devise-security 0.16.0 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (80) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +4 -2
  3. data/app/controllers/devise/paranoid_verification_code_controller.rb +13 -1
  4. data/app/controllers/devise/password_expired_controller.rb +14 -1
  5. data/config/locales/bg.yml +41 -0
  6. data/config/locales/de.yml +2 -0
  7. data/config/locales/en.yml +2 -1
  8. data/lib/devise-security/models/database_authenticatable_patch.rb +15 -5
  9. data/lib/devise-security/models/password_archivable.rb +2 -2
  10. data/lib/devise-security/models/secure_validatable.rb +51 -15
  11. data/lib/devise-security/validators/password_complexity_validator.rb +53 -26
  12. data/lib/devise-security/version.rb +1 -1
  13. data/lib/devise-security.rb +7 -2
  14. data/lib/generators/templates/devise_security.rb +3 -1
  15. data/test/controllers/test_paranoid_verification_code_controller.rb +68 -0
  16. data/test/controllers/test_password_expired_controller.rb +38 -0
  17. data/test/dummy/app/controllers/overrides/paranoid_verification_code_controller.rb +7 -0
  18. data/test/dummy/app/controllers/overrides/password_expired_controller.rb +7 -0
  19. data/test/dummy/app/controllers/widgets_controller.rb +3 -0
  20. data/test/dummy/app/models/application_user_record.rb +2 -1
  21. data/test/dummy/app/models/mongoid/confirmable_fields.rb +2 -0
  22. data/test/dummy/app/models/mongoid/database_authenticable_fields.rb +4 -3
  23. data/test/dummy/app/models/mongoid/expirable_fields.rb +2 -0
  24. data/test/dummy/app/models/mongoid/lockable_fields.rb +2 -0
  25. data/test/dummy/app/models/mongoid/mappings.rb +4 -2
  26. data/test/dummy/app/models/mongoid/omniauthable_fields.rb +2 -0
  27. data/test/dummy/app/models/mongoid/paranoid_verification_fields.rb +2 -0
  28. data/test/dummy/app/models/mongoid/password_archivable_fields.rb +2 -0
  29. data/test/dummy/app/models/mongoid/password_expirable_fields.rb +2 -0
  30. data/test/dummy/app/models/mongoid/recoverable_fields.rb +2 -0
  31. data/test/dummy/app/models/mongoid/registerable_fields.rb +4 -2
  32. data/test/dummy/app/models/mongoid/rememberable_fields.rb +2 -0
  33. data/test/dummy/app/models/mongoid/secure_validatable_fields.rb +2 -0
  34. data/test/dummy/app/models/mongoid/security_questionable_fields.rb +2 -0
  35. data/test/dummy/app/models/mongoid/session_limitable_fields.rb +2 -0
  36. data/test/dummy/app/models/mongoid/timeoutable_fields.rb +2 -0
  37. data/test/dummy/app/models/mongoid/trackable_fields.rb +2 -0
  38. data/test/dummy/app/models/mongoid/validatable_fields.rb +2 -0
  39. data/test/dummy/app/models/paranoid_verification_user.rb +26 -0
  40. data/test/dummy/app/models/password_expired_user.rb +26 -0
  41. data/test/dummy/app/models/user.rb +1 -2
  42. data/test/dummy/app/models/widget.rb +1 -3
  43. data/test/dummy/app/mongoid/one_user.rb +5 -5
  44. data/test/dummy/app/mongoid/user_on_engine.rb +2 -2
  45. data/test/dummy/app/mongoid/user_on_main_app.rb +2 -2
  46. data/test/dummy/app/mongoid/user_with_validations.rb +3 -3
  47. data/test/dummy/app/mongoid/user_without_email.rb +3 -3
  48. data/test/dummy/config/application.rb +4 -4
  49. data/test/dummy/config/boot.rb +1 -1
  50. data/test/dummy/config/environment.rb +1 -1
  51. data/test/dummy/config/locales/en.yml +10 -0
  52. data/test/dummy/config/routes.rb +2 -0
  53. data/test/dummy/db/migrate/20120508165529_create_tables.rb +3 -3
  54. data/test/dummy/lib/shared_expirable_columns.rb +1 -0
  55. data/test/dummy/lib/shared_security_questions_fields.rb +1 -0
  56. data/test/dummy/lib/shared_user.rb +17 -6
  57. data/test/dummy/lib/shared_user_without_email.rb +2 -1
  58. data/test/dummy/lib/shared_user_without_omniauth.rb +12 -3
  59. data/test/dummy/lib/shared_verification_fields.rb +1 -0
  60. data/test/dummy/log/development.log +0 -883
  61. data/test/dummy/log/test.log +95414 -15570
  62. data/test/integration/test_session_limitable_workflow.rb +2 -0
  63. data/test/orm/active_record.rb +7 -7
  64. data/test/test_compatibility.rb +2 -0
  65. data/test/test_complexity_validator.rb +246 -37
  66. data/test/test_database_authenticatable_patch.rb +146 -0
  67. data/test/test_helper.rb +7 -8
  68. data/test/test_install_generator.rb +1 -1
  69. data/test/test_paranoid_verification.rb +0 -1
  70. data/test/test_password_archivable.rb +34 -11
  71. data/test/test_password_expirable.rb +26 -26
  72. data/test/test_secure_validatable.rb +273 -107
  73. data/test/test_secure_validatable_overrides.rb +185 -0
  74. data/test/test_session_limitable.rb +2 -2
  75. data/test/tmp/config/initializers/{devise-security.rb → devise_security.rb} +3 -1
  76. data/test/tmp/config/locales/devise.security_extension.de.yml +2 -0
  77. data/test/tmp/config/locales/devise.security_extension.en.yml +2 -1
  78. data/test/tmp/config/locales/devise.security_extension.hi.yml +20 -20
  79. metadata +42 -19
  80. data/test/dummy/app/models/secure_user.rb +0 -9
@@ -14,59 +14,59 @@ class TestPasswordArchivable < ActiveSupport::TestCase
14
14
  test 'does nothing if disabled' do
15
15
  Devise.expire_password_after = false
16
16
  user = User.create email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
17
- refute user.need_change_password?
18
- refute user.password_expired?
17
+ assert_not user.need_change_password?
18
+ assert_not user.password_expired?
19
19
  user.need_change_password!
20
- refute user.need_change_password?
21
- refute user.password_expired?
20
+ assert_not user.need_change_password?
21
+ assert_not user.password_expired?
22
22
  end
23
23
 
