aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/test/cases/secure_password_test.rb
diff options
context:
space:
mode:
Diffstat (limited to 'activemodel/test/cases/secure_password_test.rb')
-rw-r--r--activemodel/test/cases/secure_password_test.rb13
1 files changed, 13 insertions, 0 deletions
diff --git a/activemodel/test/cases/secure_password_test.rb b/activemodel/test/cases/secure_password_test.rb
index 79be715730..4a47a7a226 100644
--- a/activemodel/test/cases/secure_password_test.rb
+++ b/activemodel/test/cases/secure_password_test.rb
@@ -1,5 +1,7 @@
require 'cases/helper'
require 'models/user'
+require 'models/visitor'
+require 'models/administrator'
class SecurePasswordTest < ActiveModel::TestCase
@@ -29,4 +31,15 @@ class SecurePasswordTest < ActiveModel::TestCase
assert !@user.authenticate("wrong")
assert @user.authenticate("secret")
end
+
+ test "visitor#password_digest should be protected against mass assignment" do
+ assert Visitor.active_authorizer.kind_of?(ActiveModel::MassAssignmentSecurity::BlackList)
+ assert Visitor.active_authorizer.include?(:password_digest)
+ end
+
+ test "Administrator's mass_assignment_authorizer should be WhiteList" do
+ assert Administrator.active_authorizer.kind_of?(ActiveModel::MassAssignmentSecurity::WhiteList)
+ assert !Administrator.active_authorizer.include?(:password_digest)
+ assert Administrator.active_authorizer.include?(:name)
+ end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-05 01:08:11 +0000