2010-03-26 06:27:19 -04:00
|
|
|
require 'test_helper'
|
2012-12-01 22:06:03 -05:00
|
|
|
require 'test_models'
|
2009-09-17 08:24:33 -04:00
|
|
|
require 'digest/sha1'
|
|
|
|
|
2010-03-29 10:13:19 -04:00
|
|
|
class DatabaseAuthenticatableTest < ActiveSupport::TestCase
|
2015-06-19 15:21:10 -04:00
|
|
|
def setup
|
|
|
|
setup_mailer
|
|
|
|
end
|
|
|
|
|
2010-11-20 09:54:01 -05:00
|
|
|
test 'should downcase case insensitive keys when saving' do
|
|
|
|
# case_insensitive_keys is set to :email by default.
|
|
|
|
email = 'Foo@Bar.com'
|
2014-02-25 11:42:55 -05:00
|
|
|
user = new_user(email: email)
|
2011-04-16 02:13:17 -04:00
|
|
|
|
2010-11-20 09:54:01 -05:00
|
|
|
assert_equal email, user.email
|
|
|
|
user.save!
|
|
|
|
assert_equal email.downcase, user.email
|
|
|
|
end
|
2012-02-17 11:52:42 -05:00
|
|
|
|
2012-12-01 22:06:11 -05:00
|
|
|
test 'should downcase case insensitive keys that refer to virtual attributes when saving' do
|
2012-12-04 14:37:12 -05:00
|
|
|
email = 'Foo@Bar1.com'
|
2012-12-01 22:06:11 -05:00
|
|
|
confirmation = 'Foo@Bar1.com'
|
2014-02-25 11:42:55 -05:00
|
|
|
attributes = valid_attributes(email: email, email_confirmation: confirmation)
|
2012-12-04 14:37:12 -05:00
|
|
|
user = UserWithVirtualAttributes.new(attributes)
|
|
|
|
|
2012-12-04 14:48:49 -05:00
|
|
|
assert_equal confirmation, user.email_confirmation
|
|
|
|
user.save!
|
2012-12-04 14:37:12 -05:00
|
|
|
assert_equal confirmation.downcase, user.email_confirmation
|
2012-12-01 22:06:11 -05:00
|
|
|
end
|
|
|
|
|
2013-10-17 19:07:42 -04:00
|
|
|
test 'should not mutate value assigned to case insensitive key' do
|
|
|
|
email = 'Foo@Bar.com'
|
|
|
|
original_email = email.dup
|
2014-02-25 11:42:55 -05:00
|
|
|
user = new_user(email: email)
|
2013-10-17 19:07:42 -04:00
|
|
|
|
|
|
|
user.save!
|
|
|
|
assert_equal original_email, email
|
|
|
|
end
|
|
|
|
|
2011-06-10 04:37:43 -04:00
|
|
|
test 'should remove whitespace from strip whitespace keys when saving' do
|
|
|
|
# strip_whitespace_keys is set to :email by default.
|
|
|
|
email = ' foo@bar.com '
|
2014-02-25 11:42:55 -05:00
|
|
|
user = new_user(email: email)
|
2011-06-10 04:37:43 -04:00
|
|
|
|
|
|
|
assert_equal email, user.email
|
|
|
|
user.save!
|
|
|
|
assert_equal email.strip, user.email
|
|
|
|
end
|
2011-04-16 02:13:17 -04:00
|
|
|
|
2013-10-17 19:07:42 -04:00
|
|
|
test 'should not mutate value assigned to string whitespace key' do
|
|
|
|
email = ' foo@bar.com '
|
|
|
|
original_email = email.dup
|
2014-02-25 11:42:55 -05:00
|
|
|
user = new_user(email: email)
|
2013-10-17 19:07:42 -04:00
|
|
|
|
|
|
|
user.save!
