests/test_discussion_xblock.py | 2 +- .../courseware/tests/test_entrance_exam.py | 6 +-- .../courseware/tests/test_masquerade.py | 10 ++-- .../courseware/tests/test_split_module.py | 4 +- .../tests/test_submitting_problems.py | 2 +- lms/djangoapps/courseware/tests/test_tabs.py | 6 +-- .../tests/test_view_authentication.py | 4 +- lms/djangoapps/courseware/tests/test_views.py | 28 +++++------ lms/djangoapps/courseware/testutils.py | 2 +- .../django_comment_client/base/tests.py | 4 +- .../discussion/rest_api/tests/test_views.py | 16 +++--- lms/djangoapps/discussion/tests/test_views.py | 22 ++++---- .../grades/rest_api/v1/tests/mixins.py | 2 +- .../grades/rest_api/v1/tests/test_views.py | 2 +- .../grades/tests/integration/test_access.py | 4 +- .../grades/tests/integration/test_events.py | 4 +- .../grades/tests/integration/test_problems.py | 10 ++-- lms/djangoapps/instructor/tests/test_api.py | 50 +++++++++---------- .../tests/test_api_email_localization.py | 2 +- .../instructor/tests/test_certificates.py | 40 +++++++-------- lms/djangoapps/instructor/tests/test_email.py | 4 +- .../instructor/tests/test_filters.py | 2 +- .../instructor/tests/test_proctoring.py | 2 +- .../instructor/tests/test_spoc_gradebook.py | 2 +- .../tests/views/test_instructor_dashboard.py | 14 +++--- .../rest_api/v1/tests/test_views.py | 22 ++++---- .../instructor_task/tests/test_base.py | 2 +- .../api/v0/tests/test_views.py | 6 +-- .../learner_dashboard/tests/test_programs.py | 11 ++-- .../learner_dashboard/tests/test_views.py | 7 ++- .../tests/test_views.py | 12 +++-- lms/djangoapps/mobile_api/testutils.py | 2 +- lms/djangoapps/staticbook/tests.py | 2 +- lms/djangoapps/survey/tests/test_models.py | 2 +- lms/djangoapps/survey/tests/test_utils.py | 2 +- lms/djangoapps/survey/tests/test_views.py | 2 +- .../verify_student/tests/test_views.py | 16 +++--- .../contentserver/test/test_contentserver.py | 14 +++--- .../course_apps/rest_api/tests/test_views.py | 2 +- .../notifications/tests/test_views.py | 37 +++++++------- .../tests/test_dot_overrides.py | 19 ++++--- .../oauth_dispatch/tests/test_views.py | 11 ++-- .../safe_sessions/tests/test_middleware.py | 12 +++-- .../tests/test_theme_style_overrides.py | 5 +- .../djangoapps/theming/tests/test_views.py | 2 +- .../user_api/accounts/tests/test_api.py | 2 +- .../djangoapps/user_api/tests/test_views.py | 1 + .../verification_api/tests/test_views.py | 2 +- .../user_authn/api/tests/test_views.py | 4 +- .../core/djangoapps/user_authn/tests/utils.py | 2 +- .../user_authn/views/tests/test_password.py | 8 +-- .../tests/test_course_expiration.py | 10 ++-- .../tests/views/test_course_sock.py | 2 +- .../tests/views/test_masquerade.py | 2 +- .../test_crowdsource_hinter.py | 4 +- .../xblock_integration/test_recommender.py | 6 +-- .../xblock_integration/xblock_testcase.py | 6 +-- xmodule/modulestore/tests/django_utils.py | 2 +- 96 files changed, 365 insertions(+), 351 deletions(-) diff --git a/cms/djangoapps/contentstore/tests/test_course_create_rerun.py b/cms/djangoapps/contentstore/tests/test_course_create_rerun.py index 264d6de8ff2f..c8d8c6e8d71d 100644 --- a/cms/djangoapps/contentstore/tests/test_course_create_rerun.py +++ b/cms/djangoapps/contentstore/tests/test_course_create_rerun.py @@ -51,7 +51,7 @@ def setUp(self): self.factory = RequestFactory() self.global_admin = AdminFactory() self.client = AjaxEnabledTestClient() - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) self.course_create_rerun_url = reverse('course_handler') self.course_start = datetime.datetime.utcnow() self.course_end = self.course_start + datetime.timedelta(days=30) diff --git a/cms/djangoapps/contentstore/tests/test_course_listing.py b/cms/djangoapps/contentstore/tests/test_course_listing.py index 461a1281f55d..66c16dc6dd8c 100644 --- a/cms/djangoapps/contentstore/tests/test_course_listing.py +++ b/cms/djangoapps/contentstore/tests/test_course_listing.py @@ -56,12 +56,12 @@ def setUp(self): super().setUp() # create and log in a staff user. # create and log in a non-staff user - self.user = UserFactory() + self.user = UserFactory(password=self.TEST_PASSWORD) self.factory = RequestFactory() self.request = self.factory.get('/course') self.request.user = self.user self.client = AjaxEnabledTestClient() - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) def _create_course_with_access_groups(self, course_location, user=None): """ diff --git a/cms/djangoapps/contentstore/tests/test_course_settings.py b/cms/djangoapps/contentstore/tests/test_course_settings.py index 605e0d21330e..f19f35efe2db 100644 --- a/cms/djangoapps/contentstore/tests/test_course_settings.py +++ b/cms/djangoapps/contentstore/tests/test_course_settings.py @@ -1866,10 +1866,10 @@ def _get_course_details_response(self, global_staff): """ Return the course details page as either global or non-global staff """ - user = UserFactory(is_staff=global_staff) + user = UserFactory(is_staff=global_staff, password=self.TEST_PASSWORD) CourseInstructorRole(self.course.id).add_users(user) - self.client.login(username=user.username, password='test') + self.client.login(username=user.username, password=self.TEST_PASSWORD) return self.client.get_html(self.course_details_url) diff --git a/cms/djangoapps/contentstore/tests/test_i18n.py b/cms/djangoapps/contentstore/tests/test_i18n.py index dc7740307169..be2003f981aa 100644 --- a/cms/djangoapps/contentstore/tests/test_i18n.py +++ b/cms/djangoapps/contentstore/tests/test_i18n.py @@ -184,7 +184,7 @@ def setUp(self): self.uname = 'testuser' self.email = 'test+courses@edx.org' - self.password = 'foo' + self.password = 'password' # Create the use so we can log them in. self.user = UserFactory.create(username=self.uname, email=self.email, password=self.password) diff --git a/cms/djangoapps/contentstore/tests/test_users_default_role.py b/cms/djangoapps/contentstore/tests/test_users_default_role.py index 590efc0bff67..1abf0a0ec697 100644 --- a/cms/djangoapps/contentstore/tests/test_users_default_role.py +++ b/cms/djangoapps/contentstore/tests/test_users_default_role.py @@ -27,7 +27,7 @@ def setUp(self): # create and log in a staff user. self.user = UserFactory(is_staff=True) self.client = AjaxEnabledTestClient() - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) # create a course via the view handler to create course self.course_key = self.store.make_course_key('Org_1', 'Course_1', 'Run_1') diff --git a/cms/djangoapps/contentstore/tests/tests.py b/cms/djangoapps/contentstore/tests/tests.py index f212bc39f1d8..bd2c3dbfd3c8 100644 --- a/cms/djangoapps/contentstore/tests/tests.py +++ b/cms/djangoapps/contentstore/tests/tests.py @@ -95,7 +95,7 @@ def setUp(self): super().setUp() self.email = 'a@b.com' - self.pw = 'xyz' + self.pw = 'password1234' self.username = 'testuser' self.client = AjaxEnabledTestClient() # clear the cache so ratelimiting won't affect these tests diff --git a/cms/djangoapps/contentstore/views/tests/test_certificates.py b/cms/djangoapps/contentstore/views/tests/test_certificates.py index 76dfb3be95d7..7af7a448de10 100644 --- a/cms/djangoapps/contentstore/views/tests/test_certificates.py +++ b/cms/djangoapps/contentstore/views/tests/test_certificates.py @@ -249,7 +249,7 @@ def test_cannot_create_certificate_if_user_has_no_write_permissions(self): Tests user without write permissions on course should not able to create certificate """ user = UserFactory() - self.client.login(username=user.username, password='test') + self.client.login(username=user.username, password=self.TEST_PASSWORD) response = self.client.ajax_post( self._url(), data=CERTIFICATE_JSON @@ -635,7 +635,7 @@ def test_delete_certificate_without_write_permissions(self, signatory_path): """ self._add_course_certificates(count=2, signatory_count=1, asset_path_format=signatory_path) user = UserFactory() - self.client.login(username=user.username, password='test') + self.client.login(username=user.username, password=self.TEST_PASSWORD) response = self.client.delete( self._url(cid=1), content_type="application/json", @@ -653,7 +653,7 @@ def test_delete_certificate_without_global_staff_permissions(self, signatory_pat user = UserFactory() for role in [CourseInstructorRole, CourseStaffRole]: role(self.course.id).add_users(user) - self.client.login(username=user.username, password='test') + self.client.login(username=user.username, password=self.TEST_PASSWORD) response = self.client.delete( self._url(cid=1), content_type="application/json", @@ -681,7 +681,7 @@ def test_update_active_certificate_without_global_staff_permissions(self, signat user = UserFactory() for role in [CourseInstructorRole, CourseStaffRole]: role(self.course.id).add_users(user) - self.client.login(username=user.username, password='test') + self.client.login(username=user.username, password=self.TEST_PASSWORD) response = self.client.put( self._url(cid=1), data=json.dumps(cert_data), @@ -799,7 +799,7 @@ def test_certificate_activation_without_write_permissions(self, activate, signat test_url = reverse_course_url('certificate_activation_handler', self.course.id) self._add_course_certificates(count=1, signatory_count=2, asset_path_format=signatory_path) user = UserFactory() - self.client.login(username=user.username, password='test') + self.client.login(username=user.username, password=self.TEST_PASSWORD) response = self.client.post( test_url, data=json.dumps({"is_active": activate}), diff --git a/cms/djangoapps/contentstore/views/tests/test_organizations.py b/cms/djangoapps/contentstore/views/tests/test_organizations.py index 6f3b67671101..cf3a376f3461 100644 --- a/cms/djangoapps/contentstore/views/tests/test_organizations.py +++ b/cms/djangoapps/contentstore/views/tests/test_organizations.py @@ -14,8 +14,9 @@ class TestOrganizationListing(TestCase): """Verify Organization listing behavior.""" def setUp(self): super().setUp() - self.staff = UserFactory(is_staff=True) - self.client.login(username=self.staff.username, password='test') + self.password = "password1234" + self.staff = UserFactory(is_staff=True, password=self.password) + self.client.login(username=self.staff.username, password=self.password) self.org_names_listing_url = reverse('organizations') self.org_short_names = ["alphaX", "betaX", "orgX"] for index, short_name in enumerate(self.org_short_names): diff --git a/cms/djangoapps/maintenance/tests.py b/cms/djangoapps/maintenance/tests.py index dd060c4c0113..a487f8e37faa 100644 --- a/cms/djangoapps/maintenance/tests.py +++ b/cms/djangoapps/maintenance/tests.py @@ -30,7 +30,7 @@ class TestMaintenanceIndex(ModuleStoreTestCase): def setUp(self): super().setUp() self.user = AdminFactory() - login_success = self.client.login(username=self.user.username, password='test') + login_success = self.client.login(username=self.user.username, password=self.TEST_PASSWORD) self.assertTrue(login_success) self.view_url = reverse('maintenance:maintenance_index') @@ -56,7 +56,7 @@ class MaintenanceViewTestCase(ModuleStoreTestCase): def setUp(self): super().setUp() self.user = AdminFactory() - login_success = self.client.login(username=self.user.username, password='test') + login_success = self.client.login(username=self.user.username, password=self.TEST_PASSWORD) self.assertTrue(login_success) def verify_error_message(self, data, error_message): @@ -110,8 +110,8 @@ def test_non_global_staff_access(self, url): """ Test that all maintenance app views are not accessible to non-global-staff user. """ - user = UserFactory(username='test', email='test@example.com', password='test') - login_success = self.client.login(username=user.username, password='test') + user = UserFactory(username='test', email='test@example.com', password=self.TEST_PASSWORD) + login_success = self.client.login(username=user.username, password=self.TEST_PASSWORD) self.assertTrue(login_success) response = self.client.get(url) @@ -245,13 +245,13 @@ def setUp(self): self.admin = AdminFactory.create( email='staff@edx.org', username='admin', - password='pass' + password=self.TEST_PASSWORD ) - self.client.login(username=self.admin.username, password='pass') + self.client.login(username=self.admin.username, password=self.TEST_PASSWORD) self.non_staff_user = UserFactory.create( email='test@edx.org', username='test', - password='pass' + password=self.TEST_PASSWORD ) def test_index(self): @@ -301,7 +301,7 @@ def _test_403(self, viewname, kwargs=None): self.assertEqual(response.status_code, 403) def test_authorization(self): - self.client.login(username=self.non_staff_user, password='pass') + self.client.login(username=self.non_staff_user, password=self.TEST_PASSWORD) announcement = Announcement.objects.create(content="Test Delete") announcement.save() diff --git a/common/djangoapps/course_modes/tests/test_admin.py b/common/djangoapps/course_modes/tests/test_admin.py index 52640dc52fe5..25b6558d24ab 100644 --- a/common/djangoapps/course_modes/tests/test_admin.py +++ b/common/djangoapps/course_modes/tests/test_admin.py @@ -54,7 +54,7 @@ def test_expiration_timezone(self): '_expiration_datetime_1': expiration.time(), } - self.client.login(username=user.username, password='test') + self.client.login(username=user.username, password=self.TEST_PASSWORD) # Create a new course mode from django admin page response = self.client.post(reverse('admin:course_modes_coursemode_add'), data=data) diff --git a/common/djangoapps/student/tests/factories.py b/common/djangoapps/student/tests/factories.py index 708082412516..506d1818e4c4 100644 --- a/common/djangoapps/student/tests/factories.py +++ b/common/djangoapps/student/tests/factories.py @@ -35,7 +35,7 @@ from openedx.core.djangoapps.content.course_overviews.models import CourseOverview from openedx.core.djangoapps.content.course_overviews.tests.factories import CourseOverviewFactory -TEST_PASSWORD = 'test' +TEST_PASSWORD = 'password' class GroupFactory(DjangoModelFactory): # lint-amnesty, pylint: disable=missing-class-docstring @@ -81,7 +81,7 @@ class Meta: model = User django_get_or_create = ('email', 'username') - _DEFAULT_PASSWORD = 'test' + _DEFAULT_PASSWORD = 'password' username = factory.Sequence('robot{}'.format) email = factory.Sequence('robot+test+{}@edx.org'.format) diff --git a/common/djangoapps/student/tests/test_admin_views.py b/common/djangoapps/student/tests/test_admin_views.py index 5c6350c2f0ce..7ae693606daf 100644 --- a/common/djangoapps/student/tests/test_admin_views.py +++ b/common/djangoapps/student/tests/test_admin_views.py @@ -53,7 +53,7 @@ def test_save_valid_data(self): 'email': self.user.email } - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) # # adding new role from django admin page response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data) @@ -78,7 +78,7 @@ def test_save_without_org_and_course_data(self): 'course_id': str(self.course.id) } - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) # # adding new role from django admin page response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data) @@ -96,7 +96,7 @@ def test_save_with_course_only(self): } - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) # # adding new role from django admin page response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data) @@ -115,7 +115,7 @@ def test_save_with_org_only(self): } - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) # # adding new role from django admin page response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data) @@ -136,7 +136,7 @@ def test_save_with_invalid_course(self): 'email': email } - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) # Adding new role with invalid data response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data) @@ -163,7 +163,7 @@ def test_save_valid_course_invalid_org(self): 'email': self.user.email } - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) # # adding new role from django admin page response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data) @@ -230,7 +230,7 @@ def setUp(self): user=self.user, course_id=self.course.id, # pylint: disable=no-member ) - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) @ddt.data(*ADMIN_URLS) @ddt.unpack @@ -326,11 +326,12 @@ def setUpClass(cls): super().setUpClass() cls.user = UserFactory.create(username='§', is_staff=True, is_superuser=True) cls.user.save() + cls.TEST_PASSWORD = 'password' def setUp(self): """Setup.""" super().setUp() - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) self.user2 = UserFactory.create(username='Zażółć gęślą jaźń') self.user_lockout_until = datetime.datetime.now(UTC) LoginFailures.objects.create(user=self.user, failure_count=10, lockout_until=self.user_lockout_until) diff --git a/common/djangoapps/student/tests/test_bulk_email_settings.py b/common/djangoapps/student/tests/test_bulk_email_settings.py index d9bfd15621ca..308ccf66e09d 100644 --- a/common/djangoapps/student/tests/test_bulk_email_settings.py +++ b/common/djangoapps/student/tests/test_bulk_email_settings.py @@ -33,7 +33,7 @@ def setUp(self): # Create student account student = UserFactory.create() CourseEnrollmentFactory.create(user=student, course_id=self.course.id) - self.client.login(username=student.username, password="test") + self.client.login(username=student.username, password=self.TEST_PASSWORD) self.url = reverse('dashboard') # URL for email settings modal diff --git a/common/djangoapps/student/tests/test_filters.py b/common/djangoapps/student/tests/test_filters.py index 6e429fd39a5c..376595a8507b 100644 --- a/common/djangoapps/student/tests/test_filters.py +++ b/common/djangoapps/student/tests/test_filters.py @@ -316,7 +316,7 @@ class StudentDashboardFiltersTest(ModuleStoreTestCase): def setUp(self): # pylint: disable=arguments-differ super().setUp() self.user = UserFactory() - self.client.login(username=self.user.username, password="test") + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) self.dashboard_url = reverse("dashboard") self.first_course = CourseFactory.create( org="test1", course="course1", display_name="run1", diff --git a/common/djangoapps/student/tests/test_retirement.py b/common/djangoapps/student/tests/test_retirement.py index a7e5fac86571..96c0034a0e7c 100644 --- a/common/djangoapps/student/tests/test_retirement.py +++ b/common/djangoapps/student/tests/test_retirement.py @@ -260,7 +260,7 @@ def setUp(self): 'username': 'username', 'email': 'foo_bar' + '@bar.com', 'name': 'foo bar', - 'password': '123', + 'password': '12345678', 'terms_of_service': 'true', 'honor_code': 'true', } diff --git a/common/djangoapps/student/tests/test_userstanding.py b/common/djangoapps/student/tests/test_userstanding.py index 832127e474ed..e7b9bab233a1 100644 --- a/common/djangoapps/student/tests/test_userstanding.py +++ b/common/djangoapps/student/tests/test_userstanding.py @@ -43,7 +43,7 @@ def setUp(self): (self.non_staff, self.non_staff_client), (self.admin, self.admin_client), ]: - client.login(username=user.username, password='test') + client.login(username=user.username, password='password') UserStandingFactory.create( user=self.bad_user, diff --git a/common/djangoapps/student/tests/test_views.py b/common/djangoapps/student/tests/test_views.py index b9518efa0446..1230f8320a75 100644 --- a/common/djangoapps/student/tests/test_views.py +++ b/common/djangoapps/student/tests/test_views.py @@ -49,7 +49,6 @@ from xmodule.modulestore.tests.django_utils import SharedModuleStoreTestCase # lint-amnesty, pylint: disable=wrong-import-order from xmodule.modulestore.tests.factories import CourseFactory, BlockFactory # lint-amnesty, pylint: disable=wrong-import-order -PASSWORD = 'test' TOMORROW = now() + timedelta(days=1) ONE_WEEK_AGO = now() - timedelta(weeks=1) THREE_YEARS_FROM_NOW = now() + timedelta(days=(365 * 3)) @@ -81,7 +80,7 @@ def setUp(self): self.user = UserFactory() self.enrollment = CourseEnrollmentFactory(course_id=self.course.id, user=self.user) self.cert_status = 'processing' - self.client.login(username=self.user.username, password=PASSWORD) + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) def mock_cert(self, _user, _course_overview): """ Return a preset certificate status. """ @@ -212,7 +211,7 @@ def setUp(self): """ super().setUp() self.user = UserFactory() - self.client.login(username=self.user.username, password=PASSWORD) + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) self.path = reverse('dashboard') def set_course_sharing_urls(self, set_marketing, set_social_sharing): @@ -1018,7 +1017,7 @@ class TestCourseDashboardNoticesRedirects(SharedModuleStoreTestCase): def setUp(self): super().setUp() self.user = UserFactory() - self.client.login(username=self.user.username, password=PASSWORD) + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) self.path = reverse('dashboard') def test_check_for_unacknowledged_notices(self): diff --git a/common/djangoapps/student/tests/tests.py b/common/djangoapps/student/tests/tests.py index b41ad2f856d6..a90b2504d137 100644 --- a/common/djangoapps/student/tests/tests.py +++ b/common/djangoapps/student/tests/tests.py @@ -278,7 +278,7 @@ class DashboardTest(ModuleStoreTestCase, TestVerificationBase): def setUp(self): super().setUp() self.course = CourseFactory.create() - self.user = UserFactory.create(username="jack", email="jack@fake.edx.org", password='test') + self.user = UserFactory.create(username="jack", email="jack@fake.edx.org", password=self.TEST_PASSWORD) self.client = Client() cache.clear() @@ -307,7 +307,7 @@ def test_verification_status_visible(self): """ Test that the certificate verification status for courses is visible on the dashboard. """ - self.client.login(username="jack", password="test") + self.client.login(username="jack", password=self.TEST_PASSWORD) self._check_verification_status_on('verified', 'You're enrolled as a verified student') self._check_verification_status_on('honor', 'You're enrolled as an honor code student') self._check_verification_status_off('audit', '') @@ -345,7 +345,7 @@ def test_verification_status_invisible(self): Test that the certificate verification status for courses is not visible on the dashboard if the verified certificates setting is off. """ - self.client.login(username="jack", password="test") + self.client.login(username="jack", password=self.TEST_PASSWORD) self._check_verification_status_off('verified', 'You\'re enrolled as a verified student') self._check_verification_status_off('honor', 'You\'re enrolled as an honor code student') self._check_verification_status_off('audit', '') @@ -371,7 +371,7 @@ def test_course_mode_info(self): @skip_unless_lms def test_linked_in_add_to_profile_btn_not_appearing_without_config(self): # Without linked-in config don't show Add Certificate to LinkedIn button - self.client.login(username="jack", password="test") + self.client.login(username="jack", password=self.TEST_PASSWORD) CourseModeFactory.create( course_id=self.course.id, @@ -409,7 +409,7 @@ def test_linked_in_add_to_profile_btn_not_appearing_without_config(self): def test_linked_in_add_to_profile_btn_with_certificate(self): # If user has a certificate with valid linked-in config then Add Certificate to LinkedIn button # should be visible. and it has URL value with valid parameters. - self.client.login(username="jack", password="test") + self.client.login(username="jack", password=self.TEST_PASSWORD) linkedin_config = LinkedInAddToProfileConfiguration.objects.create(company_identifier='1337', enabled=True) CourseModeFactory.create( @@ -480,7 +480,7 @@ def test_dashboard_metadata_caching(self): # Create a course and log in the user. # Creating a new course will trigger a publish event and the course will be cached test_course = CourseFactory.create(emit_signals=True) - self.client.login(username="jack", password="test") + self.client.login(username="jack", password=self.TEST_PASSWORD) with check_mongo_calls(0): CourseEnrollment.enroll(self.user, test_course.id) @@ -495,7 +495,7 @@ def test_dashboard_metadata_caching(self): @skip_unless_lms def test_dashboard_header_nav_has_find_courses(self): - self.client.login(username="jack", password="test") + self.client.login(username="jack", password=self.TEST_PASSWORD) response = self.client.get(reverse("dashboard")) # "Explore courses" is shown in the side panel @@ -542,7 +542,7 @@ def setUp(self): super().setUp() self.org = 'fakeX' self.course = CourseFactory.create(org=self.org) - self.user = UserFactory.create(username='jack', email='jack@fake.edx.org', password='test') + self.user = UserFactory.create(username='jack', email='jack@fake.edx.org', password=self.TEST_PASSWORD) CourseModeFactory.create(mode_slug='no-id-professional', course_id=self.course.id) CourseEnrollment.enroll(self.user, self.course.location.course_key, mode='no-id-professional') cache.clear() @@ -564,7 +564,7 @@ def test_course_mode_visible(self, site_domain, site_configuration_values): 'course_org_filter': self.org }) self.set_up_site(site_domain, site_configuration_values) - self.client.login(username='jack', password='test') + self.client.login(username='jack', password=self.TEST_PASSWORD) response = self.client.get(reverse('dashboard')) self.assertContains(response, 'class="course professional"') @@ -585,7 +585,7 @@ def test_course_mode_invisible(self, site_domain, site_configuration_values): 'course_org_filter': self.org }) self.set_up_site(site_domain, site_configuration_values) - self.client.login(username='jack', password='test') + self.client.login(username='jack', password=self.TEST_PASSWORD) response = self.client.get(reverse('dashboard')) self.assertNotContains(response, 'class="course professional"') @@ -899,8 +899,8 @@ class ChangeEnrollmentViewTest(ModuleStoreTestCase): def setUp(self): super().setUp() self.course = CourseFactory.create() - self.user = UserFactory.create(password='secret') - self.client.login(username=self.user.username, password='secret') + self.user = UserFactory.create(password=self.TEST_PASSWORD) + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) self.url = reverse('change_enrollment') def _enroll_through_view(self, course): @@ -1056,14 +1056,13 @@ def test_anonymous_id_secret_key_changes_result_in_diff_values_for_same_new_user class RelatedProgramsTests(ProgramsApiConfigMixin, SharedModuleStoreTestCase): """Tests verifying that related programs appear on the course dashboard.""" maxDiff = None - password = 'test' related_programs_preface = 'Related Programs' @classmethod def setUpClass(cls): super().setUpClass() - cls.user = UserFactory() + cls.user = UserFactory(password=cls.TEST_PASSWORD) cls.course = CourseFactory() cls.enrollment = CourseEnrollmentFactory(user=cls.user, course_id=cls.course.id) # pylint: disable=no-member @@ -1073,7 +1072,7 @@ def setUp(self): self.url = reverse('dashboard') self.create_programs_config() - self.client.login(username=self.user.username, password=self.password) + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) course_run = CourseRunFactory(key=str(self.course.id)) # pylint: disable=no-member course = CatalogCourseFactory(course_runs=[course_run]) diff --git a/common/djangoapps/third_party_auth/tests/specs/base.py b/common/djangoapps/third_party_auth/tests/specs/base.py index 116deacf5e1d..4974627fd0ee 100644 --- a/common/djangoapps/third_party_auth/tests/specs/base.py +++ b/common/djangoapps/third_party_auth/tests/specs/base.py @@ -481,7 +481,7 @@ def _test_login(self): # The AJAX on the page will log them in: ajax_login_response = self.client.post( reverse('user_api_login_session', kwargs={'api_version': 'v1'}), - {'email': self.user.email, 'password': 'test'} + {'email': self.user.email, 'password': 'password'} ) assert ajax_login_response.status_code == 200 # Then the AJAX will finish the third party auth: diff --git a/common/djangoapps/third_party_auth/tests/test_admin.py b/common/djangoapps/third_party_auth/tests/test_admin.py index c5481a3a09b4..a1b2e2235d9f 100644 --- a/common/djangoapps/third_party_auth/tests/test_admin.py +++ b/common/djangoapps/third_party_auth/tests/test_admin.py @@ -14,6 +14,9 @@ from common.djangoapps.third_party_auth.tests.utils import skip_unless_thirdpartyauth +TEST_PASSWORD = 'password' + + # This is necessary because cms does not implement third party auth @skip_unless_thirdpartyauth() class Oauth2ProviderConfigAdminTest(testutil.TestCase): @@ -36,9 +39,9 @@ def test_oauth2_provider_edit_icon_image(self): prepopulated correctly, and that we can clear and update the image. """ # Login as a super user - user = UserFactory.create(is_staff=True, is_superuser=True) + user = UserFactory.create(is_staff=True, is_superuser=True, password=TEST_PASSWORD) user.save() - self.client.login(username=user.username, password='test') + self.client.login(username=user.username, password=TEST_PASSWORD) # Get baseline provider count providers = OAuth2ProviderConfig.objects.all() diff --git a/lms/djangoapps/badges/api/tests.py b/lms/djangoapps/badges/api/tests.py index e0031c29dee4..cadb30d11a9a 100644 --- a/lms/djangoapps/badges/api/tests.py +++ b/lms/djangoapps/badges/api/tests.py @@ -29,7 +29,7 @@ def setUp(self): self.course = CourseFactory.create() self.user = UserFactory.create() # Password defined by factory. - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) def url(self): """ diff --git a/lms/djangoapps/bulk_email/tests/test_course_optout.py b/lms/djangoapps/bulk_email/tests/test_course_optout.py index a618545bcd68..fe0f70fbdc3b 100644 --- a/lms/djangoapps/bulk_email/tests/test_course_optout.py +++ b/lms/djangoapps/bulk_email/tests/test_course_optout.py @@ -40,7 +40,7 @@ def setUp(self): # load initial content (since we don't run migrations as part of tests): call_command("loaddata", "course_email_template.json") - self.client.login(username=self.student.username, password="test") + self.client.login(username=self.student.username, password=self.TEST_PASSWORD) self.send_mail_url = reverse('send_email', kwargs={'course_id': str(self.course.id)}) self.success_content = { @@ -70,7 +70,7 @@ def test_optout_course(self): self.client.logout() - self.client.login(username=self.instructor.username, password="test") + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) self.navigate_to_email_view() test_email = { @@ -92,7 +92,7 @@ def test_optout_using_unsubscribe_link_in_email(self): """ self.client.logout() - self.client.login(username=self.instructor.username, password="test") + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) unsubscribe_link = get_unsubscribed_link(self.student.username, str(self.course.id)) response = self.client.post(unsubscribe_link, {'unsubscribe': True}) @@ -122,7 +122,7 @@ def test_optin_course(self): assert CourseEnrollment.is_enrolled(self.student, self.course.id) - self.client.login(username=self.instructor.username, password="test") + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) self.navigate_to_email_view() test_email = { @@ -155,7 +155,7 @@ def setUp(self): self.student = UserFactory.create() CourseEnrollmentFactory.create(user=self.student, course_id=self.course.id) - self.client.login(username=self.student.username, password="test") + self.client.login(username=self.student.username, password=self.TEST_PASSWORD) self._set_email_optout(False) self.policy = CourseEmailOptout() diff --git a/lms/djangoapps/bulk_email/tests/test_email.py b/lms/djangoapps/bulk_email/tests/test_email.py index b67864381bfa..ba95bd26ddda 100644 --- a/lms/djangoapps/bulk_email/tests/test_email.py +++ b/lms/djangoapps/bulk_email/tests/test_email.py @@ -87,7 +87,7 @@ def login_as_user(self, user): """ Log in self.client as user. """ - self.client.login(username=user.username, password="test") + self.client.login(username=user.username, password=self.TEST_PASSWORD) def goto_instructor_dash_email_view(self): """ diff --git a/lms/djangoapps/bulk_email/tests/test_err_handling.py b/lms/djangoapps/bulk_email/tests/test_err_handling.py index 3f3ffe9b6977..06e9a1dce40f 100644 --- a/lms/djangoapps/bulk_email/tests/test_err_handling.py +++ b/lms/djangoapps/bulk_email/tests/test_err_handling.py @@ -53,7 +53,7 @@ def setUp(self): course_title = "ẗëṡẗ title イ乇丂イ ᄊ乇丂丂ムg乇 キo尺 ムレレ тэѕт мэѕѕаБэ" self.course = CourseFactory.create(display_name=course_title) self.instructor = AdminFactory.create() - self.client.login(username=self.instructor.username, password="test") + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) # load initial content (since we don't run migrations as part of tests): call_command("loaddata", "course_email_template.json") diff --git a/lms/djangoapps/bulk_email/tests/test_signals.py b/lms/djangoapps/bulk_email/tests/test_signals.py index ea369fa80524..1a3715284b12 100644 --- a/lms/djangoapps/bulk_email/tests/test_signals.py +++ b/lms/djangoapps/bulk_email/tests/test_signals.py @@ -33,7 +33,7 @@ def setUp(self): # load initial content (since we don't run migrations as part of tests): call_command("loaddata", "course_email_template.json") - self.client.login(username=self.student.username, password="test") + self.client.login(username=self.student.username, password=self.TEST_PASSWORD) self.send_mail_url = reverse('send_email', kwargs={'course_id': str(self.course.id)}) self.success_content = { @@ -78,7 +78,7 @@ def test_optout_course(self): force_optout_all(sender=self.__class__, user=self.student) # Try to send a bulk course email - self.client.login(username=self.instructor.username, password="test") + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) self.send_test_email() # Assert that self.student.email not in mail.to, outbox should only contain "myself" target diff --git a/lms/djangoapps/ccx/api/v0/tests/test_views.py b/lms/djangoapps/ccx/api/v0/tests/test_views.py index d3daf72244cf..195fafb11cca 100644 --- a/lms/djangoapps/ccx/api/v0/tests/test_views.py +++ b/lms/djangoapps/ccx/api/v0/tests/test_views.py @@ -33,7 +33,7 @@ from lms.djangoapps.instructor.enrollment import enroll_email, get_email_params from openedx.core.lib.courses import get_course_by_id -USER_PASSWORD = 'test' +USER_PASSWORD = 'password' class CcxRestApiTest(CcxTestCase, APITestCase): @@ -760,7 +760,7 @@ def test_authorization_no_oauth_staff(self): """ # create a staff user staff_user = UserFactory.create( - username='test_staff_user', email='test_staff_user@openedx.org', password='test', + username='test_staff_user', email='test_staff_user@openedx.org', password=USER_PASSWORD, ) # add staff role to the staff user CourseStaffRole(self.master_course_key).add_users(staff_user) @@ -779,7 +779,7 @@ def test_authorization_no_oauth_instructor(self): """ # create an instructor user instructor_user = UserFactory.create( - username='test_instructor_user', email='test_instructor_user@openedx.org', password='test', + username='test_instructor_user', email='test_instructor_user@openedx.org', password=USER_PASSWORD, ) # add instructor role to the instructor user CourseInstructorRole(self.master_course_key).add_users(instructor_user) @@ -798,7 +798,7 @@ def test_authorization_no_oauth_other_coach(self): """ # create an coach user coach_user = UserFactory.create( - username='test_coach_user', email='test_coach_user@openedx.org', password='test', + username='test_coach_user', email='test_coach_user@openedx.org', password=USER_PASSWORD, ) # add coach role to the coach user CourseCcxCoachRole(self.master_course_key).add_users(coach_user) diff --git a/lms/djangoapps/ccx/tests/test_views.py b/lms/djangoapps/ccx/tests/test_views.py index b18ed5c2aae1..6dd569c0fb59 100644 --- a/lms/djangoapps/ccx/tests/test_views.py +++ b/lms/djangoapps/ccx/tests/test_views.py @@ -129,13 +129,14 @@ def setUp(self): ccx = self.make_ccx() ccx_key = CCXLocator.from_course_locator(self.course.id, ccx.id) self.url = reverse('ccx_coach_dashboard', kwargs={'course_id': ccx_key}) + self.TEST_PASSWORD = 'password' def test_staff_access_coach_dashboard(self): """ User is staff, should access coach dashboard. """ staff = self.make_staff() - self.client.login(username=staff.username, password="test") + self.client.login(username=staff.username, password=self.TEST_PASSWORD) response = self.client.get(self.url) assert response.status_code == 200 @@ -145,7 +146,7 @@ def test_instructor_access_coach_dashboard(self): User is instructor, should access coach dashboard. """ instructor = self.make_instructor() - self.client.login(username=instructor.username, password="test") + self.client.login(username=instructor.username, password=self.TEST_PASSWORD) # Now access URL response = self.client.get(self.url) @@ -155,8 +156,8 @@ def test_forbidden_user_access_coach_dashboard(self): """ Assert user with no access must not see dashboard. """ - user = UserFactory.create(password="test") - self.client.login(username=user.username, password="test") + user = UserFactory.create(password=self.TEST_PASSWORD) + self.client.login(username=user.username, password=self.TEST_PASSWORD) response = self.client.get(self.url) assert response.status_code == 403 @@ -211,12 +212,12 @@ def assert_progress_summary(self, ccx_course_key, due): """ assert signal and schedule update. """ - student = UserFactory.create(is_staff=False, password="test") + student = UserFactory.create(is_staff=False, password=self.TEST_PASSWORD) CourseEnrollment.enroll(student, ccx_course_key) assert CourseEnrollment.objects.filter(course_id=ccx_course_key, user=student).exists() # login as student - self.client.login(username=student.username, password="test") + self.client.login(username=student.username, password=self.TEST_PASSWORD) progress_page_response = self.client.get( reverse('progress', kwargs={'course_id': ccx_course_key}) ) @@ -236,7 +237,7 @@ def test_edit_schedule(self): self.make_coach() ccx = self.make_ccx() ccx_course_key = CCXLocator.from_course_locator(self.course.id, str(ccx.id)) - self.client.login(username=self.coach.username, password="test") + self.client.login(username=self.coach.username, password=self.TEST_PASSWORD) url = reverse('ccx_coach_dashboard', kwargs={'course_id': ccx_course_key}) response = self.client.get(url) @@ -295,7 +296,7 @@ def setUp(self): """ super().setUp() # Login with the instructor account - self.client.login(username=self.coach.username, password="test") + self.client.login(username=self.coach.username, password=self.TEST_PASSWORD) # adding staff to master course. staff = UserFactory() @@ -315,8 +316,8 @@ def test_not_a_coach(self): ccx = self.make_ccx() # create session of non-coach user - user = UserFactory.create(password="test") - self.client.login(username=user.username, password="test") + user = UserFactory.create(password=self.TEST_PASSWORD) + self.client.login(username=user.username, password=self.TEST_PASSWORD) url = reverse( 'ccx_coach_dashboard', kwargs={'course_id': CCXLocator.from_course_locator(self.course.id, ccx.id)}) @@ -841,7 +842,7 @@ def