24
24
  test 'password change can be requested' do
25
25
  Devise.expire_password_after = true
26
26
  user = User.create email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
27
- refute user.need_change_password?
28
- refute user.password_expired?
29
- refute user.password_change_requested?
27
+ assert_not user.need_change_password?
28
+ assert_not user.password_expired?
29
+ assert_not user.password_change_requested?
30
30
  user.need_change_password!
31
31
  assert user.need_change_password?
32
- refute user.password_expired? # it's not too old because it's not set at all
32
+ assert_not user.password_expired? # it's not too old because it's not set at all
33
33
  assert user.password_change_requested?
34
34
  end
35
35
 
36
36
  test 'password expires' do
37
37
  user = User.create email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
38
- refute user.need_change_password?
39
- refute user.password_expired?
40
- refute user.password_too_old?
41
- user.update(password_changed_at: Time.now.ago(3.months))
38
+ assert_not user.need_change_password?
39
+ assert_not user.password_expired?
40
+ assert_not user.password_too_old?
41
+ user.update(password_changed_at: Time.zone.now.ago(3.months))
42
42
  assert user.password_too_old?
43
43
  assert user.need_change_password?
44
44
  assert user.password_expired?
45
- refute user.password_change_requested?
45
+ assert_not user.password_change_requested?
46
46
  end
47
47
 
48
48
  test 'saving a record records the time the password was changed' do
49
49
  user = User.new email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
50
50
  assert user.password_changed_at.nil?
51
- refute user.password_change_requested?
52
- refute user.password_expired?
51
+ assert_not user.password_change_requested?
52
+ assert_not user.password_expired?
53
53
  user.save
54
54
  assert user.password_changed_at.present?
55
- refute user.password_change_requested?
56
- refute user.password_expired?
55
+ assert_not user.password_change_requested?
56
+ assert_not user.password_expired?
57
57
  end
58
58
 
59
59
  test 'updating a record updates the time the password was changed if the password is changed' do
60
60
  user = User.create email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
61
- user.update(password_changed_at: Time.now.ago(3.months))
61
+ user.update(password_changed_at: Time.zone.now.ago(3.months))
62
62
  original_password_changed_at = user.password_changed_at
63
63
  user.expire_password!
64
64
  assert user.password_change_requested?
65
- user.password = "NewPassword1"
66
- user.password_confirmation = "NewPassword1"
65
+ user.password = 'NewPassword1'
66
+ user.password_confirmation = 'NewPassword1'
67
67
  user.save
68
68
  assert user.password_changed_at > original_password_changed_at
69
- refute user.password_change_requested?
69
+ assert_not user.password_change_requested?
70
70
  end
71
71
 
72
72
  test 'updating a record does not updates the time the password was changed if the password was not changed' do
@@ -74,7 +74,7 @@ class TestPasswordArchivable < ActiveSupport::TestCase
74
74
  user.expire_password!
75
75
  assert user.password_change_requested?
76
76
  user.save
77
- refute user.previous_changes.key?(:password_changed_at)
77
+ assert_not user.previous_changes.key?(:password_changed_at)
78
78
  assert user.password_change_requested?
79
79
  end
80
80
 
@@ -85,10 +85,10 @@ class TestPasswordArchivable < ActiveSupport::TestCase
85
85
  4.months
86
86
  end
87
87
  end
88
- user.password_changed_at = Time.now.ago(3.months)
89
- refute user.need_change_password?
90
- refute user.password_expired?
91
- user.password_changed_at = Time.now.ago(5.months)
88
+ user.password_changed_at = Time.zone.now.ago(3.months)
89
+ assert_not user.need_change_password?
90
+ assert_not user.password_expired?
91
+ user.password_changed_at = Time.zone.now.ago(5.months)
92
92
  assert user.need_change_password?
93
93
  assert user.password_expired?
94
94
  end
@@ -1,161 +1,327 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'test_helper'
4
- require 'rails_email_validator'
5
4
 
6
5
  class TestSecureValidatable < ActiveSupport::TestCase
7
6
  class User < ApplicationRecord
8
- devise :database_authenticatable, :password_archivable,
9
- :paranoid_verification, :password_expirable, :secure_validatable
7
+ devise :database_authenticatable, :secure_validatable
10
8
  include ::Mongoid::Mappings if DEVISE_ORM == :mongoid
11
9
  end
12
10
 
13
- test 'email cannot be blank' do
14
- msg = "Email can't be blank"
15
- user = User.create password: 'passWord1', password_confirmation: 'passWord1'
11
+ class EmailNotRequiredUser < User
12
+ protected
16
13
 
17
- assert_equal(false, user.valid?)
18
- assert_equal([msg], user.errors.full_messages)
19
- assert_raises(ORMInvalidRecordException) do
20
- user.save!
14
+ def email_required?
15
+ false
21
16
  end
22
17
  end
23
18
 
