Merge pull request #2115 from latortuga/1994-paranoid-locking
Add failing test for Issue #1994
This commit is contained in:
commit
8ee1591868
|
@ -105,7 +105,11 @@ module Devise
|
|||
end
|
||||
|
||||
def unauthenticated_message
|
||||
if lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?
|
||||
# If set to paranoid mode, do not show the locked message because it
|
||||
# leaks the existence of an account.
|
||||
if Devise.paranoid
|
||||
super
|
||||
elsif lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?
|
||||
:locked
|
||||
else
|
||||
super
|
||||
|
|
|
@ -221,4 +221,22 @@ class LockTest < ActionController::IntegrationTest
|
|||
end
|
||||
end
|
||||
|
||||
test "in paranoid mode, when locking a user that exists it should not say that the user was locked" do
|
||||
swap Devise, :paranoid => true, :maximum_attempts => 1 do
|
||||
user = create_user(:locked => false)
|
||||
|
||||
visit new_user_session_path
|
||||
fill_in 'email', :with => user.email
|
||||
fill_in 'password', :with => "abadpassword"
|
||||
click_button 'Sign in'
|
||||
|
||||
fill_in 'email', :with => user.email
|
||||
fill_in 'password', :with => "abadpassword"
|
||||
click_button 'Sign in'
|
||||
|
||||
assert_current_url "/users/sign_in"
|
||||
assert_not_contain "locked"
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -260,4 +260,14 @@ class LockableTest < ActiveSupport::TestCase
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
test 'should not return a locked unauthenticated message if in paranoid mode' do
|
||||
swap Devise, :paranoid => :true do
|
||||
user = create_user
|
||||
user.failed_attempts = Devise.maximum_attempts + 1
|
||||
user.lock_access!
|
||||
|
||||
assert_equal :invalid, user.unauthenticated_message
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue