diff --git a/tests/rest/client/test_account.py b/tests/rest/client/test_account.py
index e9f495e206..cffbda9a7d 100644
--- a/tests/rest/client/test_account.py
+++ b/tests/rest/client/test_account.py
@@ -31,6 +31,7 @@ from synapse.rest import admin
from synapse.rest.client import account, login, register, room
from synapse.rest.synapse.client.password_reset import PasswordResetSubmitTokenResource
from synapse.server import HomeServer
+from synapse.storage._base import db_to_json
from synapse.types import JsonDict, UserID
from synapse.util import Clock
@@ -134,6 +135,18 @@ class PasswordResetTestCase(unittest.HomeserverTestCase):
# Assert we can't log in with the old password
self.attempt_wrong_password_login("kermit", old_password)
+ # Check that the UI Auth information doesn't store the password in the database.
+ #
+ # Note that we don't have the UI Auth session ID, so just pull out the single
+ # row.
+ ui_auth_data = self.get_success(
+ self.store.db_pool.simple_select_one(
+ "ui_auth_sessions", keyvalues={}, retcols=("clientdict",)
+ )
+ )
+ client_dict = db_to_json(ui_auth_data["clientdict"])
+ self.assertNotIn("new_password", client_dict)
+
@override_config({"rc_3pid_validation": {"burst_count": 3}})
def test_ratelimit_by_email(self) -> None:
"""Test that we ratelimit /requestToken for the same email."""
@@ -562,7 +575,7 @@ class DeactivateTestCase(unittest.HomeserverTestCase):
# create a bunch of users and add keys for them
users = []
- for i in range(0, 20):
+ for i in range(20):
user_id = self.register_user("missPiggy" + str(i), "test")
users.append((user_id,))
diff --git a/tests/rest/client/test_login.py b/tests/rest/client/test_login.py
index a2a6589564..768d7ad4c2 100644
--- a/tests/rest/client/test_login.py
+++ b/tests/rest/client/test_login.py
@@ -176,10 +176,10 @@ class LoginRestServletTestCase(unittest.HomeserverTestCase):
def test_POST_ratelimiting_per_address(self) -> None:
# Create different users so we're sure not to be bothered by the per-user
# ratelimiter.
- for i in range(0, 6):
+ for i in range(6):
self.register_user("kermit" + str(i), "monkey")
- for i in range(0, 6):
+ for i in range(6):
params = {
"type": "m.login.password",
"identifier": {"type": "m.id.user", "user": "kermit" + str(i)},
@@ -228,7 +228,7 @@ class LoginRestServletTestCase(unittest.HomeserverTestCase):
def test_POST_ratelimiting_per_account(self) -> None:
self.register_user("kermit", "monkey")
- for i in range(0, 6):
+ for i in range(6):
params = {
"type": "m.login.password",
"identifier": {"type": "m.id.user", "user": "kermit"},
@@ -277,7 +277,7 @@ class LoginRestServletTestCase(unittest.HomeserverTestCase):
def test_POST_ratelimiting_per_account_failed_attempts(self) -> None:
self.register_user("kermit", "monkey")
- for i in range(0, 6):
+ for i in range(6):
params = {
"type": "m.login.password",
"identifier": {"type": "m.id.user", "user": "kermit"},
diff --git a/tests/rest/client/test_register.py b/tests/rest/client/test_register.py
index c33393dc28..ba4e017a0e 100644
--- a/tests/rest/client/test_register.py
+++ b/tests/rest/client/test_register.py
@@ -169,7 +169,7 @@ class RegisterRestServletTestCase(unittest.HomeserverTestCase):
@override_config({"rc_registration": {"per_second": 0.17, "burst_count": 5}})
def test_POST_ratelimiting_guest(self) -> None:
- for i in range(0, 6):
+ for i in range(6):
url = self.url + b"?kind=guest"
channel = self.make_request(b"POST", url, b"{}")
@@ -187,7 +187,7 @@ class RegisterRestServletTestCase(unittest.HomeserverTestCase):
@override_config({"rc_registration": {"per_second": 0.17, "burst_count": 5}})
def test_POST_ratelimiting(self) -> None:
- for i in range(0, 6):
+ for i in range(6):
request_data = {
"username": "kermit" + str(i),
"password": "monkey",
@@ -1223,7 +1223,7 @@ class RegistrationTokenValidityRestServletTestCase(unittest.HomeserverTestCase):
def test_GET_ratelimiting(self) -> None:
token = "1234"
- for i in range(0, 6):
+ for i in range(6):
channel = self.make_request(
b"GET",
f"{self.url}?token={token}",
|