19
+ test 'email cannot be blank upon creation' do
20
+ user = User.new(
21
+ password: 'Password1!', password_confirmation: 'Password1!'
22
+ )
23
+
24
+ assert user.invalid?
25
+ assert_equal(["Email can't be blank"], user.errors.full_messages)
26
+ end
27
+
28
+ test 'email can be blank upon creation if email not required' do
29
+ user = EmailNotRequiredUser.new(
30
+ password: 'Password1!', password_confirmation: 'Password1!'
31
+ )
32
+
33
+ assert user.valid?
34
+ end
35
+
36
+ test 'email cannot be updated to be blank' do
37
+ user = User.new(
38
+ email: 'bob@microsoft.com',
39
+ password: 'Password1!',
40
+ password_confirmation: 'Password1!'
41
+ )
42
+
43
+ assert user.valid?
44
+
45
+ user.email = nil
46
+
47
+ assert user.invalid?
48
+ assert_equal(["Email can't be blank"], user.errors.full_messages)
49
+ end
50
+
51
+ test 'email can be updated to be blank if email not required' do
52
+ user = EmailNotRequiredUser.new(
53
+ email: 'bob@microsoft.com',
54
+ password: 'Password1!',
55
+ password_confirmation: 'Password1!'
56
+ )
57
+
58
+ assert user.valid?
59
+
60
+ user.email = nil
61
+
62
+ assert user.valid?
63
+ end
64
+
24
65
  test 'email must be valid' do
25
- msg = 'Email is invalid'
26
- user = User.create email: 'bob', password: 'passWord1', password_confirmation: 'passWord1'
27
- assert_equal(false, user.valid?)
28
- assert_equal([msg], user.errors.full_messages)
29
- assert_raises(ORMInvalidRecordException) do
30
- user.save!
31
- end
66
+ user = User.new(
67
+ email: 'bob', password: 'Password1!', password_confirmation: 'Password1!'
68
+ )
69
+
70
+ assert user.invalid?
71
+ assert_equal(['Email is invalid'], user.errors.full_messages)
32
72
  end
33
73
 
34
74
  test 'validate both email and password' do
35
- msgs = ['Email is invalid', 'Password must contain at least one upper-case letter']
36
- user = User.create email: 'bob@@foo.tv', password: 'password1', password_confirmation: 'password1'
37
- assert_equal(false, user.valid?)
75
+ user = User.new(
76
+ email: 'bob',
77
+ password: 'password1!',
78
+ password_confirmation: 'password1!'
79
+ )
80
+
81
+ assert user.invalid?
82
+ assert_equal(
83
+ [
84
+ 'Email is invalid',
85
+ 'Password must contain at least one upper-case letter'
86
+ ],
87
+ user.errors.full_messages
88
+ )
89
+ end
90
+
91
+ test 'password cannot be blank upon creation' do
92
+ user = User.new(email: 'bob@microsoft.com')
93
+
94
+ msgs = ["Password can't be blank"]
95
+
96
+ msgs << "Encrypted password can't be blank" if DEVISE_ORM == :mongoid
97
+
98
+ assert user.invalid?
38
99
  assert_equal(msgs, user.errors.full_messages)
39
- assert_raises(ORMInvalidRecordException) { user.save! }
100
+ end
101
+
102
+ test 'password cannot be updated to be blank' do
103
+ user = User.new(
104
+ email: 'bob@microsoft.com',
105
+ password: 'Password1!',
106
+ password_confirmation: 'Password1!'
107
+ )
108
+
109
+ assert user.valid?
110
+
111
+ user.password = nil
112
+ user.password_confirmation = nil
113
+
114
+ assert user.invalid?
115
+ assert_equal(["Password can't be blank"],user.errors.full_messages)
116
+ end
117
+
118
+ test 'password_confirmation must match password' do
119
+ user = User.new(
120
+ email: 'bob@microsoft.com',
121
+ password: 'Password1!',
122
+ password_confirmation: 'not the same password'
123
+ )
124
+
125
+ assert user.invalid?
126
+ assert_equal(
127
+ ["Password confirmation doesn't match Password"],
128
+ user.errors.full_messages
129
+ )
130
+ end
131
+
132
+ test 'password_confirmation cannot be blank' do
133
+ user = User.new(
134
+ email: 'bob@microsoft.com',
135
+ password: 'Password1!',
136
+ password_confirmation: ''
137
+ )
138
+
139
+ assert user.invalid?
140
+ assert_equal(
141
+ ["Password confirmation doesn't match Password"],
142
+ user.errors.full_messages
143
+ )
144
+ end
145
+
146
+ test 'password_confirmation can be skipped' do
147
+ user = User.new(
148
+ email: 'bob@microsoft.com',
149
+ password: 'Password1!',
150
+ password_confirmation: nil
151
+ )
152
+
153
+ assert user.valid?
40
154
  end
41
155
 
42
156
  test 'password must have capital letter' do
43
- msgs = ['Password must contain at least one upper-case letter']
44
- user = User.create email: 'bob@microsoft.com', password: 'password1', password_confirmation: 'password1'
45
- assert_equal(false, user.valid?)
46
- assert_equal(msgs, user.errors.full_messages)
47
- assert_raises(ORMInvalidRecordException) { user.save! }
157
+ user = User.new(
158
+ email: 'bob@microsoft.com',
159
+ password: 'password1',
160
+ password_confirmation: 'password1'
161
+ )
162
+
163
+ assert user.invalid?
164
+ assert_equal(
165
+ ['Password must contain at least one upper-case letter'],
166
+ user.errors.full_messages
167
+ )
48
168
  end
49
169
 
50
170
  test 'password must have lowercase letter' do
51
- msg = 'Password must contain at least one lower-case letter'
52
- user = User.create email: 'bob@microsoft.com', password: 'PASSWORD1', password_confirmation: 'PASSWORD1'
53
- assert_equal(false, user.valid?)
54
- assert_equal([msg], user.errors.full_messages)
55
- assert_raises(ORMInvalidRecordException) { user.save! }
171
+ user = User.new(
172
+ email: 'bob@microsoft.com',
173
+ password: 'PASSWORD1',
174
+ password_confirmation: 'PASSWORD1'
175
+ )
176
+
177
+ assert user.invalid?
178
+ assert_equal(
179
+ ['Password must contain at least one lower-case letter'],
180
+ user.errors.full_messages
181
+ )
56
182
  end
57
183
 
58
184
  test 'password must have number' do
59
- msg = 'Password must contain at least one digit'
60
- user = User.create email: 'bob@microsoft.com', password: 'PASSword', password_confirmation: 'PASSword'
61
- assert_equal(false, user.valid?)
62
- assert_equal([msg], user.errors.full_messages)
63
- assert_raises(ORMInvalidRecordException) { user.save! }
185
+ user = User.new(
186
+ email: 'bob@microsoft.com',
187
+ password: 'PASSword',
188
+ password_confirmation: 'PASSword'
189
+ )
190
+
191
+ assert user.invalid?
192
+ assert_equal(
193
+ ['Password must contain at least one digit'],
194
+ user.errors.full_messages
195
+ )
64
196
  end
65
197
 
66
- test 'password must have minimum length' do
67
- msg = 'Password is too short (minimum is 7 characters)'
68
- user = User.create email: 'bob@microsoft.com', password: 'Pa3zZ', password_confirmation: 'Pa3zZ'
69
- assert_equal(false, user.valid?)
70
- assert_equal([msg], user.errors.full_messages)
71
- assert_raises(ORMInvalidRecordException) { user.save! }
198
+ test 'password must meet minimum length' do
199
+ user = User.new(
200
+ email: 'bob@microsoft.com',
201
+ password: 'Pa3zZ',
202
+ password_confirmation: 'Pa3zZ'
203
+ )
204
+
205
+ assert user.invalid?
206
+ assert_equal(
207
+ ['Password is too short (minimum is 7 characters)'],
208
+ user.errors.full_messages
209
+ )
72
210
  end
73
211
 
