From cabbc8f6a58635bdae4002e6553ebed2206fd17d Mon Sep 17 00:00:00 2001
From: Akshay Vishnoi <akshay.vishnoi@vinsol.com>
Date: Sat, 14 Jun 2014 12:35:31 +0530
Subject: SecurePassword - Validate password must be less than or equal to 72
 See #14591, Reason - BCrypt hash function can handle maximum 72 characters.

---
 activemodel/test/cases/secure_password_test.rb | 28 ++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'activemodel/test/cases/secure_password_test.rb')

diff --git a/activemodel/test/cases/secure_password_test.rb b/activemodel/test/cases/secure_password_test.rb
index bcd1e04a0f..f6dfdc5342 100644
--- a/activemodel/test/cases/secure_password_test.rb
+++ b/activemodel/test/cases/secure_password_test.rb
@@ -45,6 +45,20 @@ class SecurePasswordTest < ActiveModel::TestCase
     assert_equal ["can't be blank"], @user.errors[:password]
   end
 
+  test 'create a new user with validation and password length less than or equal to 72' do
+    @user.password = 'nakshay' * 10
+    @user.password_confirmation = @user.password
+    assert @user.valid?(:create), 'user should be valid'
+  end
+
+  test 'create a new user with validation and password length greater than 72' do
+    @user.password = 'nakshay' * 11
+    @user.password_confirmation = @user.password
+    assert !@user.valid?(:create), 'user should be invalid'
+    assert_equal 1, @user.errors.count
+    assert_equal ["is too long (maximum is 72 characters)"], @user.errors[:password]
+  end
+
   test "create a new user with validation and a blank password confirmation" do
     @user.password = 'password'
     @user.password_confirmation = ''
@@ -97,6 +111,20 @@ class SecurePasswordTest < ActiveModel::TestCase
     assert_equal ["can't be blank"], @existing_user.errors[:password]
   end
 
+  test 'updating an existing user with validation and password length less than or equal to 72' do
+    @existing_user.password = 'nakshay' * 10
+    @existing_user.password_confirmation = @existing_user.password
+    assert @existing_user.valid?(:update), 'user should be valid'
+  end
+
+  test 'updating an existing user with validation and password length greater than 72' do
+    @existing_user.password = 'nakshay' * 11
+    @existing_user.password_confirmation = @existing_user.password
+    assert !@existing_user.valid?(:update), 'user should be invalid'
+    assert_equal 1, @existing_user.errors.count
+    assert_equal ["is too long (maximum is 72 characters)"], @existing_user.errors[:password]
+  end
+
   test "updating an existing user with validation and a blank password confirmation" do
     @existing_user.password = 'password'
     @existing_user.password_confirmation = ''
-- 
cgit v1.2.3