authlogic 3.4.3 → 3.4.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +1 -0
- data/README.rdoc +13 -2
- data/authlogic.gemspec +1 -1
- data/lib/authlogic.rb +1 -0
- data/lib/authlogic/acts_as_authentic/base.rb +2 -13
- data/lib/authlogic/config.rb +23 -0
- data/lib/authlogic/session/active_record_trickery.rb +10 -22
- data/lib/authlogic/session/cookies.rb +3 -3
- data/lib/authlogic/session/foundation.rb +5 -23
- data/test/acts_as_authentic_test/base_test.rb +3 -3
- data/test/acts_as_authentic_test/email_test.rb +6 -12
- data/test/acts_as_authentic_test/logged_in_status_test.rb +4 -1
- data/test/acts_as_authentic_test/password_test.rb +53 -59
- data/test/acts_as_authentic_test/persistence_token_test.rb +14 -13
- data/test/acts_as_authentic_test/restful_authentication_test.rb +5 -8
- data/test/config_test.rb +36 -0
- data/test/fixtures/users.yml +7 -2
- data/test/gemfiles/Gemfile.rails-4.2.x +7 -0
- data/test/libs/user.rb +4 -2
- data/test/libs/user_session.rb +20 -0
- data/test/session_test/active_record_trickery_test.rb +10 -4
- data/test/session_test/brute_force_protection_test.rb +18 -16
- data/test/session_test/callbacks_test.rb +5 -25
- data/test/session_test/foundation_test.rb +6 -0
- data/test/session_test/http_auth_test.rb +13 -11
- data/test/session_test/magic_columns_test.rb +27 -27
- data/test/session_test/password_test.rb +15 -15
- data/test/session_test/persistence_test.rb +8 -8
- data/test/test_helper.rb +33 -10
- metadata +54 -49
- data/test/libs/ordered_hash.rb +0 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 17095091ab5b4dcc1f590473c508b1399bc292a7
|
4
|
+
data.tar.gz: f5007fb710d07bb9c3ccc6b0739f6fdf991784de
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f135d071afd20fe21989436341ecf97eeefbbf4c7b53b06a958e5ada571a8a564cbb0b913f164950d2e4fa197bf5a2d4f505e61002fc44c92d8f07995692ad65
|
7
|
+
data.tar.gz: c1d77b76d9a8d781145a532bbfe43f48be0992990efc0d8b5689abc551072a8bf8c1661bfc93c91e837be6d7cef973946df7b8d443c9d9dc559d0ff9bda06319
|
data/.travis.yml
CHANGED
data/README.rdoc
CHANGED
@@ -49,8 +49,6 @@ You may specify how passwords are cryptographically hashed (or encrypted) by set
|
|
49
49
|
|
50
50
|
c.crypto_provider = Authlogic::CryptoProviders::BCrypt
|
51
51
|
|
52
|
-
NOTE: the default provider was changed from **Sha512** to **SCrypt** in version 3.4.0.
|
53
|
-
|
54
52
|
Also, sessions are automatically maintained. You can switch this on and off with configuration, but the following will automatically log a user in after a successful registration:
|
55
53
|
|
56
54
|
User.create(params[:user])
|
@@ -59,6 +57,19 @@ This also updates the session when the user changes his/her password.
|
|
59
57
|
|
60
58
|
Authlogic is very flexible, it has a strong public API and a plethora of hooks to allow you to modify behavior and extend it. Check out the helpful links below to dig deeper.
|
61
59
|
|
60
|
+
== Upgrading to Authlogic 3.4.0
|
61
|
+
|
62
|
+
In version 3.4.0, the default crypto_provider was changed from *Sha512* to *SCrypt*.
