aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/test/cases/secure_password_test.rb
diff options
context:
space:
mode:
Diffstat (limited to 'activemodel/test/cases/secure_password_test.rb')
-rw-r--r--activemodel/test/cases/secure_password_test.rb225
1 files changed, 225 insertions, 0 deletions
diff --git a/activemodel/test/cases/secure_password_test.rb b/activemodel/test/cases/secure_password_test.rb
new file mode 100644
index 0000000000..bbf443290b
--- /dev/null
+++ b/activemodel/test/cases/secure_password_test.rb
@@ -0,0 +1,225 @@
+# frozen_string_literal: true
+
+require "cases/helper"
+require "models/user"
+require "models/visitor"
+
+class SecurePasswordTest < ActiveModel::TestCase
+ setup do
+ # Used only to speed up tests
+ @original_min_cost = ActiveModel::SecurePassword.min_cost
+ ActiveModel::SecurePassword.min_cost = true
+
+ @user = User.new
+ @visitor = Visitor.new
+
+ # Simulate loading an existing user from the DB
+ @existing_user = User.new
+ @existing_user.password_digest = BCrypt::Password.create("password", cost: BCrypt::Engine::MIN_COST)
+ end
+
+ teardown do
+ ActiveModel::SecurePassword.min_cost = @original_min_cost
+ end
+
+ test "automatically include ActiveModel::Validations when validations are enabled" do
+ assert_respond_to @user, :valid?
+ end
+
+ test "don't include ActiveModel::Validations when validations are disabled" do
+ assert_not_respond_to @visitor, :valid?
+ end
+
+ test "create a new user with validations and valid password/confirmation" do
+ @user.password = "password"
+ @user.password_confirmation = "password"
+
+ assert @user.valid?(:create), "user should be valid"
+
+ @user.password = "a" * 72
+ @user.password_confirmation = "a" * 72
+
+ assert @user.valid?(:create), "user should be valid"
+ end
+
+ test "create a new user with validation and a spaces only password" do
+ @user.password = " " * 72
+ assert @user.valid?(:create), "user should be valid"
+ end
+
+ test "create a new user with validation and a blank password" do
+ @user.password = ""
+ assert_not @user.valid?(:create), "user should be invalid"
+ assert_equal 1, @user.errors.count
+ assert_equal ["can't be blank"], @user.errors[:password]
+ end
+
+ test "create a new user with validation and a nil password" do
+ @user.password = nil
+ assert_not @user.valid?(:create), "user should be invalid"
+ assert_equal 1, @user.errors.count
+ assert_equal ["can't be blank"], @user.errors[:password]
+ end
+
+ test "create a new user with validation and password length greater than 72" do
+ @user.password = "a" * 73
+ @user.password_confirmation = "a" * 73
+ assert_not @user.valid?(:create), "user should be invalid"
+ assert_equal 1, @user.errors.count
+ assert_equal ["is too long (maximum is 72 characters)"], @user.errors[:password]
+ end
+
+ test "create a new user with validation and a blank password confirmation" do
+ @user.password = "password"
+ @user.password_confirmation = ""
+ assert_not @user.valid?(:create), "user should be invalid"
+ assert_equal 1, @user.errors.count
+ assert_equal ["doesn't match Password"], @user.errors[:password_confirmation]
+ end
+
+ test "create a new user with validation and a nil password confirmation" do
+ @user.password = "password"
+ @user.password_confirmation = nil
+ assert @user.valid?(:create), "user should be valid"
+ end
+
+ test "create a new user with validation and an incorrect password confirmation" do
+ @user.password = "password"
+ @user.password_confirmation = "something else"
+ assert_not @user.valid?(:create), "user should be invalid"
+ assert_equal 1, @user.errors.count
+ assert_equal ["doesn't match Password"], @user.errors[:password_confirmation]
+ end
+
+ test "update an existing user with validation and no change in password" do
+ assert @existing_user.valid?(:update), "user should be valid"
+ end
+
+ test "update an existing user with validations and valid password/confirmation" do
+ @existing_user.password = "password"
+ @existing_user.password_confirmation = "password"
+
+ assert @existing_user.valid?(:update), "user should be valid"
+
+ @existing_user.password = "a" * 72
+ @existing_user.password_confirmation = "a" * 72
+
+ assert @existing_user.valid?(:update), "user should be valid"
+ end
+
+ test "updating an existing user with validation and a blank password" do
+ @existing_user.password = ""
+ assert @existing_user.valid?(:update), "user should be valid"
+ end
+
+ test "updating an existing user with validation and a spaces only password" do
+ @user.password = " " * 72
+ assert @user.valid?(:update), "user should be valid"
+ end
+
+ test "updating an existing user with validation and a blank password and password_confirmation" do
+ @existing_user.password = ""
+ @existing_user.password_confirmation = ""
+ assert @existing_user.valid?(:update), "user should be valid"
+ end
+
+ test "updating an existing user with validation and a nil password" do
+ @existing_user.password = nil
+ assert_not @existing_user.valid?(:update), "user should be invalid"
+ assert_equal 1, @existing_user.errors.count
+ assert_equal ["can't be blank"], @existing_user.errors[:password]
+ end
+
+ test "updating an existing user with validation and password length greater than 72" do
+ @existing_user.password = "a" * 73
+ @existing_user.password_confirmation = "a" * 73
+ assert_not @existing_user.valid?(:update), "user should be invalid"
+ assert_equal 1, @existing_user.errors.count
+ assert_equal ["is too long (maximum is 72 characters)"], @existing_user.errors[:password]
+ end
+
+ test "updating an existing user with validation and a blank password confirmation" do
+ @existing_user.password = "password"
+ @existing_user.password_confirmation = ""
+ assert_not @existing_user.valid?(:update), "user should be invalid"
+ assert_equal 1, @existing_user.errors.count
+ assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation]
+ end
+
+ test "updating an existing user with validation and a nil password confirmation" do
+ @existing_user.password = "password"
+ @existing_user.password_confirmation = nil
+ assert @existing_user.valid?(:update), "user should be valid"
+ end
+
+ test "updating an existing user with validation and an incorrect password confirmation" do
+ @existing_user.password = "password"
+ @existing_user.password_confirmation = "something else"
+ assert_not @existing_user.valid?(:update), "user should be invalid"
+ assert_equal 1, @existing_user.errors.count
+ assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation]
+ end
+
+ test "updating an existing user with validation and a blank password digest" do
+ @existing_user.password_digest = ""
+ assert_not @existing_user.valid?(:update), "user should be invalid"
+ assert_equal 1, @existing_user.errors.count
+ assert_equal ["can't be blank"], @existing_user.errors[:password]
+ end
+
+ test "updating an existing user with validation and a nil password digest" do
+ @existing_user.password_digest = nil
+ assert_not @existing_user.valid?(:update), "user should be invalid"
+ assert_equal 1, @existing_user.errors.count
+ assert_equal ["can't be blank"], @existing_user.errors[:password]
+ end
+
+ test "setting a blank password should not change an existing password" do
+ @existing_user.password = ""
+ assert @existing_user.password_digest == "password"
+ end
+
+ test "setting a nil password should clear an existing password" do
+ @existing_user.password = nil
+ assert_nil @existing_user.password_digest
+ end
+
+ test "authenticate" do
+ @user.password = "secret"
+ @user.recovery_password = "42password"
+
+ assert_equal false, @user.authenticate("wrong")
+ assert_equal @user, @user.authenticate("secret")
+
+ assert_equal false, @user.authenticate_password("wrong")
+ assert_equal @user, @user.authenticate_password("secret")
+
+ assert_equal false, @user.authenticate_recovery_password("wrong")
+ assert_equal @user, @user.authenticate_recovery_password("42password")
+ end
+
+ test "Password digest cost defaults to bcrypt default cost when min_cost is false" do
+ ActiveModel::SecurePassword.min_cost = false
+
+ @user.password = "secret"
+ assert_equal BCrypt::Engine::DEFAULT_COST, @user.password_digest.cost
+ end
+
+ test "Password digest cost honors bcrypt cost attribute when min_cost is false" do
+ original_bcrypt_cost = BCrypt::Engine.cost
+ ActiveModel::SecurePassword.min_cost = false
+ BCrypt::Engine.cost = 5
+
+ @user.password = "secret"
+ assert_equal BCrypt::Engine.cost, @user.password_digest.cost
+ ensure
+ BCrypt::Engine.cost = original_bcrypt_cost
+ end
+
+ test "Password digest cost can be set to bcrypt min cost to speed up tests" do
+ ActiveModel::SecurePassword.min_cost = true
+
+ @user.password = "secret"
+ assert_equal BCrypt::Engine::MIN_COST, @user.password_digest.cost
+ end
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 00:11:39 +0000