74
- test 'duplicate email validation message is added only once' do
212
+ test "new user can't use existing user's email" do
75
213
  options = {
76
- email: 'test@example.org',
77
- password: 'Test12345',
78
- password_confirmation: 'Test12345',
214
+ email: 'bob@microsoft.com',
215
+ password: 'Password1!',
216
+ password_confirmation: 'Password1!',
79
217
  }
80
- SecureUser.create!(options)
81
- user = SecureUser.new(options)
82
- refute user.valid?
83
- assert_equal DEVISE_ORM == :active_record ? ['Email has already been taken'] : ['Email is already taken'], user.errors.full_messages
84
- end
218
+ User.create!(options)
219
+ user = User.new(options)
85
220
 
86
- test 'password can not equal email for new user' do
87
- msg = 'Password must be different than the email.'
88
- user = User.create email: 'bob@microsoft.com', password: 'bob@microsoft.com', password_confirmation: 'bob@microsoft.com'
89
- refute user.valid?
90
- assert_includes(user.errors.full_messages, msg)
91
- assert_raises(ORMInvalidRecordException) { user.save! }
221
+ assert user.invalid?
222
+ if DEVISE_ORM == :active_record
223
+ assert_equal(['Email has already been taken'], user.errors.full_messages)
224
+ else
225
+ assert_equal(['Email is already taken'], user.errors.full_messages)
226
+ end
92
227
  end
93
228
 
94
- test 'password can not equal case sensitive version of email for new user' do
95
- msg = 'Password must be different than the email.'
96
- user = User.create email: 'bob@microsoft.com', password: 'BoB@microsoft.com', password_confirmation: 'BoB@microsoft.com'
97
- refute user.valid?
98
- assert_includes(user.errors.full_messages, msg)
99
- assert_raises(ORMInvalidRecordException) { user.save! }
229
+ test "new user can't use existing user's email with different casing" do
230
+ options = {
231
+ email: 'bob@microsoft.com',
232
+ password: 'Password1!',
233
+ password_confirmation: 'Password1!',
234
+ }
235
+ User.create!(options)
236
+ options[:email] = 'BOB@MICROSOFT.COM'
237
+ user = User.new(options)
238
+
239
+ assert user.invalid?
240
+ if DEVISE_ORM == :active_record
241
+ assert_equal(['Email has already been taken'], user.errors.full_messages)
242
+ else
243
+ assert_equal(['Email is already taken'], user.errors.full_messages)
244
+ end
100
245
  end
101
246
 
102
- test 'password can not equal email with spaces for new user' do
103
- msg = 'Password must be different than the email.'
104
- user = User.create email: 'bob@microsoft.com', password: 'bob@microsoft.com ', password_confirmation: 'bob@microsoft.com '
105
- refute user.valid?
106
- assert_includes(user.errors.full_messages, msg)
107
- assert_raises(ORMInvalidRecordException) { user.save! }
247
+ test 'password cannot equal email for new user' do
248
+ user = User.new(
249
+ email: 'Bob1@microsoft.com',
250
+ password: 'Bob1@microsoft.com',
251
+ password_confirmation: 'Bob1@microsoft.com'
252
+ )
253
+
254
+ assert user.invalid?
255
+ assert_equal(
256
+ ['Password must be different than the email.'],
257
+ user.errors.full_messages
258
+ )
108
259
  end
109
260
 
110
- test 'password can not equal case sensitive version of email with spaces for new user' do
111
- msg = 'Password must be different than the email.'
112
- user = User.create email: 'bob@microsoft.com', password: ' BoB@microsoft.com ', password_confirmation: ' BoB@microsoft.com '
113
- refute user.valid?
114
- assert_includes(user.errors.full_messages, msg)
115
- assert_raises(ORMInvalidRecordException) { user.save! }
261
+ test 'password cannot equal case sensitive version of email for new user' do
262
+ user = User.new(
263
+ email: 'bob1@microsoft.com',
264
+ password: 'BoB1@microsoft.com',
265
+ password_confirmation: 'BoB1@microsoft.com'
266
+ )
267
+
268
+ assert user.invalid?
269
+ assert_equal(
270
+ ['Password must be different than the email.'],
271
+ user.errors.full_messages
272
+ )
116
273
  end
117
274
 
