2010-12-18 21:38:05 +00:00
|
|
|
require 'cases/helper'
|
|
|
|
require 'models/user'
|
2011-01-26 02:35:02 +00:00
|
|
|
require 'models/visitor'
|
2010-12-18 21:38:05 +00:00
|
|
|
|
|
|
|
class SecurePasswordTest < ActiveModel::TestCase
|
|
|
|
setup do
|
2014-03-11 07:34:51 +00:00
|
|
|
# Used only to speed up tests
|
2014-03-10 13:22:22 +00:00
|
|
|
@original_min_cost = ActiveModel::SecurePassword.min_cost
|
2012-11-20 01:07:12 +00:00
|
|
|
ActiveModel::SecurePassword.min_cost = true
|
|
|
|
|
2010-12-18 21:38:05 +00:00
|
|
|
@user = User.new
|
2012-05-08 22:54:47 +00:00
|
|
|
@visitor = Visitor.new
|
2014-01-20 13:06:03 +00:00
|
|
|
|
|
|
|
# Simulate loading an existing user from the DB
|
|
|
|
@existing_user = User.new
|
|
|
|
@existing_user.password_digest = BCrypt::Password.create('password', cost: BCrypt::Engine::MIN_COST)
|
2010-12-18 21:38:05 +00:00
|
|
|
end
|
|
|
|
|
2012-11-20 01:07:12 +00:00
|
|
|
teardown do
|
2014-03-10 13:22:22 +00:00
|
|
|
ActiveModel::SecurePassword.min_cost = @original_min_cost
|
2012-11-20 01:07:12 +00:00
|
|
|
end
|
|
|
|
|
2014-01-20 13:06:03 +00:00
|
|
|
test "create and updating without validations" do
|
2012-05-08 22:54:47 +00:00
|
|
|
assert @visitor.valid?(:create), 'visitor should be valid'
|
2014-01-20 13:06:03 +00:00
|
|
|
assert @visitor.valid?(:update), 'visitor should be valid'
|
|
|
|
|
|
|
|
@visitor.password = '123'
|
|
|
|
@visitor.password_confirmation = '456'
|
2011-04-14 21:54:25 +00:00
|
|
|
|
2012-05-08 22:54:47 +00:00
|
|
|
assert @visitor.valid?(:create), 'visitor should be valid'
|
2014-01-20 13:06:03 +00:00
|
|
|
assert @visitor.valid?(:update), 'visitor should be valid'
|
2011-04-14 21:54:25 +00:00
|
|
|
end
|
|
|
|
|
2014-01-20 13:06:03 +00:00
|
|
|
test "create a new user with validation and a blank password" do
|
2012-04-24 17:16:01 +00:00
|
|
|
@user.password = ''
|
2014-01-20 13:06:03 +00:00
|
|
|
assert !@user.valid?(:create), 'user should be invalid'
|
|
|
|
assert_equal 1, @user.errors.count
|
|
|
|
assert_equal ["can't be blank"], @user.errors[:password]
|
|
|
|
end
|
|
|
|
|
|
|
|
test "create a new user with validation and a nil password" do
|
|
|
|
@user.password = nil
|
|
|
|
assert !@user.valid?(:create), 'user should be invalid'
|
|
|
|
assert_equal 1, @user.errors.count
|
|
|
|
assert_equal ["can't be blank"], @user.errors[:password]
|
|
|
|
end
|
|
|
|
|
|
|
|
test "create a new user with validation and a blank password confirmation" do
|
|
|
|
@user.password = 'password'
|
|
|
|
@user.password_confirmation = ''
|
|
|
|
assert !@user.valid?(:create), 'user should be invalid'
|
|
|
|
assert_equal 1, @user.errors.count
|
|
|
|
assert_equal ["doesn't match Password"], @user.errors[:password_confirmation]
|
2012-04-24 17:16:01 +00:00
|
|
|
end
|
|
|
|
|
2014-01-20 13:06:03 +00:00
|
|
|
test "create a new user with validation and a nil password confirmation" do
|
|
|
|
@user.password = 'password'
|
|
|
|
@user.password_confirmation = nil
|
|
|
|
assert @user.valid?(:create), 'user should be valid'
|
2010-12-18 21:38:05 +00:00
|
|
|
end
|
2010-12-19 09:39:54 +00:00
|
|
|
|
2014-01-20 13:06:03 +00:00
|
|
|
test "create a new user with validation and an incorrect password confirmation" do
|
|
|
|
@user.password = 'password'
|
|
|
|
@user.password_confirmation = 'something else'
|
|
|
|
assert !@user.valid?(:create), 'user should be invalid'
|
|
|
|
assert_equal 1, @user.errors.count
|
|
|
|
assert_equal ["doesn't match Password"], @user.errors[:password_confirmation]
|
|
|
|
end
|
2010-12-19 09:39:54 +00:00
|
|
|
|
2014-01-20 13:06:03 +00:00
|
|
|
test "create a new user with validation and a correct password confirmation" do
|
|
|
|
@user.password = 'password'
|
|
|
|
@user.password_confirmation = 'something else'
|
|
|
|
assert !@user.valid?(:create), 'user should be invalid'
|
|
|
|
assert_equal 1, @user.errors.count
|
|
|
|
assert_equal ["doesn't match Password"], @user.errors[:password_confirmation]
|
|
|
|
end
|
2010-12-19 09:39:54 +00:00
|
|
|
|
2014-01-20 13:06:03 +00:00
|
|
|
test "update an existing user with validation and no change in password" do
|
|
|
|
assert @existing_user.valid?(:update), 'user should be valid'
|
|
|
|
end
|
2010-12-19 09:39:54 +00:00
|
|
|
|
2014-01-20 13:06:03 +00:00
|
|
|
test "updating an existing user with validation and a blank password" do
|
|
|
|
@existing_user.password = ''
|
|
|
|
assert @existing_user.valid?(:update), 'user should be valid'
|
2010-12-18 21:38:05 +00:00
|
|
|
end
|
2010-12-19 09:39:54 +00:00
|
|
|
|
2014-01-20 13:06:03 +00:00
|
|
|
test "updating an existing user with validation and a blank password and password_confirmation" do
|
|
|
|
@existing_user.password = ''
|
|
|
|
@existing_user.password_confirmation = ''
|
|
|
|
assert @existing_user.valid?(:update), 'user should be valid'
|
|
|
|
end
|
2010-12-19 09:39:54 +00:00
|
|
|
|
2014-01-20 13:06:03 +00:00
|
|
|
test "updating an existing user with validation and a nil password" do
|
|
|
|
@existing_user.password = nil
|
|
|
|
assert !@existing_user.valid?(:update), 'user should be invalid'
|
|
|
|
assert_equal 1, @existing_user.errors.count
|
|
|
|
assert_equal ["can't be blank"], @existing_user.errors[:password]
|
|
|
|
end
|
|
|
|
|
|
|
|
test "updating an existing user with validation and a blank password confirmation" do
|
|
|
|
@existing_user.password = 'password'
|
|
|
|
@existing_user.password_confirmation = ''
|
|
|
|
assert !@existing_user.valid?(:update), 'user should be invalid'
|
|
|
|
assert_equal 1, @existing_user.errors.count
|
|
|
|
assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation]
|
2010-12-18 21:38:05 +00:00
|
|
|
end
|
2011-01-26 02:35:02 +00:00
|
|
|
|
2014-01-20 13:06:03 +00:00
|
|
|
test "updating an existing user with validation and a nil password confirmation" do
|
|
|
|
@existing_user.password = 'password'
|
|
|
|
@existing_user.password_confirmation = nil
|
|
|
|
assert @existing_user.valid?(:update), 'user should be valid'
|
2012-05-08 22:54:47 +00:00
|
|
|
end
|
2012-11-14 15:42:54 +00:00
|
|
|
|
2014-01-20 13:06:03 +00:00
|
|
|
test "updating an existing user with validation and an incorrect password confirmation" do
|
|
|
|
@existing_user.password = 'password'
|
|
|
|
@existing_user.password_confirmation = 'something else'
|
|
|
|
assert !@existing_user.valid?(:update), 'user should be invalid'
|
|
|
|
assert_equal 1, @existing_user.errors.count
|
|
|
|
assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation]
|
|
|
