rails--rails/activemodel/test/cases/secure_password_test.rb

require 'cases/helper'
require 'models/user'
require 'models/oauthed_user'
require 'models/visitor'
require 'models/administrator'

class SecurePasswordTest < ActiveModel::TestCase

  setup do
    @user = User.new
    @visitor = Visitor.new
    @oauthed_user = OauthedUser.new
  end

  test "blank password" do
    @user.password = @visitor.password = ''
    assert !@user.valid?(:create), 'user should be invalid'
    assert @visitor.valid?(:create), 'visitor should be valid'
  end

  test "nil password" do
    @user.password = @visitor.password = nil
    assert !@user.valid?(:create), 'user should be invalid'
    assert @visitor.valid?(:create), 'visitor should be valid'
  end

  test "blank password doesn't override previous password" do
    @user.password = 'test'
    @user.password = ''
    assert_equal @user.password, 'test'
  end

  test "password must be present" do
    assert !@user.valid?(:create)
    assert_equal 1, @user.errors.size
  end

  test "match confirmation" do
    @user.password = @visitor.password = "thiswillberight"
    @user.password_confirmation = @visitor.password_confirmation = "wrong"

    assert !@user.valid?
    assert @visitor.valid?

    @user.password_confirmation = "thiswillberight"

    assert @user.valid?
  end

  test "authenticate" do
    @user.password = "secret"

    assert !@user.authenticate("wrong")
    assert @user.authenticate("secret")
  end

  test "User should not be created with blank digest" do
    assert_raise RuntimeError do
      @user.run_callbacks :create
    end
    @user.password = "supersecretpassword"
    assert_nothing_raised do
      @user.run_callbacks :create
    end
  end
  
  test "Oauthed user can be created with blank digest" do
    assert_nothing_raised do
      @oauthed_user.run_callbacks :create
    end
  end
end
Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePassword) to encapsulate dead-simple password usage with SHA2 encryption and salting 2010-12-18 16:38:05 -05:00			`require 'cases/helper'`
			`require 'models/user'`
has_secure_password should not raise a 'digest missing' error if the calling class has specified for validations to be skipped. 2012-07-31 16:16:21 -04:00			`require 'models/oauthed_user'`
Override attributes_protected_by_default when has_secure_password is called. attr_protected should not be called, because it nullifies the mass assignment protection that has been set by attr_accessible. Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> 2011-01-25 21:35:02 -05:00			`require 'models/visitor'`
			`require 'models/administrator'`
Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePassword) to encapsulate dead-simple password usage with SHA2 encryption and salting 2010-12-18 16:38:05 -05:00
			`class SecurePasswordTest < ActiveModel::TestCase`
Added ability to specify which passwords you want as weak passwords 2010-12-19 04:39:54 -05:00
Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePassword) to encapsulate dead-simple password usage with SHA2 encryption and salting 2010-12-18 16:38:05 -05:00			`setup do`
			`@user = User.new`
Updated tests for has_secure_password. 2012-05-08 18:54:47 -04:00			`@visitor = Visitor.new`
has_secure_password should not raise a 'digest missing' error if the calling class has specified for validations to be skipped. 2012-07-31 16:16:21 -04:00			`@oauthed_user = OauthedUser.new`
Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePassword) to encapsulate dead-simple password usage with SHA2 encryption and salting 2010-12-18 16:38:05 -05:00			`end`

bcrypt will encrypt anything, so validate_presence_of would not catch nil / blank passwords. Thank you to Aleksander Kamil Modzelewski for reporting this 2011-04-14 17:54:25 -04:00			`test "blank password" do`
Updated tests for has_secure_password. 2012-05-08 18:54:47 -04:00			`@user.password = @visitor.password = ''`
			`assert !@user.valid?(:create), 'user should be invalid'`
			`assert @visitor.valid?(:create), 'visitor should be valid'`
bcrypt will encrypt anything, so validate_presence_of would not catch nil / blank passwords. Thank you to Aleksander Kamil Modzelewski for reporting this 2011-04-14 17:54:25 -04:00			`end`

