From 19a4ef305d84f4aad633c25f850967bbc375da84 Mon Sep 17 00:00:00 2001 From: Godfrey Chan Date: Mon, 20 Jan 2014 04:21:44 -0800 Subject: Rewrote the tests for has_secure_password --- activemodel/test/cases/secure_password_new_test.rb | 181 +++++++++++++++++++++ activemodel/test/models/oauthed_user.rb | 2 +- activemodel/test/models/user.rb | 2 +- 3 files changed, 183 insertions(+), 2 deletions(-) create mode 100644 activemodel/test/cases/secure_password_new_test.rb (limited to 'activemodel/test') diff --git a/activemodel/test/cases/secure_password_new_test.rb b/activemodel/test/cases/secure_password_new_test.rb new file mode 100644 index 0000000000..174d18ec8b --- /dev/null +++ b/activemodel/test/cases/secure_password_new_test.rb @@ -0,0 +1,181 @@ +require 'cases/helper' +require 'models/user' +require 'models/visitor' + +require 'active_support/all' +class SecurePasswordTest < ActiveModel::TestCase + setup do + ActiveModel::SecurePassword.min_cost = true + + @user = User.new + @visitor = Visitor.new + + # Simulate loading an existing user from the DB + @existing_user = User.new + @existing_user.password_digest = BCrypt::Password.create('password', cost: BCrypt::Engine::MIN_COST) + end + + teardown do + ActiveModel::SecurePassword.min_cost = false + end + + test "create and updating without validations" do + assert @visitor.valid?(:create), 'visitor should be valid' + assert @visitor.valid?(:update), 'visitor should be valid' + + @visitor.password = '123' + @visitor.password_confirmation = '456' + + assert @visitor.valid?(:create), 'visitor should be valid' + assert @visitor.valid?(:update), 'visitor should be valid' + end + + test "create a new user with validation and a blank password" do + @user.password = '' + assert !@user.valid?(:create), 'user should be invalid' + assert_equal 1, @user.errors.count + assert_equal ["can't be blank"], @user.errors[:password] + end + + test "create a new user with validation and a nil password" do + @user.password = nil + assert !@user.valid?(:create), 'user should be invalid' + assert_equal 1, @user.errors.count + assert_equal ["can't be blank"], @user.errors[:password] + end + + test "create a new user with validation and a blank password confirmation" do + @user.password = 'password' + @user.password_confirmation = '' + assert !@user.valid?(:create), 'user should be invalid' + assert_equal 1, @user.errors.count + assert_equal ["doesn't match Password"], @user.errors[:password_confirmation] + end + + test "create a new user with validation and a nil password confirmation" do + @user.password = 'password' + @user.password_confirmation = nil + assert @user.valid?(:create), 'user should be valid' + end + + test "create a new user with validation and an incorrect password confirmation" do + @user.password = 'password' + @user.password_confirmation = 'something else' + assert !@user.valid?(:create), 'user should be invalid' + assert_equal 1, @user.errors.count + assert_equal ["doesn't match Password"], @user.errors[:password_confirmation] + end + + test "create a new user with validation and a correct password confirmation" do + @user.password = 'password' + @user.password_confirmation = 'something else' + assert !@user.valid?(:create), 'user should be invalid' + assert_equal 1, @user.errors.count + assert_equal ["doesn't match Password"], @user.errors[:password_confirmation] + end + + test "update an existing user with validation and no change in password" do + assert @existing_user.valid?(:update), 'user should be valid' + end + + test "updating an existing user with validation and a blank password" do + @existing_user.password = '' + assert @existing_user.valid?(:update), 'user should be valid' + end + + test "updating an existing user with validation and a blank password and password_confirmation" do + @existing_user.password = '' + @existing_user.password_confirmation = '' + assert @existing_user.valid?(:update), 'user should be valid' + end + + test "updating an existing user with validation and a nil password" do + @existing_user.password = nil + assert !@existing_user.valid?