|
end
|
|
|
|
|
|
|
|
test "updating an existing user with validation and a correct password confirmation" do
|
|
|
|
@existing_user.password = 'password'
|
|
|
|
@existing_user.password_confirmation = 'something else'
|
|
|
|
assert !@existing_user.valid?(:update), 'user should be invalid'
|
|
|
|
assert_equal 1, @existing_user.errors.count
|
|
|
|
assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation]
|
|
|
|
end
|
|
|
|
|
|
|
|
test "updating an existing user with validation and a blank password digest" do
|
|
|
|
@existing_user.password_digest = ''
|
|
|
|
assert !@existing_user.valid?(:update), 'user should be invalid'
|
|
|
|
assert_equal 1, @existing_user.errors.count
|
|
|
|
assert_equal ["can't be blank"], @existing_user.errors[:password]
|
|
|
|
end
|
|
|
|
|
|
|
|
test "updating an existing user with validation and a nil password digest" do
|
|
|
|
@existing_user.password_digest = nil
|
|
|
|
assert !@existing_user.valid?(:update), 'user should be invalid'
|
|
|
|
assert_equal 1, @existing_user.errors.count
|
|
|
|
assert_equal ["can't be blank"], @existing_user.errors[:password]
|
|
|
|
end
|
|
|
|
|
|
|
|
test "setting a blank password should not change an existing password" do
|
|
|
|
@existing_user.password = ''
|
|
|
|
assert @existing_user.password_digest == 'password'
|
|
|
|
end
|
|
|
|
|
|
|
|
test "setting a nil password should clear an existing password" do
|
|
|
|
@existing_user.password = nil
|
|
|
|
assert_equal nil, @existing_user.password_digest
|
2014-03-07 17:59:57 +00:00
|
|
|
end
|
2014-01-20 13:06:03 +00:00
|
|
|
|
|
|
|
test "authenticate" do
|
|
|
|
@user.password = "secret"
|
|
|
|
|
|
|
|
assert !@user.authenticate("wrong")
|
|
|
|
assert @user.authenticate("secret")
|
2012-07-31 20:16:21 +00:00
|
|
|
end
|
2012-11-14 15:42:54 +00:00
|
|
|
|
2012-11-20 01:07:12 +00:00
|
|
|
test "Password digest cost defaults to bcrypt default cost when min_cost is false" do
|
|
|
|
ActiveModel::SecurePassword.min_cost = false
|
|
|
|
|
2014-03-10 13:22:22 +00:00
|
|
|
@user.password = "secret"
|
|
|
|
assert_equal BCrypt::Engine::DEFAULT_COST, @user.password_digest.cost
|
2012-11-14 15:42:54 +00:00
|
|
|
end
|
|
|
|
|
2013-09-23 18:46:41 +00:00
|
|
|
test "Password digest cost honors bcrypt cost attribute when min_cost is false" do
|
2014-03-07 17:59:57 +00:00
|
|
|
begin
|
2014-03-10 13:22:22 +00:00
|
|
|
original_bcrypt_cost = BCrypt::Engine.cost
|
|
|
|
ActiveModel::SecurePassword.min_cost = false
|
|
|
|
BCrypt::Engine.cost = 5
|
|
|
|
|
2014-03-07 17:59:57 +00:00
|
|
|
@user.password = "secret"
|
|
|
|
assert_equal BCrypt::Engine.cost, @user.password_digest.cost
|
|
|
|
ensure
|
2014-03-10 13:22:22 +00:00
|
|
|
BCrypt::Engine.cost = original_bcrypt_cost
|
2014-03-07 17:59:57 +00:00
|
|
|
end
|
2013-09-23 18:46:41 +00:00
|
|
|
end
|
|
|
|
|
2012-11-14 15:42:54 +00:00
|
|
|
test "Password digest cost can be set to bcrypt min cost to speed up tests" do
|
|
|
|
ActiveModel::SecurePassword.min_cost = true
|
2012-11-20 01:07:12 +00:00
|
|
|
|
2014-03-10 13:22:22 +00:00
|
|
|
@user.password = "secret"
|
|
|
|
assert_equal BCrypt::Engine::MIN_COST, @user.password_digest.cost
|
2012-11-14 15:42:54 +00:00
|
|
|
end
|
2010-12-19 16:58:14 +00:00
|
|
|
end
|