Merge pull request #13772 from chancancode/fix_has_secure_password_for_good

Refactored validations rules for has_secure_password
author: Godfrey Chan <godfreykfc@gmail.com> 2014-01-24 20:35:48 -0800
committer: Godfrey Chan <godfreykfc@gmail.com> 2014-01-24 20:35:48 -0800
commit: 94ce51445eb70fb168640c0404b7fc1985365f67 (patch)
tree: dd7244b4b9131ba47a39f663e5396aad262f4e2f /activemodel/test/cases
parent: 7776fd6afb4463f8e7c39e653bdc2ee9226b22f4 (diff)
parent: 98705d88cd8ec705b80a032f8c166072b4e6fffd (diff)
download: rails-94ce51445eb70fb168640c0404b7fc1985365f67.tar.gz
rails-94ce51445eb70fb168640c0404b7fc1985365f67.tar.bz2
rails-94ce51445eb70fb168640c0404b7fc1985365f67.zip
1 files changed, 120 insertions, 58 deletions
diff --git a/activemodel/test/cases/secure_password_test.rb b/activemodel/test/cases/secure_password_test.rb
index 0314803af6..82fd291064 100644
--- a/activemodel/test/cases/secure_password_test.rb
+++ b/activemodel/test/cases/secure_password_test.rb
@@ -1,6 +1,5 @@
 require 'cases/helper'
 require 'models/user'
-require 'models/oauthed_user'
 require 'models/visitor'
 
 class SecurePasswordTest < ActiveModel::TestCase
@@ -9,69 +8,152 @@ class SecurePasswordTest < ActiveModel::TestCase
 
     @user = User.new
     @visitor = Visitor.new
-    @oauthed_user = OauthedUser.new
+
+    # Simulate loading an existing user from the DB
+    @existing_user = User.new
+    @existing_user.password_digest = BCrypt::Password.create('password', cost: BCrypt::Engine::MIN_COST)
   end
 
   teardown do
     ActiveModel::SecurePassword.min_cost = false
   end
 
-  test "blank password" do
-    @user.password = @visitor.password = ''
-    assert !@user.valid?(:create), 'user should be invalid'
+  test "create and updating without validations" do
     assert @visitor.valid?(:create), 'visitor should be valid'
-  end
+    assert @visitor.valid?(:update), 'visitor should be valid'
+
+    @visitor.password = '123'
+    @visitor.password_confirmation = '456'
 
-  test "nil password" do
-    @user.password = @visitor.password = nil
-    assert !@user.valid?(:create), 'user should be invalid'
     assert @visitor.valid?(:create), 'visitor should be valid'
+    assert @visitor.valid?(:update), 'visitor should be valid'
   end
 
-  test "blank password doesn't override previous password" do
-    @user.password = 'test'
+  test "create a new user with validation and a blank password" do
     @user.password = ''
-    assert_equal @user.password, 'test'
+    assert !@user.valid?(:create), 'user should be invalid'
+    assert_equal 1, @user.errors.count
+    assert_equal ["can't be blank"], @user.errors[:password]
+  end
+
+  test "create a new user with validation and a nil password" do
+    @user.password = nil
+    assert !@user.valid?(:create), 'user should be invalid'
+    assert_equal 1, @user.errors.count
+    assert_equal ["can't be blank"], @user.errors[:password]
+  end
+
+  test "create a new user with validation and a blank password confirmation" do
+    @user.password = 'password'
+    @user.password_confirmation = ''
+    assert !@user.valid?(:create), 'user should be invalid'
+    assert_equal 1, @user.errors.count
+    assert_equal ["doesn't match Password"], @user.errors[:password_confirmation]
   end
 
-  test "password must be present" do
-    assert !@user.valid?(:create)
-    assert_equal 1, @user.errors.size
+  test "create a new user with validation and a nil password confirmation" do
+    @user.password = 'password'
+    @user.password_confirmation = nil
+    assert @user.valid?(:create), 'user should be valid'
   end
 
-  test "match confirmation" do
-    @user.password = @visitor.password = "thiswillberight"
-    @user.password_confirmation = @visitor.password_confirmation = "wrong"
+  test "create a new user with validation and an incorrect password confirmation" do
+    @user.password = 'password'
+    @user.password_confirmation = 'something else'
+    assert !@user.valid?(:create), 'user should be invalid'
+    assert_equal 1, @user.errors.count
+    assert_equal ["doesn't match Password"], @user.errors[:password_confirmation]
+  end
 
-    assert !@user.valid?
-    assert @visitor.valid?
+  test "create a new user with validation and a correct password confirmation" do
+    @user.password = 'password'
+    @user.password_confirmation = 'something else'
+    assert !@user.valid?(:create), 'user should be invalid'
+    assert_equal 1, @user.errors.count
+    assert_equal ["doesn't match Password"], @user.errors[:password_confirmation]
+  end
 
-    @user.password_confirmation = "thiswillberight"
+  test "update an existing user with validation and no change in password" do
+    assert @existing_user.valid?(:update), 'user should be valid'
+  end
 