|
63
|
+
|
64
|
+
If you never set a crypto_provider and are upgrading, your passwords will break unless you set the original:
|
65
|
+
|
66
|
+
c.crypto_provider = Authlogic::CryptoProviders::Sha512
|
67
|
+
|
68
|
+
And if you want to automatically upgrade from *Sha512* to *SCrypt* as users login:
|
69
|
+
|
70
|
+
c.transition_from_crypto_providers = [Authlogic::CryptoProviders::Sha512]
|
71
|
+
c.crypto_provider = Authlogic::CryptoProviders::SCrypt
|
72
|
+
|
62
73
|
== Helpful links
|
63
74
|
|
64
75
|
* <b>Documentation:</b> http://rdoc.info/projects/binarylogic/authlogic
|
data/authlogic.gemspec
CHANGED
data/lib/authlogic.rb
CHANGED
@@ -4,9 +4,9 @@ module Authlogic
|
|
4
4
|
module Base
|
5
5
|
def self.included(klass)
|
6
6
|
klass.class_eval do
|
7
|
-
class_attribute :acts_as_authentic_modules
|
7
|
+
class_attribute :acts_as_authentic_modules
|
8
8
|
self.acts_as_authentic_modules ||= []
|
9
|
-
|
9
|
+
extend Authlogic::Config
|
10
10
|
extend Config
|
11
11
|
end
|
12
12
|
end
|
@@ -76,17 +76,6 @@ module Authlogic
|
|
76
76
|
end
|
77
77
|
end
|
78
78
|
|
79
|
-
def rw_config(key, value, default_value = nil, read_value = nil)
|
80
|
-
if value == read_value
|
81
|
-
acts_as_authentic_config.include?(key) ? acts_as_authentic_config[key] : default_value
|
82
|
-
else
|
83
|
-
config = acts_as_authentic_config.clone
|
84
|
-
config[key] = value
|
85
|
-
self.acts_as_authentic_config = config
|
86
|
-
value
|
87
|
-
end
|
88
|
-
end
|
89
|
-
|
90
79
|
def first_column_to_exist(*columns_to_check)
|
91
80
|
if db_setup?
|
92
81
|
columns_to_check.each { |column_name| return column_name.to_sym if column_names.include?(column_name.to_s) }
|
@@ -0,0 +1,23 @@
|
|
1
|
+
#encoding: utf-8
|
2
|
+
module Authlogic
|
3
|
+
module Config
|
4
|
+
def self.extended(klass)
|
5
|
+
klass.class_eval do
|
6
|
+
class_attribute :acts_as_authentic_config
|
7
|
+
self.acts_as_authentic_config ||= {}
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
private
|
12
|
+
# This is a one-liner method to write a config setting, read the config
|
13
|
+
# setting, and also set a default value for the setting.
|
14
|
+
def rw_config(key, value, default_value = nil)
|
15
|
+
if value.nil?
|
16
|
+
acts_as_authentic_config.include?(key) ? acts_as_authentic_config[key] : default_value
|
17
|
+
else
|
18
|
+
self.acts_as_authentic_config = acts_as_authentic_config.merge(key => value)
|
19
|
+
value
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -6,21 +6,21 @@ module Authlogic
|
|
6
6
|
# advantage of the many ActiveRecord tools.
|
7
7
|
module ActiveRecordTrickery
|
8
8
|
def self.included(klass)
|
9
|
+
klass.extend ActiveModel::Naming
|
10
|
+
klass.extend ActiveModel::Translation
|
11
|
+
|
12
|
+
# Support ActiveModel::Name#name for Rails versions before 4.0.
|
13
|
+
if !klass.model_name.respond_to?(:name)
|
14
|
+
ActiveModel::Name.module_eval do
|
15
|
+
alias_method :name, :to_s
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