setUp(self): self.mstore = modulestore() # Login with the instructor account - self.client.login(username=self.coach.username, password="test") + self.client.login(username=self.coach.username, password=self.TEST_PASSWORD) # adding staff to master course. staff = UserFactory() @@ -981,7 +982,7 @@ def setUp(self): # Create instructor account self.coach = coach = AdminFactory.create() - self.client.login(username=coach.username, password="test") + self.client.login(username=coach.username, password=self.TEST_PASSWORD) # Create CCX role = CourseCcxCoachRole(self._course.id) @@ -1009,7 +1010,7 @@ def setUp(self): self.course = get_course_by_id(self.ccx_key, depth=None) CourseOverview.load_from_module_store(self.course.id) setup_students_and_grades(self) - self.client.login(username=coach.username, password="test") + self.client.login(username=coach.username, password=self.TEST_PASSWORD) self.addCleanup(RequestCache.clear_all_namespaces) from xmodule.modulestore.django import SignalHandler @@ -1068,7 +1069,7 @@ def test_student_progress(self): get_course.return_value = self.course self.addCleanup(patch_context.stop) - self.client.login(username=self.student.username, password="test") # lint-amnesty, pylint: disable=no-member + self.client.login(username=self.student.username, password=self.TEST_PASSWORD) # lint-amnesty, pylint: disable=no-member url = reverse( 'progress', kwargs={'course_id': self.ccx_key} @@ -1194,7 +1195,7 @@ def setUp(self): # Create a Split Mongo course and enroll a student user in it. self.student_password = "foobar" - self.student = UserFactory.create(username="test", password=self.student_password, is_staff=False) + self.student = UserFactory.create(username=self.TEST_PASSWORD, password=self.student_password, is_staff=False) self.split_course = SampleCourseFactory.create(default_store=ModuleStoreEnum.Type.split) CourseEnrollment.enroll(self.student, self.split_course.id) diff --git a/lms/djangoapps/ccx/tests/utils.py b/lms/djangoapps/ccx/tests/utils.py index 4d36353b9a75..4f8c34e14c2d 100644 --- a/lms/djangoapps/ccx/tests/utils.py +++ b/lms/djangoapps/ccx/tests/utils.py @@ -68,7 +68,7 @@ def setUp(self): """ super().setUp() # Create instructor account - self.coach = UserFactory.create(password="test") + self.coach = UserFactory.create() # create an instance of modulestore self.mstore = modulestore() @@ -76,7 +76,7 @@ def make_staff(self): """ create staff user. """ - staff = UserFactory.create(password="test") + staff = UserFactory.create() role = CourseStaffRole(self.course.id) role.add_users(staff) @@ -86,7 +86,7 @@ def make_instructor(self): """ create instructor user. """ - instructor = UserFactory.create(password="test") + instructor = UserFactory.create() role = CourseInstructorRole(self.course.id) role.add_users(instructor) diff --git a/lms/djangoapps/commerce/api/v1/tests/test_views.py b/lms/djangoapps/commerce/api/v1/tests/test_views.py index 47de5d8ff598..68f3d92d52af 100644 --- a/lms/djangoapps/commerce/api/v1/tests/test_views.py +++ b/lms/djangoapps/commerce/api/v1/tests/test_views.py @@ -23,7 +23,7 @@ from ....tests.mocks import mock_order_endpoint from ....tests.test_views import UserMixin -PASSWORD = 'test' +PASSWORD = 'password' JSON_CONTENT_TYPE = 'application/json' diff --git a/lms/djangoapps/commerce/tests/test_views.py b/lms/djangoapps/commerce/tests/test_views.py index 9af2ee7d9701..8932c826c7fc 100644 --- a/lms/djangoapps/commerce/tests/test_views.py +++ b/lms/djangoapps/commerce/tests/test_views.py @@ -3,6 +3,9 @@ from common.djangoapps.student.tests.factories import UserFactory +TEST_PASSWORD = "password" + + class UserMixin: """ Mixin for tests involving users. """ @@ -12,4 +15,4 @@ def setUp(self): def _login(self): """ Log into LMS. """ - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=TEST_PASSWORD) diff --git a/lms/djangoapps/course_api/blocks/tests/test_views.py b/lms/djangoapps/course_api/blocks/tests/test_views.py index 72e5e430f6d8..e2426708d6bc 100644 --- a/lms/djangoapps/course_api/blocks/tests/test_views.py +++ b/lms/djangoapps/course_api/blocks/tests/test_views.py @@ -60,7 +60,7 @@ def setUp(self): self.admin_user = AdminFactory.create() self.data_researcher = UserFactory.create() CourseDataResearcherRole(self.course_key).add_users(self.data_researcher) - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) CourseEnrollmentFactory.create(user=self.user, course_id=self.course_key) # default values for url and query_params @@ -248,7 +248,7 @@ def test_public_course_all_blocks_and_empty_username(self): self.client.logout() self.verify_response(403, cacheable=False) # Verify response for a staff user. - self.client.login(username=self.admin_user.username, password='test') + self.client.login(username=self.admin_user.username, password=self.TEST_PASSWORD) self.verify_response(cacheable=False) def test_non_existent_course(self): @@ -269,7 +269,7 @@ def test_no_user_staff_not_all_blocks(self): self.verify_response(400) def test_no_user_staff_all_blocks(self): - self.client.login(username=self.admin_user.username, password='test') + self.client.login(username=self.admin_user.username, password=self.TEST_PASSWORD) self.query_params.pop('username') self.query_params['all_blocks'] = True self.verify_response() @@ -319,7 +319,7 @@ def test_extra_field_when_requested(self): - other_course_settings - course_visibility """ - self.client.login(username=self.admin_user.username, password='test') + self.client.login(username=self.admin_user.username, password=self.TEST_PASSWORD) response = self.verify_response(params={ 'all_blocks': True, 'requested_fields': ['other_course_settings', 'course_visibility'], @@ -351,7 +351,7 @@ def test_extra_field_when_not_requested(self): - other_course_settings - course_visibility """ - self.client.login(username=self.admin_user.username, password='test') + self.client.login(username=self.admin_user.username, password=self.TEST_PASSWORD) response = self.verify_response(params={ 'all_blocks': True, 'requested_fields': ['course_visibility'], @@ -370,7 +370,7 @@ def test_data_researcher_access(self): """ Test if data researcher has access to the api endpoint """ - self.client.login(username=self.data_researcher.username, password='test') + self.client.login(username=self.data_researcher.username, password=self.TEST_PASSWORD) self.verify_response(params={ 'all_blocks': True, @@ -556,7 +556,7 @@ def setUpClass(cls): def setUp(self): super().setUp() self.admin_user = AdminFactory.create() - self.client.login(username=self.admin_user.username, password='test') + self.client.login(username=self.admin_user.username, password=self.TEST_PASSWORD) self.usage_key = list(self.non_orphaned_block_usage_keys)[0] self.url = reverse( 'blocks_metadata', diff --git a/lms/djangoapps/course_blocks/transformers/tests/helpers.py b/lms/djangoapps/course_blocks/transformers/tests/helpers.py index 27e7a686abcd..29c15e828976 100644 --- a/lms/djangoapps/course_blocks/transformers/tests/helpers.py +++ b/lms/djangoapps/course_blocks/transformers/tests/helpers.py @@ -50,7 +50,7 @@ def setUp(self): """ super().setUp() # Set up users. - self.password = 'test' + self.password = 'password' self.user = UserFactory.create(password=self.password) self.staff = UserFactory.create(password=self.password, is_staff=True) @@ -253,7 +253,7 @@ def setUp(self): parent_block.children.append(self.xblock_keys[i]) update_block(parent_block) - self.password = 'test' + self.password = 'password' self.student = UserFactory.create(is_staff=False, username='test_student', password=self.password) self.staff = UserFactory.create(is_staff=True, username='test_staff', password=self.password) CourseEnrollmentFactory.create( diff --git a/lms/djangoapps/course_wiki/tests/tests.py b/lms/djangoapps/course_wiki/tests/tests.py index 8cdd93115d6b..1afdea5d741e 100644 --- a/lms/djangoapps/course_wiki/tests/tests.py +++ b/lms/djangoapps/course_wiki/tests/tests.py @@ -24,7 +24,7 @@ def setUp(self): # Create two accounts self.student = 'view@test.com' self.instructor = 'view2@test.com' - self.password = 'foo' + self.password = 'password' for username, email in [('u1', self.student), ('u2', self.instructor)]: self.create_account(username, email, self.password) self.activate_user(email) diff --git a/lms/djangoapps/courseware/tests/helpers.py b/lms/djangoapps/courseware/tests/helpers.py index 3a2ddbc45630..30398dad3c23 100644 --- a/lms/djangoapps/courseware/tests/helpers.py +++ b/lms/djangoapps/courseware/tests/helpers.py @@ -128,7 +128,7 @@ def setup_course(self): # lint-amnesty, pylint: disable=missing-function-docstr self.clients = {user.username: Client() for user in self.users} self.login_statuses = [ self.clients[user.username].login( - username=user.username, password='test') + username=user.username, password=self.TEST_PASSWORD) for user in self.users ] @@ -173,7 +173,7 @@ def setup_user(self): Create a user account, activate, and log in. """ self.email = 'foo@test.com' # lint-amnesty, pylint: disable=attribute-defined-outside-init - self.password = 'bar' # lint-amnesty, pylint: disable=attribute-defined-outside-init + self.password = 'password' # lint-amnesty, pylint: disable=attribute-defined-outside-init self.username = 'test' # lint-amnesty, pylint: disable=attribute-defined-outside-init self.user = self.create_account( self.username, diff --git a/lms/djangoapps/courseware/tests/test_about.py b/lms/djangoapps/courseware/tests/test_about.py index f1f915fd02f4..f6c71119a7ad 100644 --- a/lms/djangoapps/courseware/tests/test_about.py +++ b/lms/djangoapps/courseware/tests/test_about.py @@ -284,7 +284,7 @@ def test_enrollment_cap(self): # pylint: disable=attribute-defined-outside-init # create a new account since the first account is already enrolled in the course self.email = 'foo_second@test.com' - self.password = 'bar' + self.password = 'password' self.username = 'test_second' self.create_account(self.username, self.email, self.password) self.activate_user(self.email) diff --git a/lms/djangoapps/courseware/tests/test_access.py b/lms/djangoapps/courseware/tests/test_access.py index 8a4cbabad6cc..ba93ec676205 100644 --- a/lms/djangoapps/courseware/tests/test_access.py +++ b/lms/djangoapps/courseware/tests/test_access.py @@ -82,8 +82,8 @@ def setUp(self): super().setUp() # Create ccx coach account - self.coach = AdminFactory.create(password="test") - self.client.login(username=self.coach.username, password="test") + self.coach = AdminFactory.create(password=self.TEST_PASSWORD) + self.client.login(username=self.coach.username, password=self.TEST_PASSWORD) # assign role to coach role = CourseCcxCoachRole(self.course.id) @@ -152,7 +152,7 @@ def test_access_student_progress_ccx(self): assert resp.status_code == 200 # Assert access of a student - self.client.login(username=student.username, password='test') + self.client.login(username=student.username, password=self.TEST_PASSWORD) resp = self.client.get(reverse('student_progress', args=[str(ccx_locator), self.coach.id])) assert resp.status_code == 404 diff --git a/lms/djangoapps/courseware/tests/test_block_render.py b/lms/djangoapps/courseware/tests/test_block_render.py index 80827afa632c..be1ebd5c05c0 100644 --- a/lms/djangoapps/courseware/tests/test_block_render.py +++ b/lms/djangoapps/courseware/tests/test_block_render.py @@ -362,7 +362,7 @@ def test_anonymous_post_xblock_callback(self): def test_session_authentication(self): """ Test that the xblock endpoint supports session authentication.""" - self.client.login(username=self.mock_user.username, password="test") + self.client.login(username=self.mock_user.username, password=self.TEST_PASSWORD) dispatch_url = self._get_dispatch_url() response = self.client.post(dispatch_url) assert 200 == response.status_code @@ -387,7 +387,7 @@ def test_missing_position_handler(self): """ Test that sending POST request without or invalid position argument don't raise server error """ - self.client.login(username=self.mock_user.username, password="test") + self.client.login(username=self.mock_user.username, password=self.TEST_PASSWORD) dispatch_url = self._get_dispatch_url() response = self.client.post(dispatch_url) assert 200 == response.status_code diff --git a/lms/djangoapps/courseware/tests/test_course_survey.py b/lms/djangoapps/courseware/tests/test_course_survey.py index d729add1b6c8..e5aa97cfaa2a 100644 --- a/lms/djangoapps/courseware/tests/test_course_survey.py +++ b/lms/djangoapps/courseware/tests/test_course_survey.py @@ -22,7 +22,7 @@ class SurveyViewsTests(LoginEnrollmentTestCase, SharedModuleStoreTestCase, XssTe """ All tests for the views.py file """ - STUDENT_INFO = [('view@test.com', 'foo')] + STUDENT_INFO = [('view@test.com', 'password1234')] @classmethod def setUpClass(cls): diff --git a/lms/djangoapps/courseware/tests/test_discussion_xblock.py b/lms/djangoapps/courseware/tests/test_discussion_xblock.py index