(:update), 'user should be invalid' + assert_equal 1, @existing_user.errors.count + assert_equal ["can't be blank"], @existing_user.errors[:password] + end + + test "updating an existing user with validation and a blank password confirmation" do + @existing_user.password = 'password' + @existing_user.password_confirmation = '' + assert !@existing_user.valid?(:update), 'user should be invalid' + assert_equal 1, @existing_user.errors.count + assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation] + end + + test "updating an existing user with validation and a nil password confirmation" do + @existing_user.password = 'password' + @existing_user.password_confirmation = nil + assert @existing_user.valid?(:update), 'user should be valid' + end + + test "updating an existing user with validation and an incorrect password confirmation" do + @existing_user.password = 'password' + @existing_user.password_confirmation = 'something else' + assert !@existing_user.valid?(:update), 'user should be invalid' + assert_equal 1, @existing_user.errors.count + assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation] + end + + test "updating an existing user with validation and a correct password confirmation" do + @existing_user.password = 'password' + @existing_user.password_confirmation = 'something else' + assert !@existing_user.valid?(:update), 'user should be invalid' + assert_equal 1, @existing_user.errors.count + assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation] + end + + test "updating an existing user with validation and a blank password digest" do + @existing_user.password_digest = '' + assert !@existing_user.valid?(:update), 'user should be invalid' + assert_equal 1, @existing_user.errors.count + assert_equal ["can't be blank"], @existing_user.errors[:password] + end + + test "updating an existing user with validation and a nil password digest" do + @existing_user.password_digest = nil + assert !@existing_user.valid?(:update), 'user should be invalid' + assert_equal 1, @existing_user.errors.count + assert_equal ["can't be blank"], @existing_user.errors[:password] + end + + test "setting a blank password should not change an existing password" do + @existing_user.password = '' + assert @existing_user.password_digest == 'password' + end + + test "setting a nil password should clear an existing password" do + @existing_user.password = nil + assert_equal nil, @existing_user.password_digest + end + + test "authenticate" do + @user.password = "secret" + + assert !@user.authenticate("wrong") + assert @user.authenticate("secret") + end + + test "Password digest cost defaults to bcrypt default cost when min_cost is false" do + ActiveModel::SecurePassword.min_cost = false + + @user.password = "secret" + assert_equal BCrypt::Engine::DEFAULT_COST, @user.password_digest.cost + end + + test "Password digest cost honors bcrypt cost attribute when min_cost is false" do + ActiveModel::SecurePassword.min_cost = false + BCrypt::Engine.cost = 5 + + @user.password = "secret" + assert_equal BCrypt::Engine.cost, @user.password_digest.cost + end + + test "Password digest cost can be set to bcrypt min cost to speed up tests" do + ActiveModel::SecurePassword.min_cost = true + + @user.password = "secret" + assert_equal BCrypt::Engine::MIN_COST, @user.password_digest.cost + end +end diff --git a/activemodel/test/models/oauthed_user.rb b/activemodel/test/models/oauthed_user.rb index 9750bc19d4..1bbb24a37b 100644 --- a/activemodel/test/models/oauthed_user.rb +++ b/activemodel/test/models/oauthed_user.rb @@ -7,5 +7,5 @@ class OauthedUser has_secure_password(validations: false) - attr_accessor :password_digest, :password_salt + attr_accessor :password_digest end diff --git a/activemodel/test/models/user.rb b/activemodel/test/models/user.rb index 4b11df12bf..cbe259b1ad 100644 --- a/activemodel/test/models/user.rb +++ b/activemodel/test/models/user.rb @@ -7,5 +7,5 @@ class User has_secure_password - attr_accessor :password_digest, :password_salt + attr_accessor :password_digest end -- cgit v1.2.3 From b6ddbfb15897dbd7f5043f3bfd9c83ffcbe2c2c4 Mon Sep 17 00:00:00 2001 From: Godfrey Chan Date: Mon, 20 Jan 2014 05:06:03 -0800 Subject: Removed old tests --- activemodel/test/cases/secure_password_new_test.rb | 181 --------------------- activemodel/test/cases/secure_password_test.rb | 179 +++++++++++++------- activemodel/test/models/oauthed_user.rb | 11 -- 3 files changed, 121 insertions(+), 250 deletions(-) delete mode 100644 activemodel/test/cases/secure_password_new_test.rb delete mode 100644 activemodel/test/models/oauthed_user.rb (limited to 'activemodel/test') diff --git a/activemodel/test/cases/secure_password_new_test.rb b/activemodel/test/cases/secure_password_new_test.rb deleted file mode 100644 index 174d18ec8b..0000000000 --- a/activemodel/test/cases/secure_password_new_test.rb +++ /dev/null @@ -1,181 +0,0 @@ -require 'cases/helper' -require 'models/user' -require 'models/visitor' - -require 'active_support/all' -class SecurePasswordTest < ActiveModel::TestCase - setup do - ActiveModel::SecurePassword.min_cost = true - - @user = User.new - @visitor = Visitor.new - - # Simulate loading an existing user from the DB - @existing_user = User.new - @existing_user.password_digest = BCrypt::Password.create('password', cost: BCrypt::Engine::MIN_COST) - end - - teardown do - ActiveModel::SecurePassword.min_cost = false - end - - test "create and updating without validations" do - assert @visitor.valid?(:create), 'visitor should be valid' - assert @visitor.valid?(:update), 'visitor should be valid' - - @visitor.password = '123' - @visitor.password_confirmation = '456' - - assert @visitor.valid?(:create), 'visitor should be valid' - assert @visitor.valid?(:update), 'visitor should be valid' - end - - test "create a new user with validation and a blank password" do - @user.password = '' - assert !@user.valid?(:create), 'user should be invalid' - assert_equal 1, @user.errors.count - assert_equal ["can't be blank"], @user.errors[:password] - end - - test "create a new user with validation and a nil password" do - @user.password = nil - assert !@user.valid?(:create), 'user should be invalid' - assert_equal 1, @user.errors.count - assert_equal ["can't be blank"], @user.errors[:password] - end - - test "create a new user with validation and a blank password confirmation" do - @user.password = 'password' - @user.password_confirmation = '' - assert !@user.valid?(:create), 'user should be invalid' - assert_equal 1, @user.errors.count - assert_equal ["doesn't match Password"], @user.errors[:password_confirmation] - end - - test "create a new user with validation and a nil password confirmation" do - @user.password = 'password' - @user.password_confirmation = nil - assert @user.valid?(:create), 'user should be valid' - end - - test "create a new user with validation and an incorrect password confirmation" do - @user.password = 'password' - @user.password_confirmation = 'something else' - assert !@user.valid?(:create), 'user should be invalid' - assert_equal 1, @user.errors.count - assert_equal ["doesn't match Password"], @user.errors[:password_confirmation] - end - - test "create a new user with validation and a correct password confirmation" do - @user.password = 'password' - @user.password_confirmation = 'something else' - assert !@user.valid?(:create), 'user should be invalid' - assert_equal 1, @user.errors.count - assert_equal ["doesn't match Password"], @user.errors[:password_confirmation] - end - - test "update an existing user with validation and no change in password" do - assert @existing_user.valid?(:update), 'user should be valid' - end - - test "updating an existing user with validation and a blank password" do - @existing_user.password = '' - assert @existing_user.valid?(:update), 'user should be valid' - end - - test "updating an existing user with validation and a blank password and password_confirmation" do - @existing_user.password = '' - @existing_user.password_confirmation = '' - assert @existing_user.valid?(:update), 'user should be valid' - end - - test "updating an existing user with validation and a nil password" do - @existing_user.password = nil - assert !@existing_user.valid?(:update), 'user should be invalid' - assert_equal 1, @existing_user.errors.count - assert_equal ["can't be blank"], @existing_user.errors[:password] - end - - test "updating an existing user with validation and a blank password confirmation" do - @existing_user.password = 'password' - @existing_user.password_confirmation = '' - assert !