9
19
|
klass.extend ClassMethods
|
10
20
|
klass.send(:include, InstanceMethods)
|
11
21
|
end
|
12
22
|
|
13
23
|
module ClassMethods
|
14
|
-
# How to name the attributes of Authlogic, works JUST LIKE ActiveRecord, but instead it uses the following
|
15
|
-
# namespace:
|
16
|
-
#
|
17
|
-
# authlogic.attributes.user_session.login
|
18
|
-
def human_attribute_name(attribute_key_name, options = {})
|
19
|
-
options[:count] ||= 1
|
20
|
-
options[:default] ||= attribute_key_name.to_s.humanize
|
21
|
-
I18n.t("attributes.#{name.underscore}.#{attribute_key_name}", options)
|
22
|
-
end
|
23
|
-
|
24
24
|
# How to name the class, works JUST LIKE ActiveRecord, except it uses the following namespace:
|
25
25
|
#
|
26
26
|
# authlogic.models.user_session
|
@@ -28,22 +28,10 @@ module Authlogic
|
|
28
28
|
I18n.t("models.#{name.underscore}", {:count => 1, :default => name.humanize})
|
29
29
|
end
|
30
30
|
|
31
|
-
# For rails >= 3.0
|
32
|
-
def model_name
|
33
|
-
if defined?(::ActiveModel)
|
34
|
-
::ActiveModel::Name.new(self)
|
35
|
-
else
|
36
|
-
::ActiveSupport::ModelName.new(self.to_s)
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
31
|
def i18n_scope
|
41
32
|
I18n.scope
|
42
33
|
end
|
43
34
|
|
44
|
-
def lookup_ancestors
|
45
|
-
ancestors.select { |x| x.respond_to?(:model_name) }
|
46
|
-
end
|
47
35
|
end
|
48
36
|
|
49
37
|
module InstanceMethods
|
@@ -43,8 +43,8 @@ module Authlogic
|
|
43
43
|
#
|
44
44
|
# * <tt>Default:</tt> 3.months
|
45
45
|
# * <tt>Accepts:</tt> Integer, length of time in seconds, such as 60 or 3.months
|
46
|
-
def remember_me_for(value =
|
47
|
-
rw_config(:remember_me_for, value, 3.months
|
46
|
+
def remember_me_for(value = nil)
|
47
|
+
rw_config(:remember_me_for, value, 3.months)
|
48
48
|
end
|
49
49
|
alias_method :remember_me_for=, :remember_me_for
|
50
50
|
|
@@ -206,7 +206,7 @@ module Authlogic
|
|
206
206
|
controller.cookies[cookie_key] = generate_cookie_for_saving
|
207
207
|
end
|
208
208
|
end
|
209
|
-
|
209
|
+
|
210
210
|
def generate_cookie_for_saving
|
211
211
|
remember_me_until_value = "::#{remember_me_until.iso8601}" if remember_me?
|
212
212
|
{
|
@@ -6,34 +6,16 @@ module Authlogic
|
|
6
6
|
module Foundation
|
7
7
|
def self.included(klass)
|
8
8
|
klass.class_eval do
|
9
|
-
|
10
|
-
self.acts_as_authentic_config ||= {}
|
11
|
-
|
12
|
-
extend ClassMethods
|
9
|
+
extend Authlogic::Config
|
13
10
|
include InstanceMethods
|
14
11
|
end
|
15
12
|
end
|
16
|
-
|
17
|
-
module ClassMethods
|
18
|
-
private
|
19
|
-
def rw_config(key, value, default_value = nil, read_value = nil)
|
20
|
-
if value == read_value
|
21
|
-
return acts_as_authentic_config[key] if acts_as_authentic_config.include?(key)
|
22
|
-
rw_config(key, default_value) unless default_value.nil?
|
23
|
-
else
|
24
|
-
config = acts_as_authentic_config.clone
|
25
|
-
config[key] = value
|
26
|
-
self.acts_as_authentic_config = config
|
27
|
-
value
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
