diff options
-rw-r--r-- | qa/t/test_create_user_accounts.t | 2 | ||||
-rw-r--r-- | qa/t/webservice_user_create.t | 10 |
2 files changed, 10 insertions, 2 deletions
diff --git a/qa/t/test_create_user_accounts.t b/qa/t/test_create_user_accounts.t index d9c0c4404..5d6471073 100644 --- a/qa/t/test_create_user_accounts.t +++ b/qa/t/test_create_user_accounts.t @@ -85,6 +85,8 @@ foreach my $account (@accounts) { # These accounts are illegal but do not cause a javascript alert @accounts = ('test@bugzilla.org@bugzilla.test', 'test@bugzilla..test'); +# Logins larger than 127 characters must be rejected, for security reasons. +push @accounts, 'selenium-' . random_string(110) . '@bugzilla.test'; foreach my $account (@accounts) { $sel->click_ok("link=New Account"); $sel->wait_for_page_to_load_ok(WAIT_TIME); diff --git a/qa/t/webservice_user_create.t b/qa/t/webservice_user_create.t index 20301a6c5..551de9977 100644 --- a/qa/t/webservice_user_create.t +++ b/qa/t/webservice_user_create.t @@ -13,7 +13,7 @@ use strict; use warnings; use lib qw(lib); use QA::Util; -use Test::More tests => 69; +use Test::More tests => 75; my ($config, $xmlrpc, $jsonrpc, $jsonrpc_get) = get_rpc_clients(); use constant NEW_PASSWORD => 'password'; @@ -25,7 +25,7 @@ use constant PASSWORD_TOO_SHORT => 'a'; use constant INVALID_EMAIL => '()[]\;:,<>@webservice.test'; sub new_login { - return 'created_' . random_string() . '@webservice.test'; + return 'created_' . random_string(@_) . '@webservice.test'; } sub post_success { @@ -76,6 +76,12 @@ foreach my $rpc ($jsonrpc, $xmlrpc) { test => 'Invalid email address fails', }, { user => 'admin', + args => { email => new_login(128), full_name => NEW_FULLNAME, + password => NEW_PASSWORD }, + error => "didn't pass our syntax checking", + test => 'Too long (> 127 chars) email address fails', + }, + { user => 'admin', args => { email => $config->{unprivileged_user_login}, full_name => NEW_FULLNAME, password => NEW_PASSWORD }, error => "There is already an account", |