aboutsummaryrefslogblamecommitdiffstats
path: root/activemodel/test/cases/secure_password_test.rb
blob: 98e5c747d52fa930090410a479b029eeb95ebabf (plain) (tree)
1
2
3
4
5
6
7
8
9
10

                      
                             

                              


                                                

                                               
                    
                          
                                   

     



                                                
                          


                                                              


                        


                                                              

     





                                                             
                                    
                                 

                                     
 


                                                                          
 
                        
                          
 
                                                   
 

                       
 

                             
 


                                       
 
                                                        
                                






                                          
 




                                                         
 


                                                                                       





                                                                                
 


                                                                     





                                                                               
 




                                                                                                        







                                                                      
   
require 'cases/helper'
require 'models/user'
require 'models/oauthed_user'
require 'models/visitor'
require 'models/administrator'

class SecurePasswordTest < ActiveModel::TestCase
  setup do
    ActiveModel::SecurePassword.min_cost = true

    @user = User.new
    @visitor = Visitor.new
    @oauthed_user = OauthedUser.new
  end

  teardown do
    ActiveModel::SecurePassword.min_cost = false
  end

  test "blank password" do
    @user.password = @visitor.password = ''
    assert !@user.valid?(:create), 'user should be invalid'
    assert @visitor.valid?(:create), 'visitor should be valid'
  end

  test "nil password" do
    @user.password = @visitor.password = nil
    assert !@user.valid?(:create), 'user should be invalid'
    assert @visitor.valid?(:create), 'visitor should be valid'
  end

  test "blank password doesn't override previous password" do
    @user.password = 'test'
    @user.password = ''
    assert_equal @user.password, 'test'
  end

  test "password must be present" do
    assert !@user.valid?(:create)
    assert_equal 1, @user.errors.size
  end

  test "match confirmation" do
    @user.password = @visitor.password = "thiswillberight"
    @user.password_confirmation = @visitor.password_confirmation = "wrong"

    assert !@user.valid?
    assert @visitor.valid?

    @user.password_confirmation = "thiswillberight"

    assert @user.valid?
  end

  test "authenticate" do
    @user.password = "secret"

    assert !@user.authenticate("wrong")
    assert @user.authenticate("secret")
  end

  test "User should not be created with blank digest" do
    assert_raise RuntimeError do
      @user.run_callbacks :create
    end
    @user.password = "supersecretpassword"
    assert_nothing_raised do
      @user.run_callbacks :create
    end
  end

  test "Oauthed user can be created with blank digest" do
    assert_nothing_raised do
      @oauthed_user.run_callbacks :create
    end
  end

  test "Password digest cost defaults to bcrypt default cost when min_cost is false" do
    ActiveModel::SecurePassword.min_cost = false

    @user.password = "secret"
    assert_equal BCrypt::Engine::DEFAULT_COST, @user.password_digest.cost
  end

  test "Password digest cost can be set to bcrypt min cost to speed up tests" do
    ActiveModel::SecurePassword.min_cost = true

    @user.password = "secret"
    assert_equal BCrypt::Engine::MIN_COST, @user.password_digest.cost
  end

  test "blank password_confirmation does not result in a confirmation error" do
    @user.password = ""
    @user.password_confirmation = ""
    assert @user.valid?(:update), "user should be valid"
  end

  test "password_confirmation validations will not be triggered if password_confirmation is not sent" do
    @user.password = "password"
    assert @user.valid?(:create)
  end

  test "will not save if confirmation is blank but password is not" do
    @user.password = "password"
    @user.password_confirmation = ""
    assert_not @user.valid?(:create)

    @user.password_confirmation = "password"
    assert @user.valid?(:create)
  end
end