|
|
|
|
assert_equal original_email, email
|
|
|
|
end
|
|
|
|
|
2013-01-09 12:41:20 -05:00
|
|
|
test "doesn't throw exception when globally configured strip_whitespace_keys are not present on a model" do
|
2014-02-25 11:42:55 -05:00
|
|
|
swap Devise, strip_whitespace_keys: [:fake_key] do
|
2013-01-09 12:41:20 -05:00
|
|
|
assert_nothing_raised { create_user }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
test "doesn't throw exception when globally configured case_insensitive_keys are not present on a model" do
|
2014-02-25 11:42:55 -05:00
|
|
|
swap Devise, case_insensitive_keys: [:fake_key] do
|
2013-01-09 12:41:20 -05:00
|
|
|
assert_nothing_raised { create_user }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2011-11-10 07:14:02 -05:00
|
|
|
test "param filter should not convert booleans and integer to strings" do
|
2013-01-26 13:42:25 -05:00
|
|
|
conditions = { "login" => "foo@bar.com", "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
|
2013-06-19 03:17:54 -04:00
|
|
|
conditions = Devise::ParameterFilter.new([], []).filter(conditions)
|
2013-01-26 13:42:25 -05:00
|
|
|
assert_equal( { "login" => "foo@bar.com", "bool1" => "true", "bool2" => "false", "fixnum" => "123", "will_be_converted" => "1..10" }, conditions)
|
2011-12-14 11:41:24 -05:00
|
|
|
end
|
|
|
|
|
2013-05-04 19:02:48 -04:00
|
|
|
test 'param filter should filter case_insensitive_keys as insensitive' do
|
|
|
|
conditions = {'insensitive' => 'insensitive_VAL', 'sensitive' => 'sensitive_VAL'}
|
2013-06-19 03:17:54 -04:00
|
|
|
conditions = Devise::ParameterFilter.new(['insensitive'], []).filter(conditions)
|
2013-05-04 19:02:48 -04:00
|
|
|
assert_equal( {'insensitive' => 'insensitive_val', 'sensitive' => 'sensitive_VAL'}, conditions )
|
|
|
|
end
|
|
|
|
|
|
|
|
test 'param filter should filter strip_whitespace_keys stripping whitespaces' do
|
|
|
|
conditions = {'strip_whitespace' => ' strip_whitespace_val ', 'do_not_strip_whitespace' => ' do_not_strip_whitespace_val '}
|
2013-06-19 03:17:54 -04:00
|
|
|
conditions = Devise::ParameterFilter.new([], ['strip_whitespace']).filter(conditions)
|
2013-05-04 19:02:48 -04:00
|
|
|
assert_equal( {'strip_whitespace' => 'strip_whitespace_val', 'do_not_strip_whitespace' => ' do_not_strip_whitespace_val '}, conditions )
|
|
|
|
end
|
|
|
|
|
2009-09-17 08:24:33 -04:00
|
|
|
test 'should respond to password and password confirmation' do
|
|
|
|
user = new_user
|
|
|
|
assert user.respond_to?(:password)
|
|
|
|
assert user.respond_to?(:password_confirmation)
|
|
|
|
end
|
|
|
|
|
2016-02-10 14:00:49 -05:00
|
|
|
test 'should generate a hashed password while setting password' do
|
2009-11-24 20:19:12 -05:00
|
|
|
user = new_user
|
|
|
|
assert_present user.encrypted_password
|
2009-10-08 19:57:10 -04:00
|
|
|
end
|
|
|
|
|
2016-02-10 14:00:49 -05:00
|
|
|
test 'should support custom hashing methods' do
|
|
|
|
user = UserWithCustomHashing.new(password: '654321')
|
2013-11-08 13:22:31 -05:00
|
|
|
assert_equal user.encrypted_password, '123456'
|
|
|
|
end
|
|
|
|
|
2016-02-10 14:00:49 -05:00
|
|
|
test 'allow authenticatable_salt to work even with nil hashed password' do
|
2010-11-11 16:51:19 -05:00
|
|
|
user = User.new
|
|
|
|
user.encrypted_password = nil
|
|
|
|
assert_nil user.authenticatable_salt
|
|
|
|
end
|
|
|
|
|
2016-02-10 14:00:49 -05:00
|
|
|
test 'should not generate a hashed password if password is blank' do
|
2014-02-25 11:42:55 -05:00
|
|
|
assert_blank new_user(password: nil).encrypted_password
|
|
|
|
assert_blank new_user(password: '').encrypted_password
|
2009-09-17 08:24:33 -04:00
|
|
|
end
|
|
|
|
|
2016-02-10 14:00:49 -05:00
|
|
|
test 'should hash password again if password has changed' do
|
2009-09-17 08:24:33 -04:00
|
|
|
user = create_user
|
|
|
|
encrypted_password = user.encrypted_password
|
2009-10-08 19:57:10 -04:00
|
|
|
user.password = user.password_confirmation = 'new_password'
|
|
|
|
user.save!
