Akshay Vishnoi
9bc91260ac
Use @existing_user
while updating existing user, fixing - #ee4e86
2014-06-14 14:42:52 +05:30
Godfrey Chan
ee4e86fa4b
Cleaned up the has_secure_password
test cases
...
* Grouped the valid test cases in one place
* Make the length of the generated password obvious
* Removed two wrong (copy-and-pasted) test cases
2014-06-14 00:43:47 -07:00
Akshay Vishnoi
cabbc8f6a5
SecurePassword - Validate password must be less than or equal to 72
...
See #14591 , Reason - BCrypt hash function can handle maximum 72 characters.
2014-06-14 12:35:31 +05:30
Yves Senn
6868265fe3
comment why we are modifying global state. [ci skip]
2014-03-11 08:34:51 +01:00
Zuhao Wan
cc6bc1cc46
Completely remove potential global state leaks in ActiveModel tests.
...
ActiveModel tests can now be run in random order.
2014-03-11 00:48:25 +08:00
Zuhao Wan
9ffeb36265
Run ActiveModel test suites in random order.
...
This gets the whole ActiveModel test suites working even if
`self.i_suck_and_my_tests_are_order_dependent!` is disabled
in `ActiveSupport::TestCase`.
Two places are found that potentially leak global state. This patch
makes sure states are restored so that none of the changes happen in
a single test will be carried over to subsequence tests.
2014-03-10 03:52:51 +08:00
Godfrey Chan
98705d88cd
Some minor fixes
2014-01-24 20:06:31 -08:00
Godfrey Chan
b6ddbfb158
Removed old tests
2014-01-24 19:49:31 -08:00
Guillermo Iguaran
87e1e86640
Merge pull request #13273 from robertomiranda/test-remove-require
...
Remove require 'models/administrator', Administrator is not used in secure password test
2013-12-11 05:39:14 -08:00
robertomiranda
df7e5b69de
Remove require 'models/administrator', Administrator is not used in secure password test
2013-12-11 08:34:28 -05:00
T.J. Schuck
5d7b413d84
Use bcrypt's public cost attr, not internal constant
...
See:
- https://github.com/codahale/bcrypt-ruby/pull/63
- https://github.com/codahale/bcrypt-ruby/pull/64
- https://github.com/codahale/bcrypt-ruby/pull/65
2013-10-10 11:46:59 -04:00
Vladimir Kiselev
3be0cdfa55
Fix secure_password password_confirmation validations
2013-07-24 03:14:15 +04:00
Phil Calvin
5d93ef8f45
Fix regression in has_secure_password.
...
If the confirmation was blank, but the password wasn't, it would still save.
2013-05-30 11:18:43 -07:00
Yves Senn
8c1687bbf8
has_secure_password
is not invalid when assigning empty Strings.
...
Closes #9535 .
With 692b3b6 the `password=` setter does no longer set blank passwords.
This triggered validation errors when assigning empty Strings to `password`
and `password_confirmation`.
This patch only sets the confirmation if it is not `blank?`.
2013-03-04 18:56:05 +01:00
Carlos Antonio da Silva
c2c1ecb05e
Use secure password min cost option in its own tests for a speed up
...
Around 0.564359s => 0.092244s speed up in my machine.
2012-11-21 19:34:55 -02:00
Trevor Turk
06faa6da80
Use BCrypt's MIN_COST in the test environment for speedier tests
2012-11-14 09:42:54 -06:00
dfens
ab9140ff02
Cleanup trailing whitespaces
2012-10-12 09:56:39 +02:00
Guillermo Iguaran
f8c9a4d3e8
Remove MassAssignmentSecurity from ActiveModel
...
This will be moved out to protected_attributes gem
2012-09-16 23:58:19 -05:00
Robby Grossman
ad7f9cdf00
has_secure_password should not raise a 'digest missing' error if the calling class has specified for validations to be skipped.
2012-07-31 16:16:21 -04:00
Erich Menge
f021377358
Updated tests for has_secure_password.
2012-05-08 18:08:55 -05:00
Oscar Del Ben
692b3b6b6a
Fix secure_password setter
2012-04-24 19:16:01 +02:00
Vijay Dev
8dffc62a9b
use variables from test setup
2011-10-17 19:15:24 +05:30
Josh Kalderimis
1054ebd613
AM mass assignment security attr_accessible and attr_protected now allow for scopes using :as => scope eg.
...
attr_accessible :name
attr_accessible :name, :admin, :as => :admin
2011-04-24 09:53:18 +02:00
Aaron Patterson
3e23752236
bcrypt will encrypt anything, so validate_presence_of would not catch nil / blank passwords. Thank you to Aleksander Kamil Modzelewski for reporting this
2011-04-14 14:54:25 -07:00
Tsutomu Kuroda
ad31549ab3
Override attributes_protected_by_default when has_secure_password is called.
...
attr_protected should not be called, because it nullifies the
mass assignment protection that has been set by attr_accessible.
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-02-09 18:35:15 -02:00
Santiago Pastorino
08ccd29b5b
Remove weak_passwords list and the length/strong password validator, leave that up to the programmer
2010-12-19 15:01:29 -02:00
Mikel Lindsaar
6c217f98db
Add set_weak_passwords call in alignment with set_table_name.
2010-12-19 21:36:47 +11:00
Mikel Lindsaar
a39a333769
Added ability to specify which passwords you want as weak passwords
2010-12-19 20:39:54 +11:00
José Valim
432556b923
Make password messages translatable.
2010-12-19 09:34:31 +01:00
José Valim
d592fa946d
Avoid warnings and fix small typo on SecurePassword.
2010-12-19 09:28:15 +01:00
David Heinemeier Hansson
bd9dc4ff23
BCrypt does its own salting, lovely!
2010-12-18 19:09:07 -08:00
David Heinemeier Hansson
bcf4e4f2b0
Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePassword) to encapsulate dead-simple password usage with SHA2 encryption and salting
2010-12-18 13:38:05 -08:00