@existing_user.valid?(:update), 'user should be invalid' - assert_equal 1, @existing_user.errors.count - assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation] - end - - test "updating an existing user with validation and a nil password confirmation" do - @existing_user.password = 'password' - @existing_user.password_confirmation = nil - assert @existing_user.valid?(:update), 'user should be valid' - end - - test "updating an existing user with validation and an incorrect password confirmation" do - @existing_user.password = 'password' - @existing_user.password_confirmation = 'something else' - assert !@existing_user.valid?(:update), 'user should be invalid' - assert_equal 1, @existing_user.errors.count - assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation] - end - - test "updating an existing user with validation and a correct password confirmation" do - @existing_user.password = 'password' - @existing_user.password_confirmation = 'something else' - assert !@existing_user.valid?(:update), 'user should be invalid' - assert_equal 1, @existing_user.errors.count - assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation] - end - - test "updating an existing user with validation and a blank password digest" do - @existing_user.password_digest = '' - assert !@existing_user.valid?(:update), 'user should be invalid' - assert_equal 1, @existing_user.errors.count - assert_equal ["can't be blank"], @existing_user.errors[:password] - end - - test "updating an existing user with validation and a nil password digest" do - @existing_user.password_digest = nil - assert !@existing_user.valid?(:update), 'user should be invalid' - assert_equal 1, @existing_user.errors.count - assert_equal ["can't be blank"], @existing_user.errors[:password] - end - - test "setting a blank password should not change an existing password" do - @existing_user.password = '' - assert @existing_user.password_digest == 'password' - end - - test "setting a nil password should clear an existing password" do - @existing_user.password = nil - assert_equal nil, @existing_user.password_digest - end - - test "authenticate" do - @user.password = "secret" - - assert !@user.authenticate("wrong") - assert @user.authenticate("secret") - end - - test "Password digest cost defaults to bcrypt default cost when min_cost is false" do - ActiveModel::SecurePassword.min_cost = false - - @user.password = "secret" - assert_equal BCrypt::Engine::DEFAULT_COST, @user.password_digest.cost - end - - test "Password digest cost honors bcrypt cost attribute when min_cost is false" do - ActiveModel::SecurePassword.min_cost = false - BCrypt::Engine.cost = 5 - - @user.password = "secret" - assert_equal BCrypt::Engine.cost, @user.password_digest.cost - end - - test "Password digest cost can be set to bcrypt min cost to speed up tests" do - ActiveModel::SecurePassword.min_cost = true - - @user.password = "secret" - assert_equal BCrypt::Engine::MIN_COST, @user.password_digest.cost - end -end diff --git a/activemodel/test/cases/secure_password_test.rb b/activemodel/test/cases/secure_password_test.rb index 0314803af6..174d18ec8b 100644 --- a/activemodel/test/cases/secure_password_test.rb +++ b/activemodel/test/cases/secure_password_test.rb @@ -1,77 +1,160 @@ require 'cases/helper' require 'models/user' -require 'models/oauthed_user' require 'models/visitor' +require 'active_support/all' class SecurePasswordTest < ActiveModel::TestCase setup do ActiveModel::SecurePassword.min_cost = true @user = User.new @visitor = Visitor.new - @oauthed_user = OauthedUser.new + + # Simulate loading an existing user from the DB + @existing_user = User.new + @existing_user.password_digest = BCrypt::Password.create('password', cost: BCrypt::Engine::MIN_COST) end teardown do ActiveModel::SecurePassword.min_cost = false end - test "blank password" do - @user.password = @visitor.password = '' - assert !@user.valid?(:create), 'user should be invalid' + test "create and updating without validations" do assert @visitor.valid?(:create), 'visitor should be valid' - end + assert @visitor.valid?