13
|
+
|
32
14
|
module InstanceMethods
|
33
15
|
def initialize(*args)
|
34
16
|
self.credentials = args
|
35
17
|
end
|
36
|
-
|
18
|
+
|
37
19
|
# The credentials you passed to create your session. See credentials= for more info.
|
38
20
|
def credentials
|
39
21
|
[]
|
@@ -54,11 +36,11 @@ module Authlogic
|
|
54
36
|
# session.credentials = [my_user_object, true, :my_id]
|
55
37
|
def credentials=(values)
|
56
38
|
end
|
57
|
-
|
39
|
+
|
58
40
|
def inspect
|
59
41
|
"#<#{self.class.name}: #{credentials.blank? ? "no credentials provided" : credentials.inspect}>"
|
60
42
|
end
|
61
|
-
|
43
|
+
|
62
44
|
private
|
63
45
|
def build_key(last_part)
|
64
46
|
last_part
|
@@ -8,13 +8,13 @@ module ActsAsAuthenticTest
|
|
8
8
|
end
|
9
9
|
end
|
10
10
|
end
|
11
|
-
|
11
|
+
|
12
12
|
def test_acts_as_authentic_with_old_config
|
13
13
|
assert_raise(ArgumentError) do
|
14
14
|
User.acts_as_authentic({})
|
15
15
|
end
|
16
16
|
end
|
17
|
-
|
17
|
+
|
18
18
|
def test_acts_as_authentic_with_no_table
|
19
19
|
klass = Class.new(ActiveRecord::Base)
|
20
20
|
assert_nothing_raised do
|
@@ -22,4 +22,4 @@ module ActsAsAuthenticTest
|
|
22
22
|
end
|
23
23
|
end
|
24
24
|
end
|
25
|
-
end
|
25
|
+
end
|
@@ -38,13 +38,13 @@ module ActsAsAuthenticTest
|
|
38
38
|
|
39
39
|
options = User.validates_format_of_email_field_options
|
40
40
|
message = options.delete(:message)
|
41
|
-
assert message.kind_of?(Proc)
|
41
|
+
assert message.kind_of?(Proc)
|
42
42
|
assert_equal dmessage, message.call
|
43
43
|
assert_equal default, options
|
44
44
|
|
45
45
|
options = Employee.validates_format_of_email_field_options
|
46
46
|
message = options.delete(:message)
|
47
|
-
assert message.kind_of?(Proc)
|
47
|
+
assert message.kind_of?(Proc)
|
48
48
|
assert_equal dmessage, message.call
|
49
49
|
assert_equal default, options
|
50
50
|
|
@@ -56,15 +56,12 @@ module ActsAsAuthenticTest
|
|
56
56
|
end
|
57
57
|
|
58
58
|
def test_deferred_error_message_translation
|
59
|
-
|
60
59
|
# ensure we successfully loaded the test locale
|
61
60
|
assert I18n.available_locales.include?(:lol), "Test locale failed to load"
|
62
61
|
|
63
|
-
|
64
|
-
|
65
|
-
message = I18n.t("authlogic.error_messages.email_invalid")
|
62
|
+
I18n.with_locale('lol') do
|
63
|
+
message = I18n.t("authlogic.error_messages.email_invalid")
|
66
64
|
|
67
|
-
begin
|
68
65
|
cat = User.new
|
69
66
|
cat.email = 'meow'
|
70
67
|
cat.valid?
|
@@ -74,9 +71,6 @@ module ActsAsAuthenticTest
|
|
74
71
|
error = error.first if error.is_a?(Array)
|
75
72
|
|
76
73
|
assert_equal message, error
|
77
|
-
|
78
|
-
ensure
|
79
|
-
I18n.locale = original_locale
|
80
74
|
end
|
81
75
|
end
|
82
76
|
|
@@ -122,7 +116,7 @@ module ActsAsAuthenticTest
|
|
122
116
|
u.email = "dakota.d'ux@gmail.com"
|
123
117
|
u.valid?
|
124
118
|
assert u.errors[:email].size == 0
|
125
|
-
|
119
|
+
|
126
120
|
u.email = "<script>alert(123);</script>\nnobody@example.com"
|
127
121
|
assert !u.valid?