bbe0e68bdcd1..599f125a7e38 100644 --- a/lms/djangoapps/courseware/tests/test_discussion_xblock.py +++ b/lms/djangoapps/courseware/tests/test_discussion_xblock.py @@ -366,7 +366,7 @@ def test_discussion_student_view_data(self): """ Tests that course block api returns student_view_data for discussion xblock """ - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) url = reverse('blocks_in_block_tree', kwargs={'usage_key_string': str(self.course_usage_key)}) query_params = { 'depth': 'all', diff --git a/lms/djangoapps/courseware/tests/test_entrance_exam.py b/lms/djangoapps/courseware/tests/test_entrance_exam.py index 240a9494fc8f..338a7bedfcf1 100644 --- a/lms/djangoapps/courseware/tests/test_entrance_exam.py +++ b/lms/djangoapps/courseware/tests/test_entrance_exam.py @@ -136,7 +136,7 @@ def setUp(self): self.request = get_mock_request(UserFactory()) self.course = self.update_course(self.course, self.request.user.id) - self.client.login(username=self.request.user.username, password="test") + self.client.login(username=self.request.user.username, password=self.TEST_PASSWORD) CourseEnrollment.enroll(self.request.user, self.course.id) self.expected_locked_toc = ( @@ -257,7 +257,7 @@ def test_skip_entrance_exam_gating(self): # hit skip entrance exam api in instructor app instructor = InstructorFactory(course_key=self.course.id) - self.client.login(username=instructor.username, password='test') + self.client.login(username=instructor.username, password=self.TEST_PASSWORD) url = reverse('mark_student_can_skip_entrance_exam', kwargs={'course_id': str(self.course.id)}) response = self.client.post(url, { 'unique_student_identifier': self.request.user.email, @@ -277,7 +277,7 @@ def test_entrance_exam_gating_for_staff(self): self.client.logout() staff_user = StaffFactory(course_key=self.course.id) staff_user.is_staff = True - self.client.login(username=staff_user.username, password='test') + self.client.login(username=staff_user.username, password=self.TEST_PASSWORD) # assert staff has access to all toc self.request.user = staff_user diff --git a/lms/djangoapps/courseware/tests/test_masquerade.py b/lms/djangoapps/courseware/tests/test_masquerade.py index 43041b1437e1..9d211b05ea21 100644 --- a/lms/djangoapps/courseware/tests/test_masquerade.py +++ b/lms/djangoapps/courseware/tests/test_masquerade.py @@ -88,7 +88,7 @@ def setUp(self): super().setUp() self.test_user = self.create_user() - self.login(self.test_user.email, 'test') + self.login(self.test_user.email, self.TEST_PASSWORD) self.enroll(self.course, True) def get_courseware_page(self): @@ -298,12 +298,12 @@ def setUp(self): def login_staff(self): """ Login as a staff user """ self.logout() - self.login(self.test_user.email, 'test') + self.login(self.test_user.email, self.TEST_PASSWORD) def login_student(self): """ Login as a student """ self.logout() - self.login(self.student_user.email, 'test') + self.login(self.student_user.email, self.TEST_PASSWORD) def submit_answer(self, response1, response2): """ @@ -351,7 +351,7 @@ def test_masquerade_as_specific_student(self, username): student = UserFactory.create(username=username) CourseEnrollment.enroll(student, self.course.id) self.logout() - self.login(student.email, 'test') + self.login(student.email, self.TEST_PASSWORD) # Answer correctly as the student, and check progress. self.submit_answer('Correct', 'Correct') assert self.get_progress_detail() == '2/2' @@ -378,7 +378,7 @@ def test_masquerade_as_specific_student(self, username): # Verify the student state did not change. self.logout() - self.login(student.email, 'test') + self.login(student.email, self.TEST_PASSWORD) assert self.get_progress_detail() == '2/2' def test_masquerading_with_language_preference(self): diff --git a/lms/djangoapps/courseware/tests/test_split_module.py b/lms/djangoapps/courseware/tests/test_split_module.py index 7e6b88718eac..5026f05ca221 100644 --- a/lms/djangoapps/courseware/tests/test_split_module.py +++ b/lms/djangoapps/courseware/tests/test_split_module.py @@ -59,7 +59,7 @@ def setUp(self): self.student = UserFactory.create() CourseEnrollmentFactory.create(user=self.student, course_id=self.course.id) - self.client.login(username=self.student.username, password='test') + self.client.login(username=self.student.username, password=self.TEST_PASSWORD) self.included_usage_keys = None self.excluded_usage_keys = None @@ -309,7 +309,7 @@ def setUp(self): self.student = UserFactory.create() CourseEnrollmentFactory.create(user=self.student, course_id=self.course.id) - self.client.login(username=self.student.username, password='test') + self.client.login(username=self.student.username, password=self.TEST_PASSWORD) def test_changing_position_works(self): # Make a mock FieldDataCache for this course, so we can get the course block diff --git a/lms/djangoapps/courseware/tests/test_submitting_problems.py b/lms/djangoapps/courseware/tests/test_submitting_problems.py index 8ffcea0298bf..9536067f52be 100644 --- a/lms/djangoapps/courseware/tests/test_submitting_problems.py +++ b/lms/djangoapps/courseware/tests/test_submitting_problems.py @@ -154,7 +154,7 @@ def setUp(self): # create a test student self.course = CourseFactory.create(display_name=self.COURSE_NAME, number=self.COURSE_SLUG) self.student = 'view@test.com' - self.password = 'foo' + self.password = 'password' self.create_account('u1', self.student, self.password) self.activate_user(self.student) self.enroll(self.course) diff --git a/lms/djangoapps/courseware/tests/test_tabs.py b/lms/djangoapps/courseware/tests/test_tabs.py index db59fa373bc5..6ad7ef73de01 100644 --- a/lms/djangoapps/courseware/tests/test_tabs.py +++ b/lms/djangoapps/courseware/tests/test_tabs.py @@ -404,7 +404,7 @@ def test_get_course_tabs_list_skipped_entrance_exam(self): # login as instructor hit skip entrance exam api in instructor app instructor = InstructorFactory(course_key=self.course.id) self.client.logout() - self.client.login(username=instructor.username, password='test') + self.client.login(username=instructor.username, password=self.TEST_PASSWORD) url = reverse('mark_student_can_skip_entrance_exam', kwargs={'course_id': str(self.course.id)}) response = self.client.post(url, { @@ -426,7 +426,7 @@ def test_course_tabs_list_for_staff_members(self): # Login as member of staff self.client.logout() staff_user = StaffFactory(course_key=self.course.id) - self.client.login(username=staff_user.username, password='test') + self.client.login(username=staff_user.username, password=self.TEST_PASSWORD) course_tab_list = get_course_tab_list(staff_user, self.course) assert len(course_tab_list) == 4 @@ -685,7 +685,7 @@ def test_course_tabs_staff_only(self): # Login as member of staff self.client.logout() staff_user = StaffFactory(course_key=self.course.id) - self.client.login(username=staff_user.username, password='test') + self.client.login(username=staff_user.username, password=self.TEST_PASSWORD) course_tab_list_staff = get_course_tab_list(staff_user, self.course) name_list_staff = [x.name for x in course_tab_list_staff] assert 'Static Tab Free' in name_list_staff diff --git a/lms/djangoapps/courseware/tests/test_view_authentication.py b/lms/djangoapps/courseware/tests/test_view_authentication.py index 42f2275e0fd2..aa53561ee56b 100644 --- a/lms/djangoapps/courseware/tests/test_view_authentication.py +++ b/lms/djangoapps/courseware/tests/test_view_authentication.py @@ -29,7 +29,7 @@ class TestViewAuth(EnterpriseTestConsentRequired, ModuleStoreTestCase, LoginEnro Check that view authentication works properly. """ - ACCOUNT_INFO = [('view@test.com', 'foo'), ('view2@test.com', 'foo')] + ACCOUNT_INFO = [('view@test.com', 'password1234'), ('view2@test.com', 'password1234')] ENABLED_SIGNALS = ['course_published'] @staticmethod @@ -111,7 +111,7 @@ def _check_staff(self, course): self.assert_request_status_code(302, url) def login(self, user): # lint-amnesty, pylint: disable=arguments-differ - return super().login(user.email, 'test') + return super().login(user.email, self.TEST_PASSWORD) def setUp(self): super().setUp() diff --git a/lms/djangoapps/courseware/tests/test_views.py b/lms/djangoapps/courseware/tests/test_views.py index c7d7ce7b177e..67d403a215eb 100644 --- a/lms/djangoapps/courseware/tests/test_views.py +++ b/lms/djangoapps/courseware/tests/test_views.py @@ -712,7 +712,7 @@ def test_submission_history_accepts_valid_ids(self): # log into a staff account admin = AdminFactory() - assert self.client.login(username=admin.username, password='test') + assert self.client.login(username=admin.username, password=TEST_PASSWORD) url = reverse('submission_history', kwargs={ 'course_id': str(self.course_key), @@ -727,7 +727,7 @@ def test_submission_history_xss(self): # log into a staff account admin = AdminFactory() - assert self.client.login(username=admin.username, password='test') + assert self.client.login(username=admin.username, password=TEST_PASSWORD) # try it with an existing user and a malicious location url = reverse('submission_history', kwargs={ @@ -751,7 +751,7 @@ def test_submission_history_contents(self): # log into a staff account admin = AdminFactory.create() - assert self.client.login(username=admin.username, password='test') + assert self.client.login(username=admin.username, password=TEST_PASSWORD) usage_key = self.course_key.make_usage_key('problem', 'test-history') state_client = DjangoXBlockUserStateClient(admin) @@ -814,7 +814,7 @@ def test_submission_history_timezone(self, timezone, hour_diff): course_key = course.id client = Client() admin = AdminFactory.create() - assert client.login(username=admin.username, password='test') + assert client.login(username=admin.username, password=TEST_PASSWORD) state_client = DjangoXBlockUserStateClient(admin) usage_key = course_key.make_usage_key('problem', 'test-history') state_client.set( @@ -1253,7 +1253,7 @@ class ProgressPageBaseTests(ModuleStoreTestCase): def setUp(self): super().setUp() self.user = UserFactory.create() - assert self.client.login(username=self.user.username, password='test') + assert self.client.login(username=self.user.username, password=TEST_PASSWORD) self.setup_course() @@ -1352,7 +1352,7 @@ def test_unenrolled_student_progress_for_credit_course(self): # Create a new course, a user which will not be enrolled in course, admin user for staff access course = CourseFactory.create(default_store=ModuleStoreEnum.Type.split) admin = AdminFactory.create() - assert self.client.login(username=admin.username, password='test') + assert self.client.login(username=admin.username, password=TEST_PASSWORD) # Create and enable Credit course CreditCourse.objects.create(course_key=course.id, enabled=True) @@ -1646,7 +1646,7 @@ def test_progress_with_course_duration_limits(self, course_mode): """ CourseDurationLimitConfig.objects.create(enabled=True, enabled_as_of=datetime(2018, 1, 1)) user = UserFactory.create() - assert self.client.login(username=user.username, password='test') + assert self.client.login(username=user.username, password=TEST_PASSWORD) add_course_mode(self.course, mode_slug=CourseMode.AUDIT) add_course_mode(self.course) CourseEnrollmentFactory(user=user, course_id=self.course.id, mode=course_mode) @@ -1679,7 +1679,7 @@ def test_progress_without_course_duration_limits(self, course_mode): """ CourseDurationLimitConfig.objects.create(enabled=False) user = UserFactory.create() - assert self.client.login(username=user.username, password='test') + assert self.client.login(username=user.username, password=TEST_PASSWORD) CourseModeFactory.create( course_id=self.course.id, mode_slug=course_mode @@ -1698,7 +1698,7 @@ def test_message_for_ineligible_mode(self, course_mode): in an ineligible mode. """ user = UserFactory.create() - assert self.client.login(username=user.username, password='test') + assert self.client.login(username=user.username, password=TEST_PASSWORD) CourseEnrollmentFactory(user=user, course_id=self.course.id, mode=course_mode) with patch('lms.djangoapps.grades.course_grade_factory.CourseGradeFactory.read') as mock_create: @@ -2081,7 +2081,7 @@ def test_progress_page_hide_scores_from_learner(self, show_correctness, due_date self.setup_course(show_correctness=show_correctness, due_date=due_date, graded=graded) self.add_problem() - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=TEST_PASSWORD) resp = self._get_progress_page() # Ensure that expected text is present @@ -2133,7 +2133,7 @@ def test_progress_page_hide_scores_from_staff(self, show_correctness, due_date_n self.add_problem() # Login as a course staff user to view the student progress page. - self.client.login(username=self.staff_user.username, password='test') + self.client.login(username=self.staff_user.username, password=TEST_PASSWORD) resp = self._get_student_progress_page() @@ -3198,7 +3198,7 @@ class EnterpriseConsentTestCase(EnterpriseTestConsentRequired, ModuleStoreTestCa def setUp(self): super().setUp() self.user = UserFactory.create() - assert self.client.login(username=self.user.username, password='test') + assert self.client.login(username=self.user.username, password=TEST_PASSWORD) self.course = CourseFactory.create() CourseOverview.load_from_module_store(self.course.id) CourseEnrollmentFactory(user=self.user, course_id=self.course.id) @@ -3298,7 +3298,7 @@ def test_preview_no_redirect(self): # Previews will not redirect to the mfe course_staff = UserFactory.create(is_staff=False) CourseStaffRole(self.course_key).add_users(course_staff) - self.client.login(username=course_staff.username, password='test') + self.client.login(username=course_staff.username, password=TEST_PASSWORD) assert self.client.get(preview_url).status_code == 200 @@ -3435,7 +3435,7 @@ def test_course_wide_resources(self, url_name, param, is_instructor, is_rendered CourseEnrollmentFactory(user=user, course_id=course.id) if is_instructor: allow_access(course, user, 'instructor') - assert self.client.login(username=user.username, password='test') + assert self.client.login(username=user.username, password=TEST_PASSWORD) kwargs = None if param == 'course_id': diff --git a/lms/djangoapps/courseware/testutils.py b/lms/djangoapps/courseware/testutils.py index 3c2b946e91df..36774447fec4 100644 --- a/lms/djangoapps/courseware/testutils.py +++ b/lms/djangoapps/courseware/testutils.py @@ -81,7 +81,7 @@ def login(self): """ Logs in the test user. """ - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password='password') def course_options(self): """ diff --git a/lms/djangoapps/discussion/django_comment_client/base/tests.py b/lms/djangoapps/discussion/django_comment_client/base/tests.py index d450998a60c6..ea712e085242 100644 --- a/lms/djangoapps/discussion/django_comment_client/base/tests.py +++ b/lms/djangoapps/discussion/django_comment_client/base/tests.py @@ -241,7 +241,7 @@ def set_up_course(self, block_count=0): with patch('common.djangoapps.student.models.user.cc.User.save'): uname = 'student' email = 'student@edx.org' - self.password = 'test' + self.password = 'password' # Create the user and make them active so we can log them in. self.student = UserFactory.create(username=uname, email=email, password=self.password) @@ -464,7 +464,7 @@ def setUp(self): with patch('common.djangoapps.student.models.user.cc.User.save'): uname = 'student' email = 'student@edx.org' - self.password = 'test' + self.password = 'password' # Create the user and make them active so we can log them in. self.student = UserFactory.create(username=uname, email=email, password=self.password) diff --git a/lms/djangoapps/discussion/rest_api/tests/test_views.py b/lms/djangoapps/discussion/rest_api/tests/test_views.py index 0e303cc24092..3fe9d6445061 100644 --- a/lms/djangoapps/discussion/rest_api/tests/test_views.py +++ b/lms/djangoapps/discussion/rest_api/tests/test_views.py @@ -2758,7 +2758,7 @@ def setUp(self): discussion_topics={"Test Topic": {"id": "test_topic"}} ) self.path = reverse('discussion_course_settings', kwargs={'course_id': str(self.course.id)}) - self.password = 'edx' + self.password = 'password' self.user = UserFactory(username='staff', password=self.password, is_staff=True) def _get_oauth_headers(self, user): @@ -3056,7 +3056,7 @@ def setUp(self): run="z", start=datetime.now(UTC), ) - self.password = 'edx' + self.password = 'password' self.user = UserFactory(username='staff', password=self.password, is_staff=True) course_key = CourseKey.from_string('course-v1:x+y+z') seed_permissions_roles(course_key) @@ -3278,7 +3278,7 @@ def test_regular_user(self): """ Tests that for a regular user stats are returned without flag counts """ - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) response = self.client.get(self.url) data = response.json() assert data["results"] == self.stats_without_flags @@ -3288,7 +3288,7 @@ def test_moderator_user(self): """ Tests that for a moderator user stats are returned with flag counts """ - self.client.login(username=self.moderator.username, password='test') + self.client.login(username=self.moderator.username, password=self.TEST_PASSWORD) response = self.client.get(self.url) data = response.json() assert data["results"] == self.stats @@ -3308,7 +3308,7 @@ def test_sorting(self, username, ordering_requested, ordering_performed): """ Test valid sorting options and defaults """ - self.client.login(username=username, password='test') + self.client.login(username=username, password=self.TEST_PASSWORD) params = {} if ordering_requested: params = {"order_by": ordering_requested} @@ -3326,7 +3326,7 @@ def test_sorting_error_regular_user(self, order_by): """ Test for invalid sorting options for regular users. """ - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) response = self.client.get(self.url, {"order_by": order_by}) assert "order_by" in response.json()["field_errors"] @@ -3341,7 +3341,7 @@ def test_with_username_param(self, username_search_string, comma_separated_usern Test for endpoint with username param. """ params = {'username': username_search_string} - self.client.login(username=self.moderator.username, password='test') + self.client.login(username=self.moderator.username, password=self.TEST_PASSWORD) self.client.get(self.url, params) assert urlparse( httpretty.last_request().path # lint-amnesty, pylint: disable=no-member @@ -3356,7 +3356,7 @@ def test_with_username_param_with_no_matches(self): Test for endpoint with username param with no matches. """ params = {'username': 'unknown'} - self.client.login(username=self.moderator.username, password='test') + self.client.login(username=self.moderator.username, password=self.TEST_PASSWORD) response = self.client.get(self.url, params) data = response.json() self.assertFalse(data['results']) diff --git a/lms/djangoapps/discussion/tests/test_views.py b/lms/djangoapps/discussion/tests/test_views.py index ada3db7792e2..e0d3b869da3d 100644 --- a/lms/djangoapps/discussion/tests/test_views.py +++ b/lms/djangoapps/discussion/tests/test_views.py @@ -463,7 +463,7 @@ def test_private_team_thread_html(self, mock_request): CourseTeamFactory.create(discussion_topic_id=discussion_topic_id) user_not_in_team = UserFactory.create() CourseEnrollmentFactory.create(user=user_not_in_team, course_id=self.course.id) - self.client.login(username=user_not_in_team.username, password='test') + self.client.login(username=user_not_in_team.username, password=self.TEST_PASSWORD) mock_request.side_effect = make_mock_request_impl( course=self.course, @@ -624,7 +624,7 @@ def test_ajax(self, mock_request): def test_html(self, mock_request): _mock_text, mock_thread_id = self._create_mock_cohorted_thread(mock_request) - self.client.login(username=self.student.username, password='test') + self.client.login(username=self.student.username, password=self.TEST_PASSWORD) response = self.client.get( reverse('single_thread', kwargs={ 'course_id': str(self.course.id), @@ -758,7 +758,7 @@ def call_view(self, mock_request, commentable_id, user, group_id, pass_group_id= if is_ajax: headers['HTTP_X_REQUESTED_WITH'] = "XMLHttpRequest" - self.client.login(username=user.username, password='test') + self.client.login(username=user.username, password=self.TEST_PASSWORD) return self.client.get( reverse('single_thread', args=[str(self.course.id), commentable_id, "dummy_thread_id"]), @@ -824,7 +824,7 @@ def call_view(self, mock_request, user): # lint-amnesty, pylint: disable=missin text="dummy content", thread_list=self.thread_list ) - self.client.login(username=user.username, password='test') + self.client.login(username=user.username, password=self.TEST_PASSWORD) return self.client.get( reverse("forum_form_discussion", args=[str(self.course.id)]), HTTP_X_REQUESTED_WITH="XMLHttpRequest" @@ -889,7 +889,7 @@ def assert_can_access(self, user, discussion_id, thread_id, should_have_access): verify that the user does not have access to that thread. """ def call_single_thread(): - self.client.login(username=user.username, password='test') + self.client.login(username=user.username, password=self.TEST_PASSWORD) return self.client.get( reverse('single_thread', args=[str(self.course.id), discussion_id, thread_id]) ) @@ -1113,7 +1113,7 @@ def call_view(self, mock_request, commentable_id, user, group_id, pass_group_id= if is_ajax: headers['HTTP_X_REQUESTED_WITH'] = "XMLHttpRequest" - self.client.login(username=user.username, password='test') + self.client.login(username=user.username, password=self.TEST_PASSWORD) return self.client.get( reverse("forum_form_discussion", args=[str(self.course.id)]), data=request_data, @@ -1165,7 +1165,7 @@ def call_view_for_profiled_user( if is_ajax: headers['HTTP_X_REQUESTED_WITH'] = "XMLHttpRequest" - self.client.login(username=requesting_user.username, password='test') + self.client.login(username=requesting_user.username, password=self.TEST_PASSWORD) return self.client.get( reverse('user_profile', args=[str(self.course.id), profiled_user.id]), data=request_data, @@ -1414,7 +1414,7 @@ def get_response(self, mock_request, params, **headers): # lint-amnesty, pylint mock_request.side_effect = make_mock_request_impl( course=self.course, text=self.TEST_THREAD_TEXT, thread_id=self.TEST_THREAD_ID ) - self.client.login(username=self.student.username, password='test') + self.client.login(username=self.student.username, password=self.TEST_PASSWORD) response = self.client.get( reverse('user_profile', kwargs={ @@ -2300,7 +2300,7 @@ def test_redirect_from_legacy_base_url_to_new_experience(self): """ with override_waffle_flag(ENABLE_DISCUSSIONS_MFE, True): - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) url = reverse("forum_form_discussion", args=[self.course.id]) response = self.client.get(url) assert response.status_code == 302 @@ -2315,7 +2315,7 @@ def test_redirect_from_legacy_profile_url_to_new_experience(self): """ with override_waffle_flag(ENABLE_DISCUSSIONS_MFE, True): - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) url = reverse("user_profile", args=[self.course.id, self.user.id]) response = self.client.get(url) assert response.status_code == 302 @@ -2330,7 +2330,7 @@ def test_redirect_from_legacy_single_thread_to_new_experience(self): """ with override_waffle_flag(ENABLE_DISCUSSIONS_MFE, True): - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) url = reverse("single_thread", args=[self.course.id, "test_discussion", "test_thread"]) response = self.client.get(url) assert response.status_code == 302 diff --git a/lms/djangoapps/grades/rest_api/v1/tests/mixins.py b/lms/djangoapps/grades/rest_api/v1/tests/mixins.py index e5e7f269e3a2..9131ebd290bd 100644 --- a/lms/djangoapps/grades/rest_api/v1/tests/mixins.py +++ b/lms/djangoapps/grades/rest_api/v1/tests/mixins.py @@ -97,7 +97,7 @@ def _create_user_program_enrollments(self, *users, **kwargs): # lint-amnesty, p def setUp(self): super().setUp() - self.password = 'test' + self.password = 'password' self.global_staff = GlobalStaffFactory.create() self.student = UserFactory(password=self.password, username='student', email='student@example.com') self.other_student = UserFactory( diff --git a/lms/djangoapps/grades/rest_api/v1/tests/test_views.py b/lms/djangoapps/grades/rest_api/v1/tests/test_views.py index 1fbfb6070dd3..0dd6ea257314 100644 --- a/lms/djangoapps/grades/rest_api/v1/tests/test_views.py +++ b/lms/djangoapps/grades/rest_api/v1/tests/test_views.py @@ -548,7 +548,7 @@ class CourseSubmissionHistoryWithDataTest(TestSubmittingProblems): def setUp(self): super().setUp() self.namespaced_url = 'grades_api:v1:submission_history' - self.password = 'test' + self.password = 'password' self.basic_setup() self.global_staff = GlobalStaffFactory.create() diff --git a/lms/djangoapps/grades/tests/integration/test_access.py b/lms/djangoapps/grades/tests/integration/test_access.py index 380962b19e99..6545094a3ce5 100644 --- a/lms/djangoapps/grades/tests/integration/test_access.py +++ b/lms/djangoapps/grades/tests/integration/test_access.py @@ -73,9 +73,9 @@ def setUp(self): self.addCleanup(set_current_request, None) self.request = get_mock_request(UserFactory()) self.student = self.request.user - self.client.login(username=self.student.username, password="test") + self.client.login(username=self.student.username, password=self.TEST_PASSWORD) CourseEnrollment.enroll(self.student, self.course.id) - self.instructor = UserFactory.create(is_staff=True, username='test_instructor', password='test') + self.instructor = UserFactory.create(is_staff=True, username='test_instructor', password=self.TEST_PASSWORD) self.refresh_course() def test_subsection_access_changed(self): diff --git a/lms/djangoapps/grades/tests/integration/test_events.py b/lms/djangoapps/grades/tests/integration/test_events.py index 868b55eeae67..881ad049b3d8 100644 --- a/lms/djangoapps/grades/tests/integration/test_events.py +++ b/lms/djangoapps/grades/tests/integration/test_events.py @@ -70,9 +70,9 @@ def