(:update), 'visitor should be valid' + + @visitor.password = '123' + @visitor.password_confirmation = '456' - test "nil password" do - @user.password = @visitor.password = nil - assert !@user.valid?(:create), 'user should be invalid' assert @visitor.valid?(:create), 'visitor should be valid' + assert @visitor.valid?(:update), 'visitor should be valid' end - test "blank password doesn't override previous password" do - @user.password = 'test' + test "create a new user with validation and a blank password" do @user.password = '' - assert_equal @user.password, 'test' + assert !@user.valid?(:create), 'user should be invalid' + assert_equal 1, @user.errors.count + assert_equal ["can't be blank"], @user.errors[:password] + end + + test "create a new user with validation and a nil password" do + @user.password = nil + assert !@user.valid?(:create), 'user should be invalid' + assert_equal 1, @user.errors.count + assert_equal ["can't be blank"], @user.errors[:password] + end + + test "create a new user with validation and a blank password confirmation" do + @user.password = 'password' + @user.password_confirmation = '' + assert !@user.valid?(:create), 'user should be invalid' + assert_equal 1, @user.errors.count + assert_equal ["doesn't match Password"], @user.errors[:password_confirmation] end - test "password must be present" do - assert !@user.valid?(:create) - assert_equal 1, @user.errors.size + test "create a new user with validation and a nil password confirmation" do + @user.password = 'password' + @user.password_confirmation = nil + assert @user.valid?(:create), 'user should be valid' end - test "match confirmation" do - @user.password = @visitor.password = "thiswillberight" - @user.password_confirmation = @visitor.password_confirmation = "wrong" + test "create a new user with validation and an incorrect password confirmation" do + @user.password = 'password' + @user.password_confirmation = 'something else' + assert !@user.valid?(:create), 'user should be invalid' + assert_equal 1, @user.errors.count + assert_equal ["doesn't match Password"], @user.errors[:password_confirmation] + end - assert !@user.valid? - assert @visitor.valid? + test "create a new user with validation and a correct password confirmation" do + @user.password = 'password' + @user.password_confirmation = 'something else' + assert !@user.valid?(:create), 'user should be invalid' + assert_equal 1, @user.errors.count + assert_equal ["doesn't match Password"], @user.errors[:password_confirmation] + end - @user.password_confirmation = "thiswillberight" + test "update an existing user with validation and no change in password" do + assert @existing_user.valid?(:update), 'user should be valid' + end - assert @user.valid? + test "updating an existing user with validation and a blank password" do + @existing_user.password = '' + assert @existing_user.valid?(:update), 'user should be valid' end - test "authenticate" do - @user.password = "secret" + test "updating an existing user with validation and a blank password and password_confirmation" do + @existing_user.password = '' + @existing_user.password_confirmation = '' + assert @existing_user.valid?(:update), 'user should be valid' + end - assert !@user.authenticate("wrong") - assert @user.authenticate("secret") + test "updating an existing user with validation and a nil password" do + @existing_user.password = nil + assert !@existing_user.valid?(:update), 'user should be invalid' + assert_equal 1, @existing_user.errors.count + assert_equal ["can't be blank"], @existing_user.errors[:password] + end + + test "updating an existing user with validation and a blank password confirmation" do + @existing_user.password = 'password' + @existing_user.password_confirmation = '' + assert !@existing_user.valid?(:update), 'user should be invalid' + assert_equal 1, @existing_user.errors.count + assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation] end - test "User should not be created with blank digest" do - assert_raise RuntimeError do - @user.run_callbacks :create - end - @user.password = "supersecretpassword" - assert_nothing_raised do - @user.run_callbacks :create - end + test "updating an existing user with validation and a nil password confirmation" do + @existing_user.password = 'password' + @existing_user.password_confirmation = nil + assert @existing_user.valid?