diff options
Diffstat (limited to 'activemodel/test/cases/secure_password_test.rb')
-rw-r--r-- | activemodel/test/cases/secure_password_test.rb | 225 |
1 files changed, 225 insertions, 0 deletions
diff --git a/activemodel/test/cases/secure_password_test.rb b/activemodel/test/cases/secure_password_test.rb new file mode 100644 index 0000000000..bbf443290b --- /dev/null +++ b/activemodel/test/cases/secure_password_test.rb @@ -0,0 +1,225 @@ +# frozen_string_literal: true + +require "cases/helper" +require "models/user" +require "models/visitor" + +class SecurePasswordTest < ActiveModel::TestCase + setup do + # Used only to speed up tests + @original_min_cost = ActiveModel::SecurePassword.min_cost + ActiveModel::SecurePassword.min_cost = true + + @user = User.new + @visitor = Visitor.new + + # Simulate loading an existing user from the DB + @existing_user = User.new + @existing_user.password_digest = BCrypt::Password.create("password", cost: BCrypt::Engine::MIN_COST) + end + + teardown do + ActiveModel::SecurePassword.min_cost = @original_min_cost + end + + test "automatically include ActiveModel::Validations when validations are enabled" do + assert_respond_to @user, :valid? + end + + test "don't include ActiveModel::Validations when validations are disabled" do + assert_not_respond_to @visitor, :valid? + end + + test "create a new user with validations and valid password/confirmation" do + @user.password = "password" + @user.password_confirmation = "password" + + assert @user.valid?(:create), "user should be valid" + + @user.password = "a" * 72 + @user.password_confirmation = "a" * 72 + + assert @user.valid?(:create), "user should be valid" + end + + test "create a new user with validation and a spaces only password" do + @user.password = " " * 72 + assert @user.valid?(:create), "user should be valid" + end + + test "create a new user with validation and a blank password" do + @user.password = "" + assert_not @user.valid?(:create), "user should be invalid" + assert_equal 1, @user.errors.count + assert_equal ["can't be blank"], @user.errors[:password] + end + + test "create a new user with validation and a nil password" do + @user.password = nil + assert_not @user.valid?(:create), "user should be invalid" + assert_equal 1, @user.errors.count + assert_equal ["can't be blank"], @user.errors[:password] + end + + test "create a new user with validation and password length greater than 72" do + @user.password = "a" * 73 + @user.password_confirmation = "a" * 73 + assert_not @user.valid?(:create), "user should be invalid" + assert_equal 1, @user.errors.count + assert_equal ["is too long (maximum is 72 characters)"], @user.errors[:password] + end + + test "create a new user with validation and a blank password confirmation" do + @user.password = "password" + @user.password_confirmation = "" + assert_not @user.valid?(:create), "user should be invalid" + assert_equal 1, @user.errors.count + assert_equal ["doesn't match Password"], @user.errors[:password_confirmation] + end + + test "create a new user with validation and a nil password confirmation" do + @user.password = "password" + @user.password_confirmation = nil + assert @user.valid?(:create), "user should be valid" + end + + test "create a new user with validation and an incorrect password confirmation" do + @user.password = "password" + @user.password_confirmation = "something else" + assert_not @user.valid?(:create), "user should be invalid" + assert_equal 1, @user.errors.count + assert_equal ["doesn't match Password"], @user.errors[:password_confirmation] + end + + test "update an existing user with validation and no change in password" do + assert @existing_user.valid?(:update), "user should be valid" + end + + test "update an existing user with validations and valid password/confirmation" do + @existing_user.password = "password" + @existing_user.password_confirmation = "password" + + assert @existing_user.valid?(:update), "user should be valid" + + @existing_user.password = "a" * 72 + @existing_user.password_confirmation = "a" * 72 + + assert @existing_user.valid?(:update), "user should be valid" + end + + test "updating an existing user with validation and a blank password" do + @existing_user.password = "" + assert @existing_user.valid?(:update), "user should be valid" + end + + test "updating an existing user with validation and a spaces only password" do + @user.password = " " * 72 + assert @user.valid?(:update), "user should be valid" + end + + test "updating an existing user with validation and a blank password and password_confirmation" do + @existing_user.password = "" + @existing_user.password_confirmation = "" + assert @existing_user.valid?(:update), "user should be valid" + end + + test "updating an existing user with validation and a nil password" do + @existing_user.password = nil + assert_not @existing_user.valid?(:update), "user should be invalid" + assert_equal 1, @existing_user.errors.count + assert_equal ["can't be blank"], @existing_user.errors[:password] + end + + test "updating an existing user with validation and password length greater than 72" do + @existing_user.password = "a" * 73 + @existing_user.password_confirmation = "a" * 73 + assert_not @existing_user.valid?(:update), "user should be invalid" + assert_equal 1, @existing_user.errors.count + assert_equal ["is too long (maximum is 72 characters)"], @existing_user.errors[:password] + end + + test "updating an existing user with validation and a blank password confirmation" do + @existing_user.password = "password" + @existing_user.password_confirmation = "" + assert_not @existing_user.valid?(:update), "user should be invalid" + assert_equal 1, @existing_user.errors.count + assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation] + end + + test "updating an existing user with validation and a nil password confirmation" do + @existing_user.password = "password" + @existing_user.password_confirmation = nil + assert @existing_user.valid?(:update), "user should be valid" + end + + test "updating an existing user with validation and an incorrect password confirmation" do + @existing_user.password = "password" + @existing_user.password_confirmation = "something else" + assert_not @existing_user.valid?(:update), "user should be invalid" + assert_equal 1, @existing_user.errors.count + assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation] + end + + test "updating an existing user with validation and a blank password digest" do + @existing_user.password_digest = "" + assert_not @existing_user.valid?(:update), "user should be invalid" + assert_equal 1, @existing_user.errors.count + assert_equal ["can't be blank"], @existing_user.errors[:password] + end + + test "updating an existing user with validation and a nil password digest" do + @existing_user.password_digest = nil + assert_not @existing_user.valid?(:update), "user should be invalid" + assert_equal 1, @existing_user.errors.count + assert_equal ["can't be blank"], @existing_user.errors[:password] + end + + test "setting a blank password should not change an existing password" do + @existing_user.password = "" + assert @existing_user.password_digest == "password" + end + + test "setting a nil password should clear an existing password" do + @existing_user.password = nil + assert_nil @existing_user.password_digest + end + + test "authenticate" do + @user.password = "secret" + @user.recovery_password = "42password" + + assert_equal false, @user.authenticate("wrong") + assert_equal @user, @user.authenticate("secret") + + assert_equal false, @user.authenticate_password("wrong") + assert_equal @user, @user.authenticate_password("secret") + + assert_equal false, @user.authenticate_recovery_password("wrong") + assert_equal @user, @user.authenticate_recovery_password("42password") + end + + test "Password digest cost defaults to bcrypt default cost when min_cost is false" do + ActiveModel::SecurePassword.min_cost = false + + @user.password = "secret" + assert_equal BCrypt::Engine::DEFAULT_COST, @user.password_digest.cost + end + + test "Password digest cost honors bcrypt cost attribute when min_cost is false" do + original_bcrypt_cost = BCrypt::Engine.cost + ActiveModel::SecurePassword.min_cost = false + BCrypt::Engine.cost = 5 + + @user.password = "secret" + assert_equal BCrypt::Engine.cost, @user.password_digest.cost + ensure + BCrypt::Engine.cost = original_bcrypt_cost + end + + test "Password digest cost can be set to bcrypt min cost to speed up tests" do + ActiveModel::SecurePassword.min_cost = true + + @user.password = "secret" + assert_equal BCrypt::Engine::MIN_COST, @user.password_digest.cost + end +end |