			`test "nil password" do`
Updated tests for has_secure_password. 2012-05-08 18:54:47 -04:00			`@user.password = @visitor.password = nil`
			`assert !@user.valid?(:create), 'user should be invalid'`
			`assert @visitor.valid?(:create), 'visitor should be valid'`
bcrypt will encrypt anything, so validate_presence_of would not catch nil / blank passwords. Thank you to Aleksander Kamil Modzelewski for reporting this 2011-04-14 17:54:25 -04:00			`end`

Fix secure_password setter 2012-04-24 13:16:01 -04:00			`test "blank password doesn't override previous password" do`
			`@user.password = 'test'`
			`@user.password = ''`
			`assert_equal @user.password, 'test'`
			`end`

Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePassword) to encapsulate dead-simple password usage with SHA2 encryption and salting 2010-12-18 16:38:05 -05:00			`test "password must be present" do`
Updated tests for has_secure_password. 2012-05-08 18:54:47 -04:00			`assert !@user.valid?(:create)`
Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePassword) to encapsulate dead-simple password usage with SHA2 encryption and salting 2010-12-18 16:38:05 -05:00			`assert_equal 1, @user.errors.size`
			`end`
Added ability to specify which passwords you want as weak passwords 2010-12-19 04:39:54 -05:00
Updated tests for has_secure_password. 2012-05-08 18:54:47 -04:00			`test "match confirmation" do`
			`@user.password = @visitor.password = "thiswillberight"`
			`@user.password_confirmation = @visitor.password_confirmation = "wrong"`
Added ability to specify which passwords you want as weak passwords 2010-12-19 04:39:54 -05:00
Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePassword) to encapsulate dead-simple password usage with SHA2 encryption and salting 2010-12-18 16:38:05 -05:00			`assert !@user.valid?`
Updated tests for has_secure_password. 2012-05-08 18:54:47 -04:00			`assert @visitor.valid?`
Added ability to specify which passwords you want as weak passwords 2010-12-19 04:39:54 -05:00
Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePassword) to encapsulate dead-simple password usage with SHA2 encryption and salting 2010-12-18 16:38:05 -05:00			`@user.password_confirmation = "thiswillberight"`
Added ability to specify which passwords you want as weak passwords 2010-12-19 04:39:54 -05:00
Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePassword) to encapsulate dead-simple password usage with SHA2 encryption and salting 2010-12-18 16:38:05 -05:00			`assert @user.valid?`
			`end`
Added ability to specify which passwords you want as weak passwords 2010-12-19 04:39:54 -05:00
Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePassword) to encapsulate dead-simple password usage with SHA2 encryption and salting 2010-12-18 16:38:05 -05:00			`test "authenticate" do`
			`@user.password = "secret"`
Added ability to specify which passwords you want as weak passwords 2010-12-19 04:39:54 -05:00
Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePassword) to encapsulate dead-simple password usage with SHA2 encryption and salting 2010-12-18 16:38:05 -05:00			`assert !@user.authenticate("wrong")`
			`assert @user.authenticate("secret")`
			`end`
Override attributes_protected_by_default when has_secure_password is called. attr_protected should not be called, because it nullifies the mass assignment protection that has been set by attr_accessible. Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> 2011-01-25 21:35:02 -05:00
Updated tests for has_secure_password. 2012-05-08 18:54:47 -04:00			`test "User should not be created with blank digest" do`
Cleanup trailing whitespaces 2012-10-12 03:56:39 -04:00			`assert_raise RuntimeError do`
Updated tests for has_secure_password. 2012-05-08 18:54:47 -04:00			`@user.run_callbacks :create`
			`end`
			`@user.password = "supersecretpassword"`
			`assert_nothing_raised do`
			`@user.run_callbacks :create`
			`end`
			`end`
has_secure_password should not raise a 'digest missing' error if the calling class has specified for validations to be skipped. 2012-07-31 16:16:21 -04:00
			`test "Oauthed user can be created with blank digest" do`
			`assert_nothing_raised do`
			`@oauthed_user.run_callbacks :create`
			`end`
			`end`
Remove weak_passwords list and the length/strong password validator, leave that up to the programmer 2010-12-19 11:58:14 -05:00			`end`