|
128
122
|
assert u.errors[:email].size > 0
|
@@ -143,4 +137,4 @@ module ActsAsAuthenticTest
|
|
143
137
|
assert u.errors[:email].size == 0
|
144
138
|
end
|
145
139
|
end
|
146
|
-
end
|
140
|
+
end
|
@@ -19,7 +19,10 @@ module ActsAsAuthenticTest
|
|
19
19
|
# slightly different. This is an attempt to make sure the scope is lambda wrapped
|
20
20
|
# so that it is re-evaluated every time its called. My biggest concern is that the
|
21
21
|
# test happens so fast that the test fails... I just don't know a better way to test it!
|
22
|
-
|
22
|
+
query1 = User.logged_in.where_values
|
23
|
+
sleep 0.1
|
24
|
+
query2 = User.logged_in.where_values
|
25
|
+
assert query1 != query2, ERROR_MSG % '#logged_in'
|
23
26
|
|
24
27
|
assert_equal 0, User.logged_in.count
|
25
28
|
user = User.first
|
@@ -5,33 +5,33 @@ module ActsAsAuthenticTest
|
|
5
5
|
def test_crypted_password_field_config
|
6
6
|
assert_equal :crypted_password, User.crypted_password_field
|
7
7
|
assert_equal :crypted_password, Employee.crypted_password_field
|
8
|
-
|
8
|
+
|
9
9
|
User.crypted_password_field = :nope
|
10
10
|
assert_equal :nope, User.crypted_password_field
|
11
11
|
User.crypted_password_field :crypted_password
|
12
12
|
assert_equal :crypted_password, User.crypted_password_field
|
13
13
|
end
|
14
|
-
|
14
|
+
|
15
15
|
def test_password_salt_field_config
|
16
16
|
assert_equal :password_salt, User.password_salt_field
|
17
17
|
assert_equal :password_salt, Employee.password_salt_field
|
18
|
-
|
18
|
+
|
19
19
|
User.password_salt_field = :nope
|
20
20
|
assert_equal :nope, User.password_salt_field
|
21
21
|
User.password_salt_field :password_salt
|
22
22
|
assert_equal :password_salt, User.password_salt_field
|
23
23
|
end
|
24
|
-
|
24
|
+
|
25
25
|
def test_ignore_blank_passwords_config
|
26
26
|
assert User.ignore_blank_passwords
|
27
27
|
assert Employee.ignore_blank_passwords
|
28
|
-
|
28
|
+
|
29
29
|
User.ignore_blank_passwords = false
|
30
30
|
assert !User.ignore_blank_passwords
|
31
31
|
User.ignore_blank_passwords true
|
32
32
|
assert User.ignore_blank_passwords
|
33
33
|
end
|
34
|
-
|
34
|
+
|
35
35
|
def test_check_passwords_against_database
|
36
36
|
assert User.check_passwords_against_database
|
37
37
|
User.check_passwords_against_database = false
|
@@ -39,125 +39,118 @@ module ActsAsAuthenticTest
|
|
39
39
|
User.check_passwords_against_database true
|
40
40
|
assert User.check_passwords_against_database
|
41
41
|
end
|
42
|
-
|
42
|
+
|
43
43
|
def test_validate_password_field_config
|
44
44
|
assert User.validate_password_field
|
45
45
|
assert Employee.validate_password_field
|
46
|
-
|
46
|
+
|
47
47
|
User.validate_password_field = false
|
48
48
|
assert !User.validate_password_field
|
49
49
|
User.validate_password_field true
|
50
50
|
assert User.validate_password_field
|
51
51
|
end
|
52
|
-
|
52
|
+
|
53
53
|
def test_validates_length_of_password_field_options_config
|
54
54
|
default = {:minimum => 4, :if => :require_password?}
|
55
55
|
assert_equal default, User.validates_length_of_password_field_options
|
56
56
|
assert_equal default, Employee.validates_length_of_password_field_options
|
57
|
-
|
57
|
+
|
58
58
|
User.validates_length_of_password_field_options = {:yes => "no"}
|
59
59
|
assert_equal({:yes => "no"}, User.validates_length_of_password_field_options)
|
60
60
|
User.validates_length_of_password_field_options default
|
61
61
|
assert_equal default, User.validates_length_of_password_field_options
|
62
62
|
end
|
63
|
-
|
63
|
+
|
64
64
|
def test_validates_confirmation_of_password_field_options_config
|
65
65
|
default = {:if => :require_password?}
|
66
66
|
assert_equal default, User.validates_confirmation_of_password_field_options
|
67
67
|
assert_equal default, Employee.validates_confirmation_of_password_field_options
|
68
|
-
|
68
|
+
|
69
69
|
User.validates_confirmation_of_password_field_options = {:yes => "no"}
|
70
70
|
assert_equal({:yes => "no"}, User.validates_confirmation_of_password_field_options)
|
71
71
|
User.validates_confirmation_of_password_field_options default
|
72
72
|
assert_equal default, User.validates_confirmation_of_password_field_options
|
73
73
|
end
|
74
|
-
|
74
|
+
|
75
75
|
def test_validates_length_of_password_confirmation_field_options_config