118
- test 'password can not equal email for existing user' do
119
- user = User.create email: 'bob@microsoft.com', password: 'pAs5W0rd!Is5e6Ure', password_confirmation: 'pAs5W0rd!Is5e6Ure'
275
+ test 'password cannot equal email with spaces for new user' do
276
+ user = User.new(
277
+ email: 'Bob1@microsoft.com',
278
+ password: 'Bob1@microsoft.com ',
279
+ password_confirmation: 'Bob1@microsoft.com '
280
+ )
120
281
 
121
- msg = 'Password must be different than the email.'
122
- user.password = 'bob@microsoft.com'
123
- user.password_confirmation = 'bob@microsoft.com'
124
- refute user.valid?
125
- assert_includes(user.errors.full_messages, msg)
126
- assert_raises(ORMInvalidRecordException) { user.save! }
282
+ assert user.invalid?
283
+ assert_equal(
284
+ ['Password must be different than the email.'],
285
+ user.errors.full_messages
286
+ )
127
287
  end
128
288
 
129
- test 'password can not equal case sensitive version of email for existing user' do
130
- user = User.create email: 'bob@microsoft.com', password: 'pAs5W0rd!Is5e6Ure', password_confirmation: 'pAs5W0rd!Is5e6Ure'
289
+ test 'password cannot equal case sensitive version of email with spaces '\
290
+ 'for new user' do
291
+ user = User.new(
292
+ email: 'Bob1@microsoft.com',
293
+ password: ' boB1@microsoft.com ',
294
+ password_confirmation: ' boB1@microsoft.com '
295
+ )
131
296
 
132
- msg = 'Password must be different than the email.'
133
- user.password = 'BoB@microsoft.com'
134
- user.password_confirmation = 'BoB@microsoft.com'
135
- refute user.valid?
136
- assert_includes(user.errors.full_messages, msg)
137
- assert_raises(ORMInvalidRecordException) { user.save! }
297
+ assert user.invalid?
298
+ assert_equal(
299
+ ['Password must be different than the email.'],
300
+ user.errors.full_messages
301
+ )
138
302
  end
139
303
 
140
- test 'password can not equal email with spaces for existing user' do
141
- user = User.create email: 'bob@microsoft.com', password: 'pAs5W0rd!Is5e6Ure', password_confirmation: 'pAs5W0rd!Is5e6Ure'
304
+ test 'new password cannot equal current password' do
305
+ user = User.create(
306
+ email: 'bob@microsoft.com',
307
+ password: 'Password1!',
308
+ password_confirmation: 'Password1!'
309
+ )
310
+
311
+ user.password = 'Password1!'
142
312
 
143
- msg = 'Password must be different than the email.'
144
- user.password = 'bob@microsoft.com '
145
- user.password_confirmation = 'bob@microsoft.com '
146
- refute user.valid?
147
- assert_includes(user.errors.full_messages, msg)
148
- assert_raises(ORMInvalidRecordException) { user.save! }
313
+ assert user.invalid?
314
+ assert_equal(
315
+ ['Password must be different than the current password.'],
316
+ user.errors.full_messages
317
+ )
149
318
  end
150
319
 
151
- test 'password can not equal case sensitive version of email with spaces for existing user' do
152
- user = User.create email: 'bob@microsoft.com', password: 'pAs5W0rd!Is5e6Ure', password_confirmation: 'pAs5W0rd!Is5e6Ure'
320
+ test 'should not be included in objects with invalid API' do
321
+ error = assert_raise RuntimeError do
322
+ class ::Dog; include Devise::Models::SecureValidatable; end
323
+ end
153
324
 
154
- msg = 'Password must be different than the email.'
155
- user.password = ' BoB@microsoft.com '
156
- user.password_confirmation = ' BoB@microsoft.com '
157
- refute user.valid?
158
- assert_includes(user.errors.full_messages, msg)
159
- assert_raises(ORMInvalidRecordException) { user.save! }
325
+ assert_equal('Could not use SecureValidatable on Dog', error.message)
160
326
  end
161
327
  end