-    assert @user.valid?
+  test "updating an existing user with validation and a blank password" do
+    @existing_user.password = ''
+    assert @existing_user.valid?(:update), 'user should be valid'
   end
 
-  test "authenticate" do
-    @user.password = "secret"
+  test "updating an existing user with validation and a blank password and password_confirmation" do
+    @existing_user.password = ''
+    @existing_user.password_confirmation = ''
+    assert @existing_user.valid?(:update), 'user should be valid'
+  end
 
-    assert !@user.authenticate("wrong")
-    assert @user.authenticate("secret")
+  test "updating an existing user with validation and a nil password" do
+    @existing_user.password = nil
+    assert !@existing_user.valid?(:update), 'user should be invalid'
+    assert_equal 1, @existing_user.errors.count
+    assert_equal ["can't be blank"], @existing_user.errors[:password]
+  end
+
+  test "updating an existing user with validation and a blank password confirmation" do
+    @existing_user.password = 'password'
+    @existing_user.password_confirmation = ''
+    assert !@existing_user.valid?(:update), 'user should be invalid'
+    assert_equal 1, @existing_user.errors.count
+    assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation]
   end
 
-  test "User should not be created with blank digest" do
-    assert_raise RuntimeError do
-      @user.run_callbacks :create
-    end
-    @user.password = "supersecretpassword"
-    assert_nothing_raised do
-      @user.run_callbacks :create
-    end
+  test "updating an existing user with validation and a nil password confirmation" do
+    @existing_user.password = 'password'
+    @existing_user.password_confirmation = nil
+    assert @existing_user.valid?(:update), 'user should be valid'
   end
 
-  test "Oauthed user can be created with blank digest" do
-    assert_nothing_raised do
-      @oauthed_user.run_callbacks :create
-    end
+  test "updating an existing user with validation and an incorrect password confirmation" do
+    @existing_user.password = 'password'
+    @existing_user.password_confirmation = 'something else'
+    assert !@existing_user.valid?(:update), 'user should be invalid'
+    assert_equal 1, @existing_user.errors.count
+    assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation]
+  end
+
+  test "updating an existing user with validation and a correct password confirmation" do
+    @existing_user.password = 'password'
+    @existing_user.password_confirmation = 'something else'
+    assert !@existing_user.valid?(:update), 'user should be invalid'
+    assert_equal 1, @existing_user.errors.count
+    assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation]
+  end
+
+  test "updating an existing user with validation and a blank password digest" do
+    @existing_user.password_digest = ''
+    assert !@existing_user.valid?(:update), 'user should be invalid'
+    assert_equal 1, @existing_user.errors.count
+    assert_equal ["can't be blank"], @existing_user.errors[:password]
+  end
+
+  test "updating an existing user with validation and a nil password digest" do
+    @existing_user.password_digest = nil
+    assert !@existing_user.valid?(:update), 'user should be invalid'
+    assert_equal 1, @existing_user.errors.count
+    assert_equal ["can't be blank"], @existing_user.errors[:password]
+  end
+
+  test "setting a blank password should not change an existing password" do
+    @existing_user.password = ''
+    assert @existing_user.password_digest == 'password'
+  end
+
+  test "setting a nil password should clear an existing password" do
+    @existing_user.password = nil
+    assert_equal nil, @existing_user.password_digest
+  end  
+
+  test "authenticate" do
+    @user.password = "secret"
+
+    assert !@user.authenticate("wrong")
+    assert @user.authenticate("secret")
   end
 
   test "Password digest cost defaults to bcrypt default cost when min_cost is false" do
@@ -95,24 +177,4 @@ class SecurePasswordTest < ActiveModel::TestCase
     @user.password = "secret"
     assert_equal BCrypt::Engine::MIN_COST, @user.password_digest.cost
   end
-
-  test "blank password_confirmation does not result in a confirmation error" do
-    @user.password = ""
-    @user.password_confirmation = ""
-    assert @user.valid?(:update), "user should be valid"
-  end
-
-  test "password_confirmation validations will not be triggered if password_confirmation is not sent" do
-    @user.password = "password"
-    assert @user.valid?(:create)
-  end
-
-  test "will not save if confirmation is blank but password is not" do
-    @user.password = "password"
-    @user.password_confirmation = ""
-    assert_not @user.valid?(:create)
-
-    @user.password_confirmation = "password"
-    assert @user.valid?(:create)
-  end
 end
author	Godfrey Chan <godfreykfc@gmail.com>	2014-01-24 20:35:48 -0800
committer	Godfrey Chan <godfreykfc@gmail.com>	2014-01-24 20:35:48 -0800
commit	94ce51445eb70fb168640c0404b7fc1985365f67 (patch)
tree	dd7244b4b9131ba47a39f663e5396aad262f4e2f /activemodel/test/cases
parent	7776fd6afb4463f8e7c39e653bdc2ee9226b22f4 (diff)
parent	98705d88cd8ec705b80a032f8c166072b4e6fffd (diff)
download	rails-94ce51445eb70fb168640c0404b7fc1985365f67.tar.gz rails-94ce51445eb70fb168640c0404b7fc1985365f67.tar.bz2 rails-94ce51445eb70fb168640c0404b7fc1985365f67.zip