Fixup tests that interact with django-allauth ACCOUNT_PREVENT_ENUMERATION

ewdurbin · ewdurbin · commit b3bd4969f048 · 2024-09-11T15:02:22.000-04:00
ACCOUNT_PREVENT_ENUMERATION was introduced in django-allauth 0.52.0, and interferes with our expectations.

This should probably be turned on! But for now disable it by default to keep the changeset minimal.

Allauth _used_ to iterate over users to check for email uniquenss but stopped at some point, so we have to create an EmailAdress object for the user in the relevant test-case for duplicate emails
diff --git a/pydotorg/settings/base.py b/pydotorg/settings/base.py
@@ -110,6 +110,8 @@
 ACCOUNT_UNIQUE_EMAIL = True
 ACCOUNT_EMAIL_VERIFICATION = 'mandatory'
 ACCOUNT_AUTHENTICATION_METHOD = 'username_email'
+# TODO: Enable enumeration prevention
+ACCOUNT_PREVENT_ENUMERATION = False
 SOCIALACCOUNT_EMAIL_REQUIRED = True
 SOCIALACCOUNT_EMAIL_VERIFICATION = True
 SOCIALACCOUNT_QUERY_EMAIL = True
diff --git a/users/tests/test_forms.py b/users/tests/test_forms.py
@@ -1,7 +1,8 @@
 from django.contrib.auth import get_user_model
-from django.test import TestCase, RequestFactory
+from django.test import TestCase
 
 from allauth.account.forms import SignupForm
+from allauth.account.models import EmailAddress
 
 from users.forms import UserProfileForm, MembershipForm
 
@@ -50,8 +51,8 @@ def test_duplicate_username(self):
         self.assertIn('username', form.errors)
 
     def test_duplicate_email(self):
-        User.objects.create_user('test1', 'test@example.com', 'testpass')
-        request = RequestFactory().get('/')
+        user = User.objects.create_user('test1', 'test@example.com', 'testpass')
+        EmailAddress.objects.create(user=user, email="test@example.com")
 
         form = SignupForm(data={
             'username': 'username2',
@@ -60,11 +61,8 @@ def test_duplicate_email(self):
             'password2': 'password',
         })
 
-        self.assertTrue(form.is_valid())
-        with self.assertRaises(ValueError) as e:
-            form.save(request)
-
-        self.assertEqual(str(e.exception), 'test@example.com')
+        self.assertFalse(form.is_valid())
+        self.assertIn('email', form.errors)
 
     def test_newline_in_username(self):
         # Note that since Django 1.9, forms.CharField().strip is True
diff --git a/users/tests/test_views.py b/users/tests/test_views.py
@@ -228,7 +228,6 @@ def test_user_new_account(self):
             'password2': 'password',
         })
 
-    @override_settings(ACCOUNT_PREVENT_ENUMERATION=False)
     def test_user_duplicate_username_email(self):
         post_data = {
             'username': 'thisusernamedoesntexist',
