From 3e237522366e4b5b5811f9436a58de99d8b12542 Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Thu, 14 Apr 2011 14:54:25 -0700 Subject: bcrypt will encrypt anything, so validate_presence_of would not catch nil / blank passwords. Thank you to Aleksander Kamil Modzelewski for reporting this --- activemodel/test/cases/secure_password_test.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'activemodel/test/cases/secure_password_test.rb') diff --git a/activemodel/test/cases/secure_password_test.rb b/activemodel/test/cases/secure_password_test.rb index 4a47a7a226..c455cf57b3 100644 --- a/activemodel/test/cases/secure_password_test.rb +++ b/activemodel/test/cases/secure_password_test.rb @@ -9,6 +9,18 @@ class SecurePasswordTest < ActiveModel::TestCase @user = User.new end + test "blank password" do + user = User.new + user.password = '' + assert !user.valid?, 'user should be invalid' + end + + test "nil password" do + user = User.new + user.password = nil + assert !user.valid?, 'user should be invalid' + end + test "password must be present" do assert !@user.valid? assert_equal 1, @user.errors.size -- cgit v1.2.3