1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00
heartcombo--devise/test/models/database_authenticatable_test.rb
George Guimarães c4b4411513 Change encryption for hashing in the documentation.
Throughout the documentations, we are using 'encrypt' incorrectly.
Encrypt means that someone will eventually decrypt the message,
which is obviously not the case for Devise.

I'm changing the docs to use 'hashing' instead.

However, I left the database field as `encrypted_password` for now.
I'll update the db field in an upcoming PR.
2016-02-10 17:10:52 -02:00

269 lines
9.4 KiB
Ruby

require 'test_helper'
require 'test_models'
require 'digest/sha1'
class DatabaseAuthenticatableTest < ActiveSupport::TestCase
def setup
setup_mailer
end
test 'should downcase case insensitive keys when saving' do
# case_insensitive_keys is set to :email by default.
email = 'Foo@Bar.com'
user = new_user(email: email)
assert_equal email, user.email
user.save!
assert_equal email.downcase, user.email
end
test 'should downcase case insensitive keys that refer to virtual attributes when saving' do
email = 'Foo@Bar1.com'
confirmation = 'Foo@Bar1.com'
attributes = valid_attributes(email: email, email_confirmation: confirmation)
user = UserWithVirtualAttributes.new(attributes)
assert_equal confirmation, user.email_confirmation
user.save!
assert_equal confirmation.downcase, user.email_confirmation
end
test 'should not mutate value assigned to case insensitive key' do
email = 'Foo@Bar.com'
original_email = email.dup
user = new_user(email: email)
user.save!
assert_equal original_email, email
end
test 'should remove whitespace from strip whitespace keys when saving' do
# strip_whitespace_keys is set to :email by default.
email = ' foo@bar.com '
user = new_user(email: email)
assert_equal email, user.email
user.save!
assert_equal email.strip, user.email
end
test 'should not mutate value assigned to string whitespace key' do
email = ' foo@bar.com '
original_email = email.dup
user = new_user(email: email)
user.save!
assert_equal original_email, email
end
test "doesn't throw exception when globally configured strip_whitespace_keys are not present on a model" do
swap Devise, strip_whitespace_keys: [:fake_key] do
assert_nothing_raised { create_user }
end
end
test "doesn't throw exception when globally configured case_insensitive_keys are not present on a model" do
swap Devise, case_insensitive_keys: [:fake_key] do
assert_nothing_raised { create_user }
end
end
test "param filter should not convert booleans and integer to strings" do
conditions = { "login" => "foo@bar.com", "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
conditions = Devise::ParameterFilter.new([], []).filter(conditions)
assert_equal( { "login" => "foo@bar.com", "bool1" => "true", "bool2" => "false", "fixnum" => "123", "will_be_converted" => "1..10" }, conditions)
end
test 'param filter should filter case_insensitive_keys as insensitive' do
conditions = {'insensitive' => 'insensitive_VAL', 'sensitive' => 'sensitive_VAL'}
conditions = Devise::ParameterFilter.new(['insensitive'], []).filter(conditions)
assert_equal( {'insensitive' => 'insensitive_val', 'sensitive' => 'sensitive_VAL'}, conditions )
end
test 'param filter should filter strip_whitespace_keys stripping whitespaces' do
conditions = {'strip_whitespace' => ' strip_whitespace_val ', 'do_not_strip_whitespace' => ' do_not_strip_whitespace_val '}
conditions = Devise::ParameterFilter.new([], ['strip_whitespace']).filter(conditions)
assert_equal( {'strip_whitespace' => 'strip_whitespace_val', 'do_not_strip_whitespace' => ' do_not_strip_whitespace_val '}, conditions )
end
test 'should respond to password and password confirmation' do
user = new_user
assert user.respond_to?(:password)
assert user.respond_to?(:password_confirmation)
end
test 'should generate a hashed password while setting password' do
user = new_user
assert_present user.encrypted_password
end
test 'should support custom hashing methods' do
user = UserWithCustomHashing.new(password: '654321')
assert_equal user.encrypted_password, '123456'
end
test 'allow authenticatable_salt to work even with nil hashed password' do
user = User.new
user.encrypted_password = nil
assert_nil user.authenticatable_salt
end
test 'should not generate a hashed password if password is blank' do
assert_blank new_user(password: nil).encrypted_password
assert_blank new_user(password: '').encrypted_password
end
test 'should hash password again if password has changed' do
user = create_user
encrypted_password = user.encrypted_password
user.password = user.password_confirmation = 'new_password'
user.save!