setUp(self): self.addCleanup(set_current_request, None) self.request = get_mock_request(UserFactory()) self.student = self.request.user - self.client.login(username=self.student.username, password="test") + self.client.login(username=self.student.username, password=self.TEST_PASSWORD) CourseEnrollment.enroll(self.student, self.course.id) - self.instructor = UserFactory.create(is_staff=True, username='test_instructor', password='test') + self.instructor = UserFactory.create(is_staff=True, username='test_instructor', password=self.TEST_PASSWORD) self.refresh_course() @patch('lms.djangoapps.grades.events.tracker') diff --git a/lms/djangoapps/grades/tests/integration/test_problems.py b/lms/djangoapps/grades/tests/integration/test_problems.py index 36c54bec86e9..b4a2d06c9f45 100644 --- a/lms/djangoapps/grades/tests/integration/test_problems.py +++ b/lms/djangoapps/grades/tests/integration/test_problems.py @@ -43,9 +43,8 @@ def setUpClass(cls): def setUp(self): super().setUp() - password = 'test' - self.student = UserFactory.create(is_staff=False, username='test_student', password=password) - self.client.login(username=self.student.username, password=password) + self.student = UserFactory.create(is_staff=False, username='test_student', password=self.TEST_PASSWORD) + self.client.login(username=self.student.username, password=self.TEST_PASSWORD) self.addCleanup(set_current_request, None) self.request = get_mock_request(self.student) self.course_structure = get_course_blocks(self.student, self.course.location) @@ -58,8 +57,7 @@ def load_scoreable_course(cls): For details on the contents and structure of the file, see `common/test/data/scoreable/README`. """ - password = 'test' - user = UserFactory.create(is_staff=False, username='test_student', password=password) + user = UserFactory.create(is_staff=False, username='test_student', password=cls.TEST_PASSWORD) course_items = import_course_from_xml( cls.store, @@ -144,7 +142,7 @@ def setUp(self): ''' self.addCleanup(set_current_request, None) self.request = get_mock_request(UserFactory()) - self.client.login(username=self.request.user.username, password="test") + self.client.login(username=self.request.user.username, password=self.TEST_PASSWORD) CourseEnrollment.enroll(self.request.user, self.course.id) def _get_altered_metadata(self, alterations): diff --git a/lms/djangoapps/instructor/tests/test_api.py b/lms/djangoapps/instructor/tests/test_api.py index 468bca31f780..bb534d9b026a 100644 --- a/lms/djangoapps/instructor/tests/test_api.py +++ b/lms/djangoapps/instructor/tests/test_api.py @@ -325,7 +325,7 @@ def setUp(self): """ super().setUp() global_user = GlobalStaffFactory() - self.client.login(username=global_user.username, password='test') + self.client.login(username=global_user.username, password=self.TEST_PASSWORD) @ddt.data(*INSTRUCTOR_POST_ENDPOINTS) def test_endpoints_reject_get(self, data): @@ -478,7 +478,7 @@ def test_student_level(self): """ Ensure that an enrolled student can't access staff or instructor endpoints. """ - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) for endpoint, args in self.staff_level_endpoints: self._access_endpoint( @@ -518,7 +518,7 @@ def test_staff_level(self): CourseEnrollment.enroll(staff_member, self.course.id) CourseFinanceAdminRole(self.course.id).add_users(staff_member) CourseDataResearcherRole(self.course.id).add_users(staff_member) - self.client.login(username=staff_member.username, password='test') + self.client.login(username=staff_member.username, password=self.TEST_PASSWORD) # Try to promote to forums admin - not working # update_forum_role(self.course.id, staff_member, FORUM_ROLE_ADMINISTRATOR, 'allow') @@ -558,7 +558,7 @@ def test_instructor_level(self): CourseFinanceAdminRole(self.course.id).add_users(inst) CourseDataResearcherRole(self.course.id).add_users(inst) - self.client.login(username=inst.username, password='test') + self.client.login(username=inst.username, password=self.TEST_PASSWORD) for endpoint, args in self.staff_level_endpoints: expected_status = 200 @@ -632,7 +632,7 @@ def setUp(self): self.audit_course_instructor = InstructorFactory(course_key=self.audit_course.id) self.white_label_course_instructor = InstructorFactory(course_key=self.white_label_course.id) - self.client.login(username=self.instructor.username, password='test') + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) self.not_enrolled_student = UserFactory( username='NotEnrolledStudent', @@ -945,7 +945,7 @@ def test_audit_enrollment_mode(self): Test that enrollment mode for audit courses (paid courses) is 'audit'. """ # Login Audit Course instructor - self.client.login(username=self.audit_course_instructor.username, password='test') + self.client.login(username=self.audit_course_instructor.username, password=self.TEST_PASSWORD) csv_content = b"test_student_wl@example.com,test_student_wl,Test Student,USA" uploaded_file = SimpleUploadedFile("temp.csv", csv_content) @@ -976,7 +976,7 @@ def test_honor_enrollment_mode(self): self.white_label_course_mode.save() # Login Audit Course instructor - self.client.login(username=self.white_label_course_instructor.username, password='test') + self.client.login(username=self.white_label_course_instructor.username, password=self.TEST_PASSWORD) csv_content = b"test_student_wl@example.com,test_student_wl,Test Student,USA" uploaded_file = SimpleUploadedFile("temp.csv", csv_content) @@ -1024,7 +1024,7 @@ def setUp(self): self.request = RequestFactory().request() self.instructor = InstructorFactory(course_key=self.course.id) - self.client.login(username=self.instructor.username, password='test') + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) self.enrolled_student = UserFactory(username='EnrolledStudent', first_name='Enrolled', last_name='Student') CourseEnrollment.enroll( @@ -1873,7 +1873,7 @@ def setUp(self): super().setUp() self.instructor = InstructorFactory(course_key=self.course.id) - self.client.login(username=self.instructor.username, password='test') + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) self.beta_tester = BetaTesterFactory(course_key=self.course.id) CourseEnrollment.enroll( @@ -2218,7 +2218,7 @@ def setUp(self): super().setUp() self.instructor = InstructorFactory(course_key=self.course.id) - self.client.login(username=self.instructor.username, password='test') + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) self.other_instructor = InstructorFactory(course_key=self.course.id) self.other_staff = StaffFactory(course_key=self.course.id) @@ -2458,7 +2458,7 @@ def setUp(self): self.course_mode.save() self.instructor = InstructorFactory(course_key=self.course.id) CourseDataResearcherRole(self.course.id).add_users(self.instructor) - self.client.login(username=self.instructor.username, password='test') + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) self.students = [UserFactory() for _ in range(6)] for student in self.students: @@ -2600,7 +2600,7 @@ def test_get_students_features_teams(self, has_teams): })) course_instructor = InstructorFactory(course_key=self.course.id) CourseDataResearcherRole(self.course.id).add_users(course_instructor) - self.client.login(username=course_instructor.username, password='test') + self.client.login(username=course_instructor.username, password=self.TEST_PASSWORD) url = reverse('get_students_features', kwargs={'course_id': str(self.course.id)}) @@ -2972,7 +2972,7 @@ def setUpClass(cls): def setUp(self): super().setUp() self.instructor = InstructorFactory(course_key=self.course.id) - self.client.login(username=self.instructor.username, password='test') + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) self.student = UserFactory() CourseEnrollment.enroll(self.student, self.course.id) @@ -3158,7 +3158,7 @@ def setUp(self): self.instructor = InstructorFactory(course_key=self.course.id) # Add instructor to invalid ee course CourseInstructorRole(self.course_with_invalid_ee.id).add_users(self.instructor) - self.client.login(username=self.instructor.username, password='test') + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) self.student = UserFactory() CourseEnrollment.enroll(self.student, self.course.id) @@ -3261,7 +3261,7 @@ def test_entrance_exam_delete_state_with_staff(self): """ Test entrance exam delete state failure with staff access. """ self.client.logout() staff_user = StaffFactory(course_key=self.course.id) - self.client.login(username=staff_user.username, password='test') + self.client.login(username=staff_user.username, password=self.TEST_PASSWORD) url = reverse('reset_student_attempts_for_entrance_exam', kwargs={'course_id': str(self.course.id)}) response = self.client.post(url, { @@ -3414,7 +3414,7 @@ def setUp(self): } self.instructor = InstructorFactory(course_key=self.course.id) - self.client.login(username=self.instructor.username, password='test') + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) def tearDown(self): super().tearDown() @@ -3434,7 +3434,7 @@ def test_send_email_but_not_logged_in(self): def test_send_email_but_not_staff(self): self.client.logout() student = UserFactory() - self.client.login(username=student.username, password='test') + self.client.login(username=student.username, password=self.TEST_PASSWORD) url = reverse('send_email', kwargs={'course_id': str(self.course.id)}) response = self.client.post(url, self.full_test_message) assert response.status_code == 403 @@ -3631,7 +3631,7 @@ def setUpClass(cls): def setUp(self): super().setUp() self.instructor = InstructorFactory(course_key=self.course.id) - self.client.login(username=self.instructor.username, password='test') + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) self.student = UserFactory() CourseEnrollment.enroll(self.student, self.course.id) @@ -3768,7 +3768,7 @@ def setUp(self): super().setUp() self.instructor = InstructorFactory(course_key=self.course.id) - self.client.login(username=self.instructor.username, password='test') + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) self.tasks = {} self.emails = {} self.emails_info = {} @@ -4030,7 +4030,7 @@ def setUp(self): CourseEnrollmentFactory.create(user=self.user1, course_id=self.course.id) CourseEnrollmentFactory.create(user=self.user2, course_id=self.course.id) self.instructor = InstructorFactory(course_key=self.course.id) - self.client.login(username=self.instructor.username, password='test') + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) extract_dates(None, self.course.id) def test_change_due_date(self): @@ -4206,7 +4206,7 @@ def setUp(self): CourseEnrollmentFactory.create(user=self.user1, course_id=self.course.id) CourseEnrollmentFactory.create(user=self.user2, course_id=self.course.id) self.instructor = InstructorFactory(course_key=self.course.id) - self.client.login(username=self.instructor.username, password='test') + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) extract_dates(None, self.course.id) @override_waffle_flag(RELATIVE_DATES_FLAG, active=True) @@ -4251,7 +4251,7 @@ def setUpClass(cls): def setUp(self): super().setUp() self.instructor = InstructorFactory(course_key=self.course.id) - self.client.login(username=self.instructor.username, password='test') + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) def generate_certificate(self, course_id, mode, status): """ @@ -4379,7 +4379,7 @@ def expect_error_on_file_content(self, file_content, error, file_suffix='.csv'): """ Verify that we get the error we expect for a given file input. """ - self.client.login(username=self.staff_user.username, password='test') + self.client.login(username=self.staff_user.username, password=self.TEST_PASSWORD) response = self.call_add_users_to_cohorts(file_content, suffix=file_suffix) assert response.status_code == 400 result = json.loads(response.content.decode('utf-8')) @@ -4392,7 +4392,7 @@ def verify_success_on_file_content(self, file_content, mock_store_upload, mock_c background task. """ mock_store_upload.return_value = (None, 'fake_file_name.csv') - self.client.login(username=self.staff_user.username, password='test') + self.client.login(username=self.staff_user.username, password=self.TEST_PASSWORD) response = self.call_add_users_to_cohorts(file_content) assert response.status_code == 204 assert mock_store_upload.called @@ -4438,7 +4438,7 @@ def test_non_staff_no_access(self): """ Verify that we can't access the view when we aren't a staff user. """ - self.client.login(username=self.non_staff_user.username, password='test') + self.client.login(username=self.non_staff_user.username, password=self.TEST_PASSWORD) response = self.call_add_users_to_cohorts('') assert response.status_code == 403 diff --git a/lms/djangoapps/instructor/tests/test_api_email_localization.py b/lms/djangoapps/instructor/tests/test_api_email_localization.py index e0cef6a7af0b..a23b94ece021 100644 --- a/lms/djangoapps/instructor/tests/test_api_email_localization.py +++ b/lms/djangoapps/instructor/tests/test_api_email_localization.py @@ -35,7 +35,7 @@ def setUp(self): # Esperanto. self.instructor = InstructorFactory(course_key=self.course.id) set_user_preference(self.instructor, LANGUAGE_KEY, 'zh-cn') - self.client.login(username=self.instructor.username, password='test') + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) self.student = UserFactory.create() set_user_preference(self.student, LANGUAGE_KEY, 'eo') diff --git a/lms/djangoapps/instructor/tests/test_certificates.py b/lms/djangoapps/instructor/tests/test_certificates.py index 5350d1d07f71..11fd82bfb302 100644 --- a/lms/djangoapps/instructor/tests/test_certificates.py +++ b/lms/djangoapps/instructor/tests/test_certificates.py @@ -64,11 +64,11 @@ def setUp(self): def test_visible_only_to_global_staff(self): # Instructors don't see the certificates section - self.client.login(username=self.instructor.username, password="test") + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) self._assert_certificates_visible(False) # Global staff can see the certificates section - self.client.login(username=self.global_staff.username, password="test") + self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD) self._assert_certificates_visible(True) def test_visible_only_when_feature_flag_enabled(self): @@ -77,17 +77,17 @@ def test_visible_only_when_feature_flag_enabled(self): cache.clear() # Now even global staff can't see the certificates section - self.client.login(username=self.global_staff.username, password="test") + self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD) self._assert_certificates_visible(False) @ddt.data("started", "error", "success") def test_show_certificate_status(self, status): - self.client.login(username=self.global_staff.username, password="test") + self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD) with self._certificate_status("honor", status): self._assert_certificate_status("honor", status) def test_show_enabled_button(self): - self.client.login(username=self.global_staff.username, password="test") + self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD) # Initially, no example certs are generated, so # the enable button should be disabled @@ -104,7 +104,7 @@ def test_show_enabled_button(self): self._assert_enable_certs_button(False) def test_can_disable_even_after_failure(self): - self.client.login(username=self.global_staff.username, password="test") + self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD) with self._certificate_status("honor", "error"): # When certs are disabled for a course, then don't allow them @@ -127,7 +127,7 @@ def test_show_enabled_button_for_html_certs(self): self.course.cert_html_view_enabled = True self.course.save() self.store.update_item(self.course, self.global_staff.id) - self.client.login(username=self.global_staff.username, password="test") + self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD) response = self.client.get(self.url) self.assertContains(response, 'Enable Student-Generated Certificates') self.assertContains(response, 'enable-certificates-submit') @@ -143,7 +143,7 @@ def test_buttons_for_html_certs_in_self_paced_course(self): self.course.cert_html_view_enabled = True self.course.save() self.store.update_item(self.course, self.global_staff.id) - self.client.login(username=self.global_staff.username, password="test") + self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD) response = self.client.get(self.url) self.assertContains(response, 'Enable Student-Generated Certificates') self.assertContains(response, 'enable-certificates-submit') @@ -233,18 +233,18 @@ def test_allow_only_global_staff(self, url_name): url = reverse(url_name, kwargs={'course_id': self.course.id}) # Instructors do not have access - self.client.login(username=self.instructor.username, password='test') + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) response = self.client.post(url) assert response.status_code == 403 # Global staff have access - self.client.login(username=self.global_staff.username, password='test') + self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD) response = self.client.post(url) assert response.status_code == 302 @ddt.data(True, False) def test_enable_certificate_generation(self, is_enabled): - self.client.login(username=self.global_staff.username, password='test') + self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD) url = reverse( 'enable_certificate_generation', kwargs={'course_id': str(self.course.id)} @@ -274,7 +274,7 @@ def test_certificate_generation_api_without_global_staff(self): user who made the request is not member of global staff. """ user = UserFactory.create() - self.client.login(username=user.username, password='test') + self.client.login(username=user.username, password=self.TEST_PASSWORD) url = reverse( 'start_certificate_generation', kwargs={'course_id': str(self.course.id)} @@ -283,7 +283,7 @@ def test_certificate_generation_api_without_global_staff(self): response = self.client.post(url) assert response.status_code == 403 - self.client.login(username=self.instructor.username, password='test') + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) response = self.client.post(url) assert response.status_code == 403 @@ -292,7 +292,7 @@ def test_certificate_generation_api_with_global_staff(self): Test certificates generation api endpoint returns success status when called with valid course key """ - self.client.login(username=self.global_staff.username, password='test') + self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD) url = reverse( 'start_certificate_generation', kwargs={'course_id': str(self.course.id)} @@ -319,7 +319,7 @@ def test_certificate_regeneration_success(self): ) # Login the client and access the url with 'certificate_statuses' - self.client.login(username=self.global_staff.username, password='test') + self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD) url = reverse('start_certificate_regeneration', kwargs={'course_id': str(self.course.id)}) response = self.client.post(url, data={'certificate_statuses': [CertificateStatuses.downloadable]}) @@ -352,7 +352,7 @@ def test_certificate_regeneration_error(self): ) # Login the client and access the url without 'certificate_statuses' - self.client.login(username=self.global_staff.username, password='test') + self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD) url = reverse('start_certificate_regeneration', kwargs={'course_id': str(self.course.id)}) response = self.client.post(url) @@ -419,7 +419,7 @@ def setUp(self): # Enable certificate generation cache.clear() CertificateGenerationConfiguration.objects.create(enabled=True) - self.client.login(username=self.global_staff.username, password='test') + self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD) def test_certificate_exception_added_successfully(self): """ @@ -712,7 +712,7 @@ def setUp(self): # Enable certificate generation cache.clear() CertificateGenerationConfiguration.objects.create(enabled=True) - self.client.login(username=self.global_staff.username, password='test') + self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD) def test_generate_certificate_exceptions_all_students(self): """ @@ -830,7 +830,7 @@ def setUp(self): CourseEnrollment.enroll(self.enrolled_user_2, self.course.id) # Global staff can see the certificates section - self.client.login(username=self.global_staff.username, password="test") + self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD) def test_create_allowlist_exception_record(self): """ @@ -1026,7 +1026,7 @@ def setUp(self): ) # Global staff can see the certificates section - self.client.login(username=self.global_staff.username, password="test") + self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD) def test_invalidate_certificate(self): """ diff --git a/lms/djangoapps/instructor/tests/test_email.py b/lms/djangoapps/instructor/tests/test_email.py index a84c728c30e9..322c734fa613 100644 --- a/lms/djangoapps/instructor/tests/test_email.py +++ b/lms/djangoapps/instructor/tests/test_email.py @@ -40,7 +40,7 @@ def setUp(self): # Create instructor account instructor = AdminFactory.create() - self.client.login(username=instructor.username, password="test") + self.client.login(username=instructor.username, password=self.TEST_PASSWORD) def tearDown(self): super().tearDown() @@ -148,7 +148,7 @@ def setUp(self): # Create instructor account instructor = AdminFactory.create() - self.client.login(username=instructor.username, password="test") + self.client.login(username=instructor.username, password=self.TEST_PASSWORD) # URL for instructor dash self.url = reverse('instructor_dashboard', kwargs={'course_id': str(self.course_key)}) diff --git a/lms/djangoapps/instructor/tests/test_filters.py b/lms/djangoapps/instructor/tests/test_filters.py index 19948da1449f..a676ab92a59c 100644 --- a/lms/djangoapps/instructor/tests/test_filters.py +++ b/lms/djangoapps/instructor/tests/test_filters.py @@ -99,7 +99,7 @@ def setUp(self): # pylint: disable=arguments-differ """ super().setUp() self.instructor = AdminFactory.create() - self.client.login(username=self.instructor.username, password="test") + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) self.course = CourseFactory.create( org="test1", course="course1", display_name="run1", ) diff --git a/lms/djangoapps/instructor/tests/test_proctoring.py b/lms/djangoapps/instructor/tests/test_proctoring.py index 491a2ee1f7ed..4b196f307b99 100644 --- a/lms/djangoapps/instructor/tests/test_proctoring.py +++ b/lms/djangoapps/instructor/tests/test_proctoring.py @@ -36,7 +36,7 @@ def setUp(self): # Create instructor account self.instructor = AdminFactory.create() - self.client.login(username=self.instructor.username, password="test") + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) def setup_course_url(self, course): """ diff --git a/lms/djangoapps/instructor/tests/test_spoc_gradebook.py b/lms/djangoapps/instructor/tests/test_spoc_gradebook.py index bf574e8f506f..221ed3603e27 100644 --- a/lms/djangoapps/instructor/tests/test_spoc_gradebook.py +++ b/lms/djangoapps/instructor/tests/test_spoc_gradebook.py @@ -56,7 +56,7 @@ def setUp(self): super().setUp() instructor = AdminFactory.create() - self.client.login(username=instructor.username, password='test') + self.client.login(username=instructor.username, password=self.TEST_PASSWORD) self.users = [UserFactory.create() for _ in range(USER_COUNT)] for user in self.users: CourseEnrollmentFactory.create(user=user, course_id=self.course.id) diff --git a/lms/djangoapps/instructor/tests/views/test_instructor_dashboard.py b/lms/djangoapps/instructor/tests/views/test_instructor_dashboard.py index bca16977a98c..db455f02587d 100644 --- a/lms/djangoapps/instructor/tests/views/test_instructor_dashboard.py +++ b/lms/djangoapps/instructor/tests/views/test_instructor_dashboard.py @@ -85,7 +85,7 @@ def setUp(self): self.course_mode.save() # Create instructor account self.instructor = AdminFactory.create() - self.client.login(username=self.instructor.username, password="test") + self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD) # URL for instructor dash self.url = reverse('instructor_dashboard', kwargs={'course_id': str(self.course.id)}) @@ -169,7 +169,7 @@ def test_discussion_tab_for_course_staff_role(self, access_role, is_pages_and_re org=self.course.id.org ) set_course_cohorted(self.course.id, True) - self.client.login(username=self.user.username, password='test') + self.client.login(username=self.user.username, password=self.TEST_PASSWORD) response = self.client.get(self.url).content.decode('utf-8') self.assertEqual(discussion_section in response, is_discussion_tab_available) @@ -192,7 +192,7 @@ def test_discussion_tab_for_global_user(self, is_pages_and_resources_enabled, with override_waffle_flag(OVERRIDE_DISCUSSION_LEGACY_SETTINGS_FLAG, is_legacy_discussion_setting_enabled): user = UserFactory.create(is_staff=True) set_course_cohorted(self.course.id, True) - self.client.login(username=user.username, password='test') + self.client.login(username=user.username, password=self.TEST_PASSWORD) response = self.client.get(self.url).content.decode('utf-8') self.assertEqual(discussion_section in response, is_discussion_tab_available) @@ -224,7 +224,7 @@ def test_data_download(self, access_role, can_access, waffle_status): role=access_role, org=self.course.id.org ) - self.client.login(username=user.username, password="test") + self.client.login(username=user.username, password=self.TEST_PASSWORD) response = self.client.get(self.url) if can_access: self.assertContains(response, download_section) @@ -244,7 +244,7 @@ def test_data_download_only(self): role='data_researcher', org=self.course.id.org ) - self.client.login(username=user.username, password="test") + self.client.login(username=user.username, password=self.TEST_PASSWORD) response = self.client.get(self.url) matches = re.findall( rb'