|
76
76
|
default = {:minimum => 4, :if => :require_password?}
|
77
77
|
assert_equal default, User.validates_length_of_password_confirmation_field_options
|
78
78
|
assert_equal default, Employee.validates_length_of_password_confirmation_field_options
|
79
|
-
|
79
|
+
|
80
80
|
User.validates_length_of_password_confirmation_field_options = {:yes => "no"}
|
81
81
|
assert_equal({:yes => "no"}, User.validates_length_of_password_confirmation_field_options)
|
82
82
|
User.validates_length_of_password_confirmation_field_options default
|
83
83
|
assert_equal default, User.validates_length_of_password_confirmation_field_options
|
84
84
|
end
|
85
|
-
|
85
|
+
|
86
86
|
def test_crypto_provider_config
|
87
87
|
assert_equal Authlogic::CryptoProviders::SCrypt, User.crypto_provider
|
88
88
|
assert_equal Authlogic::CryptoProviders::AES256, Employee.crypto_provider
|
89
|
-
|
89
|
+
|
90
90
|
User.crypto_provider = Authlogic::CryptoProviders::BCrypt
|
91
91
|
assert_equal Authlogic::CryptoProviders::BCrypt, User.crypto_provider
|
92
92
|
User.crypto_provider Authlogic::CryptoProviders::Sha512
|
93
93
|
assert_equal Authlogic::CryptoProviders::Sha512, User.crypto_provider
|
94
94
|
end
|
95
|
-
|
95
|
+
|
96
96
|
def test_transition_from_crypto_providers_config
|
97
|
-
assert_equal [], User.transition_from_crypto_providers
|
97
|
+
assert_equal [Authlogic::CryptoProviders::Sha512], User.transition_from_crypto_providers
|
98
98
|
assert_equal [], Employee.transition_from_crypto_providers
|
99
|
-
|
99
|
+
|
100
100
|
User.transition_from_crypto_providers = [Authlogic::CryptoProviders::BCrypt]
|
101
101
|
assert_equal [Authlogic::CryptoProviders::BCrypt], User.transition_from_crypto_providers
|
102
102
|
User.transition_from_crypto_providers []
|
103
103
|
assert_equal [], User.transition_from_crypto_providers
|
104
104
|
end
|
105
|
-
|
105
|
+
|
106
106
|
def test_validates_length_of_password
|
107
|
-
u = User.new
|
108
|
-
u.
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
u.password = "test"
|
107
|
+
u = User.new(login: "abcde", email: "abcde@test.com", password: "abcde", password_confirmation: "abcde")
|
108
|
+
assert u.valid?
|
109
|
+
|
110
|
+
u.password = u.password_confirmation = "abc"
|
113
111
|
assert !u.valid?
|
114
112
|
|
115
|
-
|
116
|
-
|
117
|
-
else
|
118
|
-
assert u.errors[:password_confirmation].size == 0
|
119
|
-
end
|
113
|
+
assert u.errors[:password].include?("is too short (minimum is 4 characters)")
|
114
|
+
assert u.errors[:password_confirmation].include?("is too short (minimum is 4 characters)")
|
120
115
|
end
|
121
|
-
|
116
|
+
|
122
117
|
def test_validates_confirmation_of_password
|
123
|
-
u = User.new
|
124
|
-
u.
|
125
|
-
|
118
|
+
u = User.new(login: "abcde", email: "abcde@test.com", password: "abcde", password_confirmation: "abcde")
|
119
|
+
assert u.valid?
|
120
|
+
|
121
|
+
u.password_confirmation = "abcdefgh"
|
126
122
|
assert !u.valid?
|
127
|
-
|
123
|
+
|
128
124
|
if ActiveModel.respond_to?(:version) and ActiveModel.version.segments.first >= 4
|
129
|
-
assert u.errors[:password_confirmation].
|
125
|
+
assert u.errors[:password_confirmation].include?("doesn't match Password")
|
130
126
|
else
|
131
|
-
assert u.errors[:password].
|
127
|
+
assert u.errors[:password].include?("doesn't match confirmation")
|
132
128
|
end
|
133
|
-
u.password_confirmation = "test"
|
134
|
-
assert !u.valid?
|
135
|
-
assert u.errors[:password].size == 0
|
136
129
|
end
|
137
|
-
|
130
|
+
|
138
131
|
def test_validates_length_of_password_confirmation
|
139
132
|
u = User.new
|
140
|
-
|
133
|
+
|
141
134
|
u.password = "test"
|
142
135
|
u.password_confirmation = ""
|
143
136
|
assert !u.valid?
|
144
137
|
assert u.errors[:password_confirmation].size > 0
|
145
|
-
|
138
|
+
|
146
139
|
u.password_confirmation = "test"
|
147
140
|
assert !u.valid?
|
148
141
|
assert u.errors[:password_confirmation].size == 0
|
149
|
-
|
142
|
+
|
150
143
|
ben = users(:ben)
|
151
144
|
assert ben.valid?
|
152
|
-
|
145
|
+
|
153
146
|
ben.password = "newpass"
|
154
147
|
assert !ben.valid?
|
155
148
|
assert ben.errors[:password_confirmation].size > 0
|
156
|
-
|
149
|
+
|
157
150
|
ben.password_confirmation = "newpass"
|
158
151
|
assert ben.valid?
