From 223e6bc17986b7fba61b3a5fa7a7f5d20204a04d Mon Sep 17 00:00:00 2001 From: Rimian Perkins Date: Fri, 5 May 2017 09:57:26 +1000 Subject: [PATCH] check password length and tidy up --- .../discourse_donations/charges_controller.rb | 7 ++-- .../charges_controller_spec.rb | 36 +++++++++++-------- 2 files changed, 26 insertions(+), 17 deletions(-) diff --git a/app/controllers/discourse_donations/charges_controller.rb b/app/controllers/discourse_donations/charges_controller.rb index ddb4df8..d668ea7 100644 --- a/app/controllers/discourse_donations/charges_controller.rb +++ b/app/controllers/discourse_donations/charges_controller.rb @@ -10,10 +10,13 @@ module DiscourseDonations output = { 'messages' => [], 'rewards' => [] } if create_account - if !email.present? || params[:username].nil? + if !email.present? || !params[:username].present? output['messages'] << I18n.t('login.missing_user_field') end - if params[:username].present? && ::User.reserved_username?(params[:username]) + if params[:password] && params[:password].length > User.max_password_length + output['messages'] << I18n.t('login.password_too_long') + end + if params[:username] && ::User.reserved_username?(params[:username]) output['messages'] << I18n.t('login.reserved_username') end end diff --git a/spec/controllers/discourse_donations/charges_controller_spec.rb b/spec/controllers/discourse_donations/charges_controller_spec.rb index d002a5c..3757770 100644 --- a/spec/controllers/discourse_donations/charges_controller_spec.rb +++ b/spec/controllers/discourse_donations/charges_controller_spec.rb @@ -12,18 +12,16 @@ module DiscourseDonations SiteSetting.stubs(:discourse_donations_currency).returns('AUD') end + def include_message(key) + include(I18n.t(key)) + end + it 'responds ok for anonymous users' do post :create, { email: 'foobar@example.com' } expect(body['messages']).to include('Payment complete.') expect(response).to have_http_status(200) end - it 'expects a username if accounts are being created' do - post :create, { email: 'zipitydoodah@example.com', create_account: 'true' } - expect(body['messages']).to include(I18n.t('login.missing_user_field')) - expect(response).to have_http_status(200) - end - it 'does not expect a username or email if accounts are not being created' do current_user = log_in(:coding_horror) post :create, { create_account: 'false' } @@ -32,20 +30,28 @@ module DiscourseDonations end describe 'new user' do - it 'has a message when the email is empty' do - post :create, { create_account: 'true', email: '' } - expect(body['messages']).to include(I18n.t('login.missing_user_field')) + let(:params) { { create_account: 'true', email: 'email@example.com', password: 'secret', username: 'mr-pink' } } + + it 'requires an email' do + post :create, params.merge(email: '') + expect(body['messages']).to include_message('login.missing_user_field') end - it 'has a message when the email is empty' do - post :create, { create_account: 'true' } - expect(body['messages']).to include(I18n.t('login.missing_user_field')) + it 'requires a username' do + post :create, params.merge(username: '') + expect(body['messages']).to include_message('login.missing_user_field') end - it 'has a message when the username is reserved' do + it 'disallows usernames that are reserved' do User.expects(:reserved_username?).returns(true) - post :create, { username: 'admin', create_account: 'true', email: 'something@example.com' } - expect(body['messages']).to include(I18n.t('login.reserved_username')) + post :create, params + expect(body['messages']).to include_message('login.reserved_username') + end + + it 'requires a minimum password length' do + User.expects(:max_password_length).returns(params[:password].length - 1) + post :create, params + expect(body['messages']).to include_message('login.password_too_long') end end