blob: 8650b0e495167888a68e82d61910c01d66abd152 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
require 'cases/helper'
require 'models/user'
require 'models/oauthed_user'
require 'models/visitor'
require 'models/administrator'
class SecurePasswordTest < ActiveModel::TestCase
setup do
@user = User.new
@visitor = Visitor.new
@oauthed_user = OauthedUser.new
end
test "blank password" do
@user.password = @visitor.password = ''
assert !@user.valid?(:create), 'user should be invalid'
assert @visitor.valid?(:create), 'visitor should be valid'
end
test "nil password" do
@user.password = @visitor.password = nil
assert !@user.valid?(:create), 'user should be invalid'
assert @visitor.valid?(:create), 'visitor should be valid'
end
test "blank password doesn't override previous password" do
@user.password = 'test'
@user.password = ''
assert_equal @user.password, 'test'
end
test "password must be present" do
assert !@user.valid?(:create)
assert_equal 1, @user.errors.size
end
test "match confirmation" do
@user.password = @visitor.password = "thiswillberight"
@user.password_confirmation = @visitor.password_confirmation = "wrong"
assert !@user.valid?
assert @visitor.valid?
@user.password_confirmation = "thiswillberight"
assert @user.valid?
end
test "authenticate" do
@user.password = "secret"
assert !@user.authenticate("wrong")
assert @user.authenticate("secret")
end
test "visitor#password_digest should be protected against mass assignment" do
assert Visitor.active_authorizers[:default].kind_of?(ActiveModel::MassAssignmentSecurity::BlackList)
assert Visitor.active_authorizers[:default].include?(:password_digest)
end
test "Administrator's mass_assignment_authorizer should be WhiteList" do
active_authorizer = Administrator.active_authorizers[:default]
assert active_authorizer.kind_of?(ActiveModel::MassAssignmentSecurity::WhiteList)
assert !active_authorizer.include?(:password_digest)
assert active_authorizer.include?(:name)
end
test "User should not be created with blank digest" do
assert_raise RuntimeError do
@user.run_callbacks :create
end
@user.password = "supersecretpassword"
assert_nothing_raised do
@user.run_callbacks :create
end
end
test "Oauthed user can be created with blank digest" do
assert_nothing_raised do
@oauthed_user.run_callbacks :create
end
end
end
|