diff options
Diffstat (limited to 'activemodel/test/cases/secure_password_test.rb')
| -rw-r--r-- | activemodel/test/cases/secure_password_test.rb | 50 |
1 files changed, 33 insertions, 17 deletions
diff --git a/activemodel/test/cases/secure_password_test.rb b/activemodel/test/cases/secure_password_test.rb index 4338a3fc53..19e74d3cc9 100644 --- a/activemodel/test/cases/secure_password_test.rb +++ b/activemodel/test/cases/secure_password_test.rb @@ -1,5 +1,6 @@ require 'cases/helper' require 'models/user' +require 'models/oauthed_user' require 'models/visitor' require 'models/administrator' @@ -7,28 +8,39 @@ class SecurePasswordTest < ActiveModel::TestCase setup do @user = User.new + @visitor = Visitor.new + @oauthed_user = OauthedUser.new end test "blank password" do - @user.password = '' - assert !@user.valid?, 'user should be invalid' + @user.password = @visitor.password = '' + assert !@user.valid?(:create), 'user should be invalid' + assert @visitor.valid?(:create), 'visitor should be valid' end test "nil password" do - @user.password = nil - assert !@user.valid?, 'user should be invalid' + @user.password = @visitor.password = nil + assert !@user.valid?(:create), 'user should be invalid' + assert @visitor.valid?(:create), 'visitor should be valid' + end + + test "blank password doesn't override previous password" do + @user.password = 'test' + @user.password = '' + assert_equal @user.password, 'test' end test "password must be present" do - assert !@user.valid? + assert !@user.valid?(:create) assert_equal 1, @user.errors.size end - test "password must match confirmation" do - @user.password = "thiswillberight" - @user.password_confirmation = "wrong" + test "match confirmation" do + @user.password = @visitor.password = "thiswillberight" + @user.password_confirmation = @visitor.password_confirmation = "wrong" assert !@user.valid? + assert @visitor.valid? @user.password_confirmation = "thiswillberight" @@ -42,15 +54,19 @@ class SecurePasswordTest < ActiveModel::TestCase assert @user.authenticate("secret") end - test "visitor#password_digest should be protected against mass assignment" do - assert Visitor.active_authorizers[:default].kind_of?(ActiveModel::MassAssignmentSecurity::BlackList) - assert Visitor.active_authorizers[:default].include?(:password_digest) + test "User should not be created with blank digest" do + assert_raise RuntimeError do + @user.run_callbacks :create + end + @user.password = "supersecretpassword" + assert_nothing_raised do + @user.run_callbacks :create + end end - - test "Administrator's mass_assignment_authorizer should be WhiteList" do - active_authorizer = Administrator.active_authorizers[:default] - assert active_authorizer.kind_of?(ActiveModel::MassAssignmentSecurity::WhiteList) - assert !active_authorizer.include?(:password_digest) - assert active_authorizer.include?(:name) + + test "Oauthed user can be created with blank digest" do + assert_nothing_raised do + @oauthed_user.run_callbacks :create + end end end |