2010-12-18 21:38:05 +00:00
|
|
|
require 'cases/helper'
|
|
|
|
require 'models/user'
|
2012-07-31 20:16:21 +00:00
|
|
|
require 'models/oauthed_user'
|
2011-01-26 02:35:02 +00:00
|
|
|
require 'models/visitor'
|
2010-12-18 21:38:05 +00:00
|
|
|
|
|
|
|
class SecurePasswordTest < ActiveModel::TestCase
|
|
|
|
setup do
|
2012-11-20 01:07:12 +00:00
|
|
|
ActiveModel::SecurePassword.min_cost = true
|
|
|
|
|
2010-12-18 21:38:05 +00:00
|
|
|
@user = User.new
|
2012-05-08 22:54:47 +00:00
|
|
|
@visitor = Visitor.new
|
2012-07-31 20:16:21 +00:00
|
|
|
@oauthed_user = OauthedUser.new
|
2010-12-18 21:38:05 +00:00
|
|
|
end
|
|
|
|
|
2012-11-20 01:07:12 +00:00
|
|
|
teardown do
|
|
|
|
ActiveModel::SecurePassword.min_cost = false
|
|
|
|
end
|
|
|
|
|
2011-04-14 21:54:25 +00:00
|
|
|
test "blank password" do
|
2012-05-08 22:54:47 +00:00
|
|
|
@user.password = @visitor.password = ''
|
|
|
|
assert !@user.valid?(:create), 'user should be invalid'
|
|
|
|
assert @visitor.valid?(:create), 'visitor should be valid'
|
2011-04-14 21:54:25 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
test "nil password" do
|
2012-05-08 22:54:47 +00:00
|
|
|
@user.password = @visitor.password = nil
|
|
|
|
assert !@user.valid?(:create), 'user should be invalid'
|
|
|
|
assert @visitor.valid?(:create), 'visitor should be valid'
|
2011-04-14 21:54:25 +00:00
|
|
|
end
|
|
|
|
|
2012-04-24 17:16:01 +00:00
|
|
|
test "blank password doesn't override previous password" do
|
|
|
|
@user.password = 'test'
|
|
|
|
@user.password = ''
|
|
|
|
assert_equal @user.password, 'test'
|
|
|
|
end
|
|
|
|
|
2010-12-18 21:38:05 +00:00
|
|
|
test "password must be present" do
|
2012-05-08 22:54:47 +00:00
|
|
|
assert !@user.valid?(:create)
|
2010-12-18 21:38:05 +00:00
|
|
|
assert_equal 1, @user.errors.size
|
|
|
|
end
|
2010-12-19 09:39:54 +00:00
|
|
|
|
2012-05-08 22:54:47 +00:00
|
|
|
test "match confirmation" do
|
|
|
|
@user.password = @visitor.password = "thiswillberight"
|
|
|
|
@user.password_confirmation = @visitor.password_confirmation = "wrong"
|
2010-12-19 09:39:54 +00:00
|
|
|
|
2010-12-18 21:38:05 +00:00
|
|
|
assert !@user.valid?
|
2012-05-08 22:54:47 +00:00
|
|
|
assert @visitor.valid?
|
2010-12-19 09:39:54 +00:00
|
|
|
|
2010-12-18 21:38:05 +00:00
|
|
|
@user.password_confirmation = "thiswillberight"
|
2010-12-19 09:39:54 +00:00
|
|
|
|
2010-12-18 21:38:05 +00:00
|
|
|
assert @user.valid?
|
|
|
|
end
|
2010-12-19 09:39:54 +00:00
|
|
|
|
2010-12-18 21:38:05 +00:00
|
|
|
test "authenticate" do
|
|
|
|
@user.password = "secret"
|
2010-12-19 09:39:54 +00:00
|
|
|
|
2010-12-18 21:38:05 +00:00
|
|
|
assert !@user.authenticate("wrong")
|
|
|
|
assert @user.authenticate("secret")
|
|
|
|
end
|
2011-01-26 02:35:02 +00:00
|
|
|
|
2012-05-08 22:54:47 +00:00
|
|
|
test "User should not be created with blank digest" do
|
2012-10-12 07:56:39 +00:00
|
|
|
assert_raise RuntimeError do
|
2012-05-08 22:54:47 +00:00
|
|
|
@user.run_callbacks :create
|
|
|
|
end
|
|
|
|
@user.password = "supersecretpassword"
|
|
|
|
assert_nothing_raised do
|
|
|
|
@user.run_callbacks :create
|
|
|
|
end
|
|
|
|
end
|
2012-11-14 15:42:54 +00:00
|
|
|
|
2012-07-31 20:16:21 +00:00
|
|
|
test "Oauthed user can be created with blank digest" do
|
|
|
|
assert_nothing_raised do
|
|
|
|
@oauthed_user.run_callbacks :create
|
|
|
|
end
|
|
|
|
end
|
2012-11-14 15:42:54 +00:00
|
|
|
|
2012-11-20 01:07:12 +00:00
|
|
|
test "Password digest cost defaults to bcrypt default cost when min_cost is false" do
|
|
|
|
ActiveModel::SecurePassword.min_cost = false
|
|
|
|
|
2012-11-14 15:42:54 +00:00
|
|
|
@user.password = "secret"
|
|
|
|
assert_equal BCrypt::Engine::DEFAULT_COST, @user.password_digest.cost
|
|
|
|
end
|
|
|
|
|
2013-09-23 18:46:41 +00:00
|
|
|
test "Password digest cost honors bcrypt cost attribute when min_cost is false" do
|
|
|
|
ActiveModel::SecurePassword.min_cost = false
|
|
|
|
BCrypt::Engine.cost = 5
|
|
|
|
|
|
|
|
@user.password = "secret"
|
|
|
|
assert_equal BCrypt::Engine.cost, @user.password_digest.cost
|
|
|
|
end
|
|
|
|
|
2012-11-14 15:42:54 +00:00
|
|
|
test "Password digest cost can be set to bcrypt min cost to speed up tests" do
|
|
|
|
ActiveModel::SecurePassword.min_cost = true
|
2012-11-20 01:07:12 +00:00
|
|
|
|
2012-11-14 15:42:54 +00:00
|
|
|
@user.password = "secret"
|
|
|
|
assert_equal BCrypt::Engine::MIN_COST, @user.password_digest.cost
|
|
|
|
end
|
2013-03-04 17:56:05 +00:00
|
|
|
|
|
|
|
test "blank password_confirmation does not result in a confirmation error" do
|
|
|
|
@user.password = ""
|
|
|
|
@user.password_confirmation = ""
|
|
|
|
assert @user.valid?(:update), "user should be valid"
|
|
|
|
end
|
2013-05-20 19:13:21 +00:00
|
|
|
|
2013-06-26 00:46:21 +00:00
|
|
|
test "password_confirmation validations will not be triggered if password_confirmation is not sent" do
|
|
|
|
@user.password = "password"
|
|
|
|
assert @user.valid?(:create)
|
|
|
|
end
|
|
|
|
|
2013-05-20 19:13:21 +00:00
|
|
|
test "will not save if confirmation is blank but password is not" do
|
|
|
|
@user.password = "password"
|
|
|
|
@user.password_confirmation = ""
|
|
|
|
assert_not @user.valid?(:create)
|
|
|
|
|
|
|
|
@user.password_confirmation = "password"
|
|
|
|
assert @user.valid?(:create)
|
|
|
|
end
|
2010-12-19 16:58:14 +00:00
|
|
|
end
|