kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/activemodel/test/cases/secure_password_test.rb
Josh Kalderimis 1054ebd613 AM mass assignment security attr_accessible and attr_protected now allow for scopes using :as => scope eg. 
attr_accessible :name
    attr_accessible :name, :admin, :as => :admin
2011-04-24 09:53:18 +02:00

58 lines
1.5 KiB
Ruby
Raw Blame History

require 'cases/helper'
require 'models/user'
require 'models/visitor'
require 'models/administrator'
class SecurePasswordTest < ActiveModel::TestCase
setup do
@user = User.new
end
test "blank password" do
user = User.new
user.password = ''
assert !user.valid?, 'user should be invalid'
end
test "nil password" do
user = User.new
user.password = nil
assert !user.valid?, 'user should be invalid'
end
test "password must be present" do
assert !@user.valid?
assert_equal 1, @user.errors.size
end
test "password must match confirmation" do
@user.password = "thiswillberight"
@user.password_confirmation = "wrong"
assert !@user.valid?
@user.password_confirmation = "thiswillberight"
assert @user.valid?
end
test "authenticate" do
@user.password = "secret"
assert !@user.authenticate("wrong")
assert @user.authenticate("secret")
end
test "visitor#password_digest should be protected against mass assignment" do
assert Visitor.active_authorizers[:default].kind_of?(ActiveModel::MassAssignmentSecurity::BlackList)
assert Visitor.active_authorizers[:default].include?(:password_digest)
end
test "Administrator's mass_assignment_authorizer should be WhiteList" do
active_authorizer = Administrator.active_authorizers[:default]
assert active_authorizer.kind_of?(ActiveModel::MassAssignmentSecurity::WhiteList)
assert !active_authorizer.include?(:password_digest)
assert active_authorizer.include?(:name)
end
end
View git blame Copy permalink