|
2009-09-17 08:24:33 -04:00
|
|
|
assert_not_equal encrypted_password, user.encrypted_password
|
|
|
|
end
|
|
|
|
|
2009-09-17 10:06:46 -04:00
|
|
|
test 'should test for a valid password' do
|
|
|
|
user = create_user
|
2012-07-06 10:46:46 -04:00
|
|
|
assert user.valid_password?('12345678')
|
2016-05-03 12:57:10 -04:00
|
|
|
refute user.valid_password?('654321')
|
2009-09-17 10:06:46 -04:00
|
|
|
end
|
|
|
|
|
2011-04-16 02:13:17 -04:00
|
|
|
test 'should not raise error with an empty password' do
|
|
|
|
user = create_user
|
|
|
|
user.encrypted_password = ''
|
2012-07-06 10:46:46 -04:00
|
|
|
assert_nothing_raised { user.valid_password?('12345678') }
|
2011-04-16 02:13:17 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
test 'should be an invalid password if the user has an empty password' do
|
|
|
|
user = create_user
|
|
|
|
user.encrypted_password = ''
|
2016-05-03 12:57:10 -04:00
|
|
|
refute user.valid_password?('654321')
|
2011-04-16 02:13:17 -04:00
|
|
|
end
|
|
|
|
|
2010-02-08 14:38:47 -05:00
|
|
|
test 'should respond to current password' do
|
|
|
|
assert new_user.respond_to?(:current_password)
|
2009-12-14 20:25:45 -05:00
|
|
|
end
|
|
|
|
|
2010-02-08 17:14:03 -05:00
|
|
|
test 'should update password with valid current password' do
|
2009-12-14 19:55:55 -05:00
|
|
|
user = create_user
|
2014-02-25 11:42:55 -05:00
|
|
|
assert user.update_with_password(current_password: '12345678',
|
|
|
|
password: 'pass4321', password_confirmation: 'pass4321')
|
2012-07-06 10:46:46 -04:00
|
|
|
assert user.reload.valid_password?('pass4321')
|
2009-12-14 19:55:55 -05:00
|
|
|
end
|
2012-02-17 11:52:42 -05:00
|
|
|
|
2010-02-08 17:14:03 -05:00
|
|
|
test 'should add an error to current password when it is invalid' do
|
2009-12-14 19:55:55 -05:00
|
|
|
user = create_user
|
2016-05-03 12:57:10 -04:00
|
|
|
refute user.update_with_password(current_password: 'other',
|
2014-02-25 11:42:55 -05:00
|
|
|
password: 'pass4321', password_confirmation: 'pass4321')
|
2012-07-06 10:46:46 -04:00
|
|
|
assert user.reload.valid_password?('12345678')
|
2010-02-16 11:00:36 -05:00
|
|
|
assert_match "is invalid", user.errors[:current_password].join
|
2009-12-14 19:55:55 -05:00
|
|
|
end
|
|
|
|
|
2010-02-08 17:14:03 -05:00
|
|
|
test 'should add an error to current password when it is blank' do
|
|
|
|
user = create_user
|
2016-05-03 12:57:10 -04:00
|
|
|
refute user.update_with_password(password: 'pass4321',
|
2014-02-25 11:42:55 -05:00
|
|
|
password_confirmation: 'pass4321')
|
2012-07-06 10:46:46 -04:00
|
|
|
assert user.reload.valid_password?('12345678')
|
2010-02-16 11:00:36 -05:00
|
|
|
assert_match "can't be blank", user.errors[:current_password].join
|
2010-02-08 17:14:03 -05:00
|
|
|
end
|
|
|
|
|
2011-06-21 20:45:07 -04:00
|
|
|
test 'should run validations even when current password is invalid or blank' do
|
|
|
|
user = UserWithValidation.create!(valid_attributes)
|
|
|
|
user.save
|
|
|
|
assert user.persisted?