assert_not_equal encrypted_password, user.encrypted_password
end
test 'should test for a valid password' do
user = create_user
assert user.valid_password?('12345678')
assert_not user.valid_password?('654321')
end
test 'should not raise error with an empty password' do
user = create_user
user.encrypted_password = ''
assert_nothing_raised { user.valid_password?('12345678') }
end
test 'should be an invalid password if the user has an empty password' do
user = create_user
user.encrypted_password = ''
assert_not user.valid_password?('654321')
end
test 'should respond to current password' do
assert new_user.respond_to?(:current_password)
end
test 'should update password with valid current password' do
user = create_user
assert user.update_with_password(current_password: '12345678',
password: 'pass4321', password_confirmation: 'pass4321')
assert user.reload.valid_password?('pass4321')
end
test 'should add an error to current password when it is invalid' do
user = create_user
assert_not user.update_with_password(current_password: 'other',
password: 'pass4321', password_confirmation: 'pass4321')
assert user.reload.valid_password?('12345678')
assert_match "is invalid", user.errors[:current_password].join
end
test 'should add an error to current password when it is blank' do
user = create_user
assert_not user.update_with_password(password: 'pass4321',
password_confirmation: 'pass4321')
assert user.reload.valid_password?('12345678')
assert_match "can't be blank", user.errors[:current_password].join
end
test 'should run validations even when current password is invalid or blank' do
user = UserWithValidation.create!(valid_attributes)
user.save
assert user.persisted?
assert_not user.update_with_password(username: "")
assert_match "usertest", user.reload.username
assert_match "can't be blank", user.errors[:username].join
end
test 'should ignore password and its confirmation if they are blank' do
user = create_user
assert user.update_with_password(current_password: '12345678', email: "new@example.com")
assert_equal "new@example.com", user.email
end
test 'should not update password with invalid confirmation' do
user = create_user
assert_not user.update_with_password(current_password: '12345678',
password: 'pass4321', password_confirmation: 'other')
assert user.reload.valid_password?('12345678')
end
test 'should clean up password fields on failure' do
user = create_user
assert_not user.update_with_password(current_password: '12345678',
password: 'pass4321', password_confirmation: 'other')
assert user.password.blank?
assert user.password_confirmation.blank?
end
test 'should update the user without password' do
user = create_user
user.update_without_password(email: 'new@example.com')
assert_equal 'new@example.com', user.email
end
test 'should not update password without password' do
user = create_user
user.update_without_password(password: 'pass4321', password_confirmation: 'pass4321')
assert !user.reload.valid_password?('pass4321')
assert user.valid_password?('12345678')
end
test 'should destroy user if current password is valid' do
user = create_user
assert user.destroy_with_password('12345678')
assert !user.persisted?
end
test 'should not destroy user with invalid password' do
user = create_user
assert_not user.destroy_with_password('other')
assert user.persisted?
assert_match "is invalid", user.errors[:current_password].join
end
test 'should not destroy user with blank password' do
user = create_user
assert_not user.destroy_with_password(nil)
assert user.persisted?
assert_match "can't be blank", user.errors[:current_password].join
end
test 'should not email on password change' do
user = create_user
assert_email_not_sent do
assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass')
end
end
test 'should email on password change when configured' do
swap Devise, send_password_change_notification: true do
user = create_user
assert_email_sent user.email do
assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass')
end
end
end
test 'downcase_keys with validation' do
User.create(email: "HEllO@example.com", password: "123456")
user = User.create(email: "HEllO@example.com", password: "123456")
assert !user.valid?
end
test 'required_fields should be encryptable_password and the email field by default' do
assert_same_content Devise::Models::DatabaseAuthenticatable.required_fields(User), [
:email,
:encrypted_password
]
end
test 'required_fields should be encryptable_password and the login when the login is on authentication_keys' do
swap Devise, authentication_keys: [:login] do
assert_same_content Devise::Models::DatabaseAuthenticatable.required_fields(User), [
:encrypted_password,
:login
]
end
end
end