|
159
152
|
end
|
160
|
-
|
153
|
+
|
161
154
|
def test_password
|
162
155
|
u = User.new
|
163
156
|
old_password_salt = u.password_salt
|
@@ -166,60 +159,61 @@ module ActsAsAuthenticTest
|
|
166
159
|
assert_not_equal old_password_salt, u.password_salt
|
167
160
|
assert_not_equal old_crypted_password, u.crypted_password
|
168
161
|
end
|
169
|
-
|
162
|
+
|
170
163
|
def test_transitioning_password
|
171
164
|
ben = users(:ben)
|
165
|
+
|
172
166
|
transition_password_to(Authlogic::CryptoProviders::BCrypt, ben)
|
173
167
|
transition_password_to(Authlogic::CryptoProviders::Sha1, ben, [Authlogic::CryptoProviders::Sha512, Authlogic::CryptoProviders::BCrypt])
|
174
168
|
transition_password_to(Authlogic::CryptoProviders::Sha512, ben, [Authlogic::CryptoProviders::Sha1, Authlogic::CryptoProviders::BCrypt])
|
175
169
|
end
|
176
|
-
|
170
|
+
|
177
171
|
def test_checks_password_against_database
|
178
172
|
ben = users(:aaron)
|
179
173
|
ben.password = "new pass"
|
180
174
|
assert !ben.valid_password?("new pass")
|
181
175
|
assert ben.valid_password?("aaronrocks")
|
182
176
|
end
|
183
|
-
|
177
|
+
|
184
178
|
def test_checks_password_against_database_and_always_fails_on_new_records
|
185
179
|
user = User.new
|
186
180
|
user.password = "new pass"
|
187
181
|
assert !user.valid_password?("new pass")
|
188
182
|
end
|
189
|
-
|
183
|
+
|
190
184
|
def test_checks_password_against_object
|
191
185
|
ben = users(:ben)
|
192
186
|
ben.password = "new pass"
|
193
187
|
assert ben.valid_password?("new pass", false)
|
194
188
|
assert !ben.valid_password?("benrocks", false)
|
195
189
|
end
|
196
|
-
|
190
|
+
|
197
191
|
def test_reset_password
|
198
192
|
ben = users(:ben)
|
199
193
|
old_crypted_password = ben.crypted_password
|
200
194
|
old_password_salt = ben.password_salt
|
201
|
-
|
195
|
+
|
202
196
|
# soft reset
|
203
197
|
ben.reset_password
|
204
198
|
assert_not_equal old_crypted_password, ben.crypted_password
|
205
199
|
assert_not_equal old_password_salt, ben.password_salt
|
206
|
-
|
200
|
+
|
207
201
|
# make sure it didn't go into the db
|
208
202
|
ben.reload
|
209
203
|
assert_equal old_crypted_password, ben.crypted_password
|
210
204
|
assert_equal old_password_salt, ben.password_salt
|
211
|
-
|
205
|
+
|
212
206
|
# hard reset
|
213
207
|
assert ben.reset_password!
|
214
208
|
assert_not_equal old_crypted_password, ben.crypted_password
|
215
209
|
assert_not_equal old_password_salt, ben.password_salt
|
216
|
-
|
210
|
+
|
217
211
|
# make sure it did go into the db
|
218
212
|
ben.reload
|
219
213
|
assert_not_equal old_crypted_password, ben.crypted_password
|
220
214
|
assert_not_equal old_password_salt, ben.password_salt
|
221
215
|
end
|
222
|
-
|
216
|
+
|
223
217
|
private
|
224
218
|
def transition_password_to(crypto_provider, records, from_crypto_providers = Authlogic::CryptoProviders::Sha512)
|
225
219
|
records = [records] unless records.is_a?(Array)
|
@@ -233,7 +227,7 @@ module ActsAsAuthenticTest
|
|
233
227
|
assert record.valid_password?(password_for(record))
|
234
228
|
assert_not_equal old_hash.to_s, record.crypted_password.to_s
|
235
229
|
assert_not_equal old_persistence_token.to_s, record.persistence_token.to_s
|
236
|
-
|
230
|
+
|
237
231
|
old_hash = record.crypted_password
|
238
232
|
old_persistence_token = record.persistence_token
|
239
233
|
assert record.valid_password?(password_for(record))
|