(:update), 'user should be valid' end - test "Oauthed user can be created with blank digest" do - assert_nothing_raised do - @oauthed_user.run_callbacks :create - end + test "updating an existing user with validation and an incorrect password confirmation" do + @existing_user.password = 'password' + @existing_user.password_confirmation = 'something else' + assert !@existing_user.valid?(:update), 'user should be invalid' + assert_equal 1, @existing_user.errors.count + assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation] + end + + test "updating an existing user with validation and a correct password confirmation" do + @existing_user.password = 'password' + @existing_user.password_confirmation = 'something else' + assert !@existing_user.valid?(:update), 'user should be invalid' + assert_equal 1, @existing_user.errors.count + assert_equal ["doesn't match Password"], @existing_user.errors[:password_confirmation] + end + + test "updating an existing user with validation and a blank password digest" do + @existing_user.password_digest = '' + assert !@existing_user.valid?(:update), 'user should be invalid' + assert_equal 1, @existing_user.errors.count + assert_equal ["can't be blank"], @existing_user.errors[:password] + end + + test "updating an existing user with validation and a nil password digest" do + @existing_user.password_digest = nil + assert !@existing_user.valid?(:update), 'user should be invalid' + assert_equal 1, @existing_user.errors.count + assert_equal ["can't be blank"], @existing_user.errors[:password] + end + + test "setting a blank password should not change an existing password" do + @existing_user.password = '' + assert @existing_user.password_digest == 'password' + end + + test "setting a nil password should clear an existing password" do + @existing_user.password = nil + assert_equal nil, @existing_user.password_digest + end + + test "authenticate" do + @user.password = "secret" + + assert !@user.authenticate("wrong") + assert @user.authenticate("secret") end test "Password digest cost defaults to bcrypt default cost when min_cost is false" do @@ -95,24 +178,4 @@ class SecurePasswordTest < ActiveModel::TestCase @user.password = "secret" assert_equal BCrypt::Engine::MIN_COST, @user.password_digest.cost end - - test "blank password_confirmation does not result in a confirmation error" do - @user.password = "" - @user.password_confirmation = "" - assert @user.valid?(:update), "user should be valid" - end - - test "password_confirmation validations will not be triggered if password_confirmation is not sent" do - @user.password = "password" - assert @user.valid?(:create) - end - - test "will not save if confirmation is blank but password is not" do - @user.password = "password" - @user.password_confirmation = "" - assert_not @user.valid?(:create) - - @user.password_confirmation = "password" - assert @user.valid?(:create) - end end diff --git a/activemodel/test/models/oauthed_user.rb b/activemodel/test/models/oauthed_user.rb deleted file mode 100644 index 1bbb24a37b..0000000000 --- a/activemodel/test/models/oauthed_user.rb +++ /dev/null @@ -1,11 +0,0 @@ -class OauthedUser - extend ActiveModel::Callbacks - include ActiveModel::Validations - include ActiveModel::SecurePassword - - define_model_callbacks :create - - has_secure_password(validations: false) - - attr_accessor :password_digest -end -- cgit v1.2.3 From 98705d88cd8ec705b80a032f8c166072b4e6fffd Mon Sep 17 00:00:00 2001 From: Godfrey Chan Date: Fri, 24 Jan 2014 19:57:07 -0800 Subject: Some minor fixes --- activemodel/test/cases/secure_password_test.rb | 1 - 1 file changed, 1 deletion(-) (limited to 'activemodel/test') diff --git a/activemodel/test/cases/secure_password_test.rb b/activemodel/test/cases/secure_password_test.rb index 174d18ec8b..82fd291064 100644 --- a/activemodel/test/cases/secure_password_test.rb +++ b/activemodel/test/cases/secure_password_test.rb @@ -2,7 +2,6 @@ require 'cases/helper' require 'models/user' require 'models/visitor' -require 'active_support/all' class SecurePasswordTest < ActiveModel::TestCase setup do ActiveModel::SecurePassword.min_cost = true -- cgit v1.2.3