Merge branch 'master' of https://github.com/rails/rails

1 files changed, 45 insertions, 0 deletions

diff --git a/activemodel/test/cases/secure_password_test.rb b/activemodel/test/cases/secure_password_test.rb
new file mode 100644
index 0000000000..4a47a7a226
--- /dev/null
+++ b/activemodel/test/cases/secure_password_test.rb
@@ -0,0 +1,45 @@
+require 'cases/helper'
+require 'models/user'
+require 'models/visitor'
+require 'models/administrator'
+
+class SecurePasswordTest < ActiveModel::TestCase
+
+  setup do
+    @user = User.new
+  end
+
+  test "password must be present" do
+    assert !@user.valid?
+    assert_equal 1, @user.errors.size
+  end
+
+  test "password must match confirmation" do
+    @user.password = "thiswillberight"
+    @user.password_confirmation = "wrong"
+
+    assert !@user.valid?
+
+    @user.password_confirmation = "thiswillberight"
+
+    assert @user.valid?
+  end
+
+  test "authenticate" do
+    @user.password = "secret"
+
+    assert !@user.authenticate("wrong")
+    assert @user.authenticate("secret")
+  end
+
+  test "visitor#password_digest should be protected against mass assignment" do
+    assert Visitor.active_authorizer.kind_of?(ActiveModel::MassAssignmentSecurity::BlackList)
+    assert Visitor.active_authorizer.include?(:password_digest)
+  end
+
+  test "Administrator's mass_assignment_authorizer should be WhiteList" do
+    assert Administrator.active_authorizer.kind_of?(ActiveModel::MassAssignmentSecurity::WhiteList)
+    assert !Administrator.active_authorizer.include?(:password_digest)
+    assert Administrator.active_authorizer.include?(:name)
+  end
+end