kotovalexarian-likes-github/heartcombo--devise
1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00
Code Releases Activity

Add failing test for Issue #1994

Browse source 
Lockable should not leak information about account existence if paranoid
mode is on.
This commit is contained in:
Drew Ulmer 2012-10-25 16:20:21 -05:00
parent f796439cf2
commit f79bb31ee6
1 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
test/integration/lockable_test.rb
View file

@ -221,4 +221,22 @@ class LockTest < ActionController::IntegrationTest
end
end
test "in paranoid mode, when locking a user that exists it should not say that the user was locked" do
swap Devise, :paranoid => true, :maximum_attempts => 1 do
user = create_user(:locked => false)
visit new_user_session_path
fill_in 'email', :with => user.email
fill_in 'password', :with => "abadpassword"
click_button 'Sign in'
fill_in 'email', :with => user.email
fill_in 'password', :with => "abadpassword"
click_button 'Sign in'
assert_current_url "/users/sign_in"
assert_not_contain "locked"
end
end
end