|
2016-05-03 12:57:10 -04:00
|
|
|
refute user.update_with_password(username: "")
|
2011-06-21 20:45:07 -04:00
|
|
|
assert_match "usertest", user.reload.username
|
|
|
|
assert_match "can't be blank", user.errors[:username].join
|
|
|
|
end
|
|
|
|
|
2010-02-08 17:14:03 -05:00
|
|
|
test 'should ignore password and its confirmation if they are blank' do
|
|
|
|
user = create_user
|
2014-02-25 11:42:55 -05:00
|
|
|
assert user.update_with_password(current_password: '12345678', email: "new@example.com")
|
2011-04-17 21:14:56 -04:00
|
|
|
assert_equal "new@example.com", user.email
|
2010-02-08 17:14:03 -05:00
|
|
|
end
|
|
|
|
|
2009-12-14 19:55:55 -05:00
|
|
|
test 'should not update password with invalid confirmation' do
|
|
|
|
user = create_user
|
2016-05-03 12:57:10 -04:00
|
|
|
refute user.update_with_password(current_password: '12345678',
|
2014-02-25 11:42:55 -05:00
|
|
|
password: 'pass4321', password_confirmation: 'other')
|
2012-07-06 10:46:46 -04:00
|
|
|
assert user.reload.valid_password?('12345678')
|
2009-12-14 19:55:55 -05:00
|
|
|
end
|
2010-02-08 17:14:03 -05:00
|
|
|
|
|
|
|
test 'should clean up password fields on failure' do
|
|
|
|
user = create_user
|
2016-05-03 12:57:10 -04:00
|
|
|
refute user.update_with_password(current_password: '12345678',
|
2014-02-25 11:42:55 -05:00
|
|
|
password: 'pass4321', password_confirmation: 'other')
|
2010-02-08 17:14:03 -05:00
|
|
|
assert user.password.blank?
|
|
|
|
assert user.password_confirmation.blank?
|
|
|
|
end
|
2011-04-16 06:52:59 -04:00
|
|
|
|
2011-05-05 03:24:21 -04:00
|
|
|
test 'should update the user without password' do
|
|
|
|
user = create_user
|
2014-02-25 11:42:55 -05:00
|
|
|
user.update_without_password(email: 'new@example.com')
|
2011-05-05 03:24:21 -04:00
|
|
|
assert_equal 'new@example.com', user.email
|
|
|
|
end
|
2012-02-17 11:52:42 -05:00
|
|
|
|
2011-05-05 03:24:21 -04:00
|
|
|
test 'should not update password without password' do
|
|
|
|
user = create_user
|
2014-02-25 11:42:55 -05:00
|
|
|
user.update_without_password(password: 'pass4321', password_confirmation: 'pass4321')
|
2012-07-06 10:46:46 -04:00
|
|
|
assert !user.reload.valid_password?('pass4321')
|
|
|
|
assert user.valid_password?('12345678')
|
2011-05-05 03:24:21 -04:00
|
|
|
end
|
|
|
|
|
2013-04-29 09:06:13 -04:00
|
|
|
test 'should destroy user if current password is valid' do
|
|
|
|
user = create_user
|
|
|
|
assert user.destroy_with_password('12345678')
|
2013-05-07 10:55:12 -04:00
|
|
|
assert !user.persisted?
