User registration prevents using password as username.

Some users erroneously set their password as their username with the original layout, because the username field directly followed the password field. Users may be accustomed to the common occurrence of a password confirmation field directly following the password field. To fix the issue, I did the following: - Moved the existing username and real name form fields above the password field. - Added a validation in the create_account handler in common/djangoapps/student/views.py, which confirms that the password field does not match the username field. New tests created to check the added functionality.

User registration prevents using password as username.
Some users erroneously set their password as their username with the original layout, because the username field directly followed the password field. Users may be accustomed to the common occurrence of a password confirmation field directly following the password field. To fix the issue, I did the following: - Moved the existing username and real name form fields above the password field. - Added a validation in the create_account handler in common/djangoapps/student/views.py, which confirms that the password field does not match the username field. New tests created to check the added functionality.
770e7aac · njdup · feac1e0b · 770e7aac · 770e7aac · 770e7aac
Commit 770e7aac authored Jun 30, 2014 by njdup
Showing with 62 additions and 17 deletions

AUTHORS
+1 -0

cms/templates/register.html
+6 -6

common/djangoapps/student/tests/test_password_policy.py
+36 -0

common/djangoapps/student/views.py
+8 -0

lms/templates/register.html
+11 -11

No files found.
--- a/AUTHORS
+++ b/AUTHORS
@@ -161,3 +161,4 @@ Daniel Friedman <dfriedman@edx.org>
 Asad Iqbal <aiqbal@edx.org>
 Peter Pinch <pdpinch@mit.edu>
 Muhammad Shoaib <mshoaib@edx.org>
+Nicholas Dupoux <njdupoux1994@gmail.com>
--- a/cms/templates/register.html
+++ b/cms/templates/register.html
@@ -31,9 +31,9 @@
              <input id="email" type="email" name="email" placeholder="e.g. jane.doe@gmail.com" />
            </li>
-            <li class="field text required" id="field-password">
+            <li class="field text required" id="field-name">
-              <label for="password">${_("Password")}</label>
+              <label for="name">${_("Full Name")}</label>
-              <input id="password" type="password" name="password" />
+              <input id="name" type="text" name="name" placeholder="e.g. Jane Doe" />
            </li>
            <li class="field text required" id="field-username">
@@ -42,9 +42,9 @@
              <span class="tip tip-stacked">${_("This will be used in public discussions with your courses and in our edX101 support forums")}</span>
            </li>
-            <li class="field text required" id="field-name">
+            <li class="field text required" id="field-password">
-              <label for="name">${_("Full Name")}</label>
+              <label for="password">${_("Password")}</label>
-              <input id="name" type="text" name="name" placeholder="e.g. Jane Doe" />
+              <input id="password" type="password" name="password" />
            </li>
            <li class="field-group">

--- a/common/djangoapps/student/tests/test_password_policy.py
+++ b/common/djangoapps/student/tests/test_password_policy.py
@@ -236,3 +236,39 @@ class TestPasswordPolicy(TestCase):
        self.assertEqual(response.status_code, 200)
        obj = json.loads(response.content)
        self.assertTrue(obj['success'])
+class TestUsernamePasswordNonmatch(TestCase):
+    """
+    Test that registration username and password fields differ
+    """
+    def setUp(self):
+        super(TestUsernamePasswordNonmatch, self).setUp()
+        self.url = reverse('create_account')
+        self.url_params = {
+            'username': 'username',
+            'email': 'foo_bar@bar.com',
+            'name': 'username',
+            'terms_of_service': 'true',
+            'honor_code': 'true',
+        }
+    def test_with_username_password_match(self):
+        self.url_params['username'] = "foobar"
+        self.url_params['password'] = "foobar"
+        response = self.client.post(self.url, self.url_params)
+        self.assertEquals(response.status_code, 400)
+        obj = json.loads(response.content)
+        self.assertEqual(
+            obj['value'],
+            "Username and password fields cannot match",
+        )
+    def test_with_username_password_nonmatch(self):
+        self.url_params['username'] = "foobar"
+        self.url_params['password'] = "nonmatch"
+        response = self.client.post(self.url, self.url_params)
+        self.assertEquals(response.status_code, 200)
+        obj = json.loads(response.content)
+        self.assertTrue(obj['success'])
--- a/common/djangoapps/student/views.py
+++ b/common/djangoapps/student/views.py
@@ -1275,6 +1275,14 @@ def create_account(request, post_override=None):  # pylint: disable-msg=too-many
                extended_profile = {}
            extended_profile[field] = post_vars[field]
+    # Make sure that password and username fields do not match
+    username = post_vars['username']
+    password = post_vars['password']
+    if username == password:
+        js['value'] = _("Username and password fields cannot match")
+        js['field'] = 'username'
+        return JsonResponse(js, status=400)
    # Ok, looks like everything is legit.  Create the account.
    try:
        with transaction.commit_on_success():

--- a/lms/templates/register.html
+++ b/lms/templates/register.html
@@ -167,6 +167,17 @@
            <input class="" id="email" type="email" name="email" value="${email}" placeholder="${_('example: username@domain.com')}" required aria-required="true" />
          </li>
+          <li class="field required text" id="field-name">
+            <label for="name">${_('Full Name')}</label>
+            <input id="name" type="text" name="name" value="${name}" placeholder="${_('example: Jane Doe')}" required aria-required="true" aria-describedby="name-tip" />
+            <span class="tip tip-input" id="name-tip">${_("Needed for any certificates you may earn")}</span>
+          </li>
+          <li class="field required text" id="field-username">
+            <label for="username">${_('Public Username')}</label>
+            <input id="username" type="text" name="username" value="${username}" placeholder="${_('example: JaneDoe')}" required aria-required="true" aria-describedby="username-tip"/>
+            <span class="tip tip-input" id="username-tip">${_('Will be shown in any discussions or forums you participate in')} <strong>(${_('cannot be changed later')})</strong></span>
+          </li>
          % if settings.FEATURES.get('ENABLE_THIRD_PARTY_AUTH') and running_pipeline:
          <li class="is-disabled field optional password" id="field-password" hidden>
@@ -182,17 +193,6 @@
          </li>
          % endif
-          <li class="field required text" id="field-username">
-            <label for="username">${_('Public Username')}</label>
-            <input id="username" type="text" name="username" value="${username}" placeholder="${_('example: JaneDoe')}" required aria-required="true" aria-describedby="username-tip"/>
-            <span class="tip tip-input" id="username-tip">${_('Will be shown in any discussions or forums you participate in')} <strong>(${_('cannot be changed later')})</strong></span>
-          </li>
-          <li class="field required text" id="field-name">
-            <label for="name">${_('Full Name')}</label>
-            <input id="name" type="text" name="name" value="${name}" placeholder="${_('example: Jane Doe')}" required aria-required="true" aria-describedby="name-tip" />
-            <span class="tip tip-input" id="name-tip">${_("Needed for any certificates you may earn")}</span>
-          </li>
        </ol>
        % else: