aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/test/cases/secure_password_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* has_secure_password: use `recovery_password` instead of `activation_token`bogdanvlviv2018-07-081-3/+3
| | | | | | Since we have `has_secure_token`, it is too confusing to use `_token` suffix with `has_secure_password`. Context https://github.com/rails/rails/pull/33307#discussion_r200807185
* Improve `SecurePasswordTest#test_authenticate`bogdanvlviv2018-07-061-4/+7
| | | | | | - Ensure that execution of `authenticate`/`authenticate_XXX` returns `self` if password is correct, otherwise `false` (as mentioned in the documentation). - Test `authenticate_password`.
* Merge pull request #26764 from choncou/improve_has_secure_passwordRafael Mendonça França2018-06-281-0/+4
|\ | | | | | | Allow configurable attribute name on `#has_secure_password`
| * Remove method for regenerating a token, and update `#authenticate`.Unathi Chonco2016-10-121-11/+2
| | | | | | | | | | | | | | This change now creates a method `#authenticate_XXX` where XXX is the configured attribute name on `#has_secure_password`. `#authenticate` is now an alias to this method when the attribute name is the default 'password'
| * This addition will now allow configuring an attribute name for theUnathi Chonco2016-10-121-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | existing `#has_secure_password`. This can be useful when one would like to store some secure field as a digest, just like a password. The method still defaults to `password`. It now also allows using the same `#authenticate` method which now accepts a second argument for specifying the attribute to be authenticated, or will default to 'password`. A new method is also added for generating a new token for an attribute by calling `#regenerate_XXXX` where `XXXX` is the attribute name.
* | Fix `CustomCops/AssertNot` to allow it to have failure messageRyuta Kamizono2018-05-131-11/+11
| | | | | | | | Follow up of #32605.
* | Replace `assert !` with `assert_not`Daniel Colson2018-04-191-1/+1
| | | | | | | | | | This autocorrects the violations after adding a custom cop in 3305c78dcd.
* | Use frozen string literal in activemodel/Kir Shatrov2017-07-161-0/+2
| |
* | Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
| | | | | | | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* | Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
| |
* | "Use assert_nil if expecting nil. This will fail in minitest 6."Akira Matsuda2016-12-251-1/+1
|/
* applies new string literal convention in activemodel/testXavier Noria2016-08-061-59/+59
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Allow password to contain spaces only.Yevhene Shemet2014-08-061-0/+10
|
* Only automatically include validations when enabledGodfrey Chan2014-07-021-11/+3
| | | | This is a follow up to #16024.
* automatically include ActiveModel::Validations when include ↵Aditya Kapoor2014-07-031-0/+5
| | | | ActiveModel::SecurePassword
* Use `@existing_user` while updating existing user, fixing - #ee4e86Akshay Vishnoi2014-06-141-6/+6
|
* Cleaned up the `has_secure_password` test casesGodfrey Chan2014-06-141-33/+29
| | | | | | * Grouped the valid test cases in one place * Make the length of the generated password obvious * Removed two wrong (copy-and-pasted) test cases
* SecurePassword - Validate password must be less than or equal to 72Akshay Vishnoi2014-06-141-0/+28
| | | | See #14591, Reason - BCrypt hash function can handle maximum 72 characters.
* comment why we are modifying global state. [ci skip]Yves Senn2014-03-111-0/+1
|
* Completely remove potential global state leaks in ActiveModel tests.Zuhao Wan2014-03-111-23/+11
| | | | ActiveModel tests can now be run in random order.
* Run ActiveModel test suites in random order.Zuhao Wan2014-03-101-7/+25
| | | | | | | | | | This gets the whole ActiveModel test suites working even if `self.i_suck_and_my_tests_are_order_dependent!` is disabled in `ActiveSupport::TestCase`. Two places are found that potentially leak global state. This patch makes sure states are restored so that none of the changes happen in a single test will be carried over to subsequence tests.
* Some minor fixesGodfrey Chan2014-01-241-1/+0
|
* Removed old testsGodfrey Chan2014-01-241-58/+121
|
* Merge pull request #13273 from robertomiranda/test-remove-requireGuillermo Iguaran2013-12-111-1/+0
|\ | | | | Remove require 'models/administrator', Administrator is not used in secure password test
| * Remove require 'models/administrator', Administrator is not used in secure ↵robertomiranda2013-12-111-1/+0
| | | | | | | | password test
* | Use bcrypt's public cost attr, not internal constantT.J. Schuck2013-10-101-0/+8
|/ | | | | | | | See: - https://github.com/codahale/bcrypt-ruby/pull/63 - https://github.com/codahale/bcrypt-ruby/pull/64 - https://github.com/codahale/bcrypt-ruby/pull/65
* Fix secure_password password_confirmation validationsVladimir Kiselev2013-07-241-0/+5
|
* Fix regression in has_secure_password.Phil Calvin2013-05-301-0/+9
| | | | If the confirmation was blank, but the password wasn't, it would still save.
* `has_secure_password` is not invalid when assigning empty Strings.Yves Senn2013-03-041-0/+6
| | | | | | | | | | Closes #9535. With 692b3b6 the `password=` setter does no longer set blank passwords. This triggered validation errors when assigning empty Strings to `password` and `password_confirmation`. This patch only sets the confirmation if it is not `blank?`.
* Use secure password min cost option in its own tests for a speed upCarlos Antonio da Silva2012-11-211-2/+10
| | | | Around 0.564359s => 0.092244s speed up in my machine.
* Use BCrypt's MIN_COST in the test environment for speedier testsTrevor Turk2012-11-141-1/+12
|
* Cleanup trailing whitespacesdfens2012-10-121-1/+1
|
* Remove MassAssignmentSecurity from ActiveModelGuillermo Iguaran2012-09-161-12/+0
| | | | This will be moved out to protected_attributes gem
* has_secure_password should not raise a 'digest missing' error if the calling ↵Robby Grossman2012-07-311-0/+8
| | | | class has specified for validations to be skipped.
* Updated tests for has_secure_password.Erich Menge2012-05-081-8/+22
|
* Fix secure_password setterOscar Del Ben2012-04-241-0/+6
|
* use variables from test setupVijay Dev2011-10-171-6/+4
|
* AM mass assignment security attr_accessible and attr_protected now allow for ↵Josh Kalderimis2011-04-241-5/+6
| | | | | | | | scopes using :as => scope eg. attr_accessible :name attr_accessible :name, :admin, :as => :admin
* bcrypt will encrypt anything, so validate_presence_of would not catch nil / ↵Aaron Patterson2011-04-141-0/+12
| | | | blank passwords. Thank you to Aleksander Kamil Modzelewski for reporting this
* Override attributes_protected_by_default when has_secure_password is called.Tsutomu Kuroda2011-02-091-0/+13
| | | | | | | attr_protected should not be called, because it nullifies the mass assignment protection that has been set by attr_accessible. Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Remove weak_passwords list and the length/strong password validator, leave ↵Santiago Pastorino2010-12-191-49/+1
| | | | that up to the programmer
* Add set_weak_passwords call in alignment with set_table_name.Mikel Lindsaar2010-12-191-0/+5
|
* Added ability to specify which passwords you want as weak passwordsMikel Lindsaar2010-12-191-11/+31
|
* Make password messages translatable.José Valim2010-12-191-1/+1
|
* Avoid warnings and fix small typo on SecurePassword.José Valim2010-12-191-1/+3
|
* BCrypt does its own salting, lovely!David Heinemeier Hansson2010-12-181-0/+11
|
* Added ActiveRecord::Base#has_secure_password (via ↵David Heinemeier Hansson2010-12-181-0/+42
ActiveModel::SecurePassword) to encapsulate dead-simple password usage with SHA2 encryption and salting