|
2013-04-29 09:06:13 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
test 'should not destroy user with invalid password' do
|
|
|
|
user = create_user
|
2016-05-03 12:57:10 -04:00
|
|
|
refute user.destroy_with_password('other')
|
2013-05-07 10:55:12 -04:00
|
|
|
assert user.persisted?
|
2013-04-29 09:06:13 -04:00
|
|
|
assert_match "is invalid", user.errors[:current_password].join
|
|
|
|
end
|
|
|
|
|
|
|
|
test 'should not destroy user with blank password' do
|
|
|
|
user = create_user
|
2016-05-03 12:57:10 -04:00
|
|
|
refute user.destroy_with_password(nil)
|
2013-05-07 10:55:12 -04:00
|
|
|
assert user.persisted?
|
2013-04-29 09:06:13 -04:00
|
|
|
assert_match "can't be blank", user.errors[:current_password].join
|
|
|
|
end
|
|
|
|
|
2015-06-19 15:21:10 -04:00
|
|
|
test 'should not email on password change' do
|
|
|
|
user = create_user
|
|
|
|
assert_email_not_sent do
|
|
|
|
assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-03-06 14:34:38 -05:00
|
|
|
test 'should notify previous email on email change when configured' do
|
2017-03-10 06:56:33 -05:00
|
|
|
swap Devise, send_email_changed_notification: true do
|
2017-03-06 14:34:38 -05:00
|
|
|
user = create_user
|
|
|
|
original_email = user.email
|
|
|
|
assert_email_sent original_email do
|
|
|
|
assert user.update_attributes(email: 'new-email@example.com')
|
|
|
|
end
|
|
|
|
assert_match original_email, ActionMailer::Base.deliveries.last.body.encoded
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
test 'should notify email on password change when configured' do
|
2015-06-24 11:50:43 -04:00
|
|
|
swap Devise, send_password_change_notification: true do
|
|
|
|
user = create_user
|
|
|
|
assert_email_sent user.email do
|
|
|
|
assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass')
|
|
|
|
end
|
2017-03-06 14:34:38 -05:00
|
|
|
assert_match user.email, ActionMailer::Base.deliveries.last.body.encoded
|
2015-06-19 15:21:10 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2011-04-16 06:52:59 -04:00
|
|
|
test 'downcase_keys with validation' do
|
2014-02-25 11:42:55 -05:00
|
|
|
User.create(email: "HEllO@example.com", password: "123456")
|
|
|
|
user = User.create(email: "HEllO@example.com", password: "123456")
|
2011-04-16 06:52:59 -04:00
|
|
|
assert !user.valid?
|
|
|
|
end
|
2012-02-17 11:52:42 -05:00
|
|
|
|
2013-11-28 06:00:59 -05:00
|
|
|
test 'required_fields should be encryptable_password and the email field by default' do
|
2016-05-03 13:18:35 -04:00
|
|
|
assert_equal Devise::Models::DatabaseAuthenticatable.required_fields(User), [
|
|
|
|
:encrypted_password,
|
|
|
|
:email
|
2012-02-17 11:52:42 -05:00
|
|
|
]
|
|
|
|
end
|
|
|
|
|
|
|
|
test 'required_fields should be encryptable_password and the login when the login is on authentication_keys' do
|
2014-02-25 11:42:55 -05:00
|
|
|
swap Devise, authentication_keys: [:login] do
|
2016-05-03 13:18:35 -04:00
|
|
|
assert_equal Devise::Models::DatabaseAuthenticatable.required_fields(User), [
|
2012-02-17 11:52:42 -05:00
|
|
|
:encrypted_password,
|
|
|
|
:login
|
|
|
|
]
|
|
|
|
end
|
|
|
|
end
|
2012-07-06 10:46:46 -04:00
|
|
|
end
|