202 lines
6.0 KiB
Ruby
202 lines
6.0 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.describe PasswordValidator do
|
|
def password_error_message(key)
|
|
I18n.t("activerecord.errors.models.user.attributes.password.#{key}")
|
|
end
|
|
|
|
subject(:validate) { validator.validate_each(record, :password, @password) }
|
|
|
|
let(:validator) { described_class.new(attributes: :password) }
|
|
|
|
describe "password required" do
|
|
let(:record) do
|
|
u = Fabricate.build(:user, password: @password)
|
|
u.password_required!
|
|
u
|
|
end
|
|
|
|
context "when password is not common" do
|
|
before { CommonPasswords.stubs(:common_password?).returns(false) }
|
|
|
|
context "when min password length is 8" do
|
|
before { SiteSetting.min_password_length = 8 }
|
|
|
|
it "doesn't add an error when password is good" do
|
|
@password = "weron235alsfn234"
|
|
validate
|
|
expect(record.errors[:password]).not_to be_present
|
|
end
|
|
|
|
it "adds an error when password is too short" do
|
|
@password = "p"
|
|
validate
|
|
expect(record.errors[:password]).to be_present
|
|
end
|
|
|
|
it "adds an error when password is blank" do
|
|
@password = ""
|
|
validate
|
|
expect(record.errors[:password]).to be_present
|
|
end
|
|
|
|
it "adds an error when password is nil" do
|
|
@password = nil
|
|
validate
|
|
expect(record.errors[:password]).to be_present
|
|
end
|
|
|
|
it "adds an error when user is admin and password is less than 15 chars" do
|
|
SiteSetting.min_admin_password_length = 15
|
|
|
|
@password = "12345678912"
|
|
record.admin = true
|
|
validate
|
|
expect(record.errors[:password]).to be_present
|
|
end
|
|
end
|
|
|
|
context "when min password length is 12" do
|
|
before { SiteSetting.min_password_length = 12 }
|
|
|
|
it "adds an error when password length is 11" do
|
|
@password = "gt38sdt92bv"
|
|
validate
|
|
expect(record.errors[:password]).to be_present
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when password is commonly used" do
|
|
before do
|
|
SiteSetting.min_password_length = 8
|
|
CommonPasswords.stubs(:common_password?).returns(true)
|
|
end
|
|
|
|
it "adds an error when block_common_passwords is enabled" do
|
|
SiteSetting.block_common_passwords = true
|
|
@password = "password"
|
|
validate
|
|
expect(record.errors[:password]).to include(password_error_message(:common))
|
|
end
|
|
|
|
it "doesn't add an error when block_common_passwords is disabled" do
|
|
SiteSetting.block_common_passwords = false
|
|
@password = "password"
|
|
validate
|
|
expect(record.errors[:password]).not_to be_present
|
|
end
|
|
end
|
|
|
|
context "when password_unique_characters is 5" do
|
|
before { SiteSetting.password_unique_characters = 5 }
|
|
|
|
it "adds an error when there are too few unique characters" do
|
|
SiteSetting.password_unique_characters = 6
|
|
@password = "aaaaaa5432"
|
|
validate
|
|
expect(record.errors[:password]).to include(password_error_message(:unique_characters))
|
|
end
|
|
|
|
it "doesn't add an error when there are enough unique characters" do
|
|
@password = "aaaaa12345"
|
|
validate
|
|
expect(record.errors[:password]).not_to be_present
|
|
end
|
|
|
|
it "counts capital letters as different" do
|
|
@password = "aaaAaa1234"
|
|
validate
|
|
expect(record.errors[:password]).not_to be_present
|
|
end
|
|
end
|
|
|
|
it "adds an error when password is the same as the username" do
|
|
@password = "porkchops1234"
|
|
record.username = @password
|
|
validate
|
|
expect(record.errors[:password]).to include(password_error_message(:same_as_username))
|
|
end
|
|
|
|
it "adds an error when password is the same as the name" do
|
|
@password = "myawesomepassword"
|
|
record.name = @password
|
|
validate
|
|
expect(record.errors[:password]).to include(password_error_message(:same_as_name))
|
|
end
|
|
|
|
it "adds an error when password is the same as the email" do
|
|
@password = "pork@chops.com"
|
|
record.email = @password
|
|
validate
|
|
expect(record.errors[:password]).to include(password_error_message(:same_as_email))
|
|
end
|
|
|
|
it "adds an error when new password is same as current password" do
|
|
@password = "mypetsname"
|
|
record.save!
|
|
record.reload
|
|
record.password = @password
|
|
validate
|
|
expect(record.errors[:password]).to include(password_error_message(:same_as_current))
|
|
end
|
|
|
|
it "adds an error when new password is same as a previous password" do
|
|
@password = "thisisaoldpassword"
|
|
record.save!
|
|
record.reload
|
|
|
|
new_password = "thisisanewpassword"
|
|
|
|
_expired_user_password =
|
|
Fabricate(
|
|
:expired_user_password,
|
|
password: new_password,
|
|
password_algorithm: record.password_algorithm,
|
|
password_salt: record.salt,
|
|
user: record,
|
|
)
|
|
|
|
record.password = new_password
|
|
@password = new_password
|
|
validate
|
|
|
|
expect(record.errors[:password]).to include(password_error_message(:same_as_previous))
|
|
end
|
|
|
|
it "validation required if password is required" do
|
|
expect(record.password_validation_required?).to eq(true)
|
|
end
|
|
|
|
it "validation not required after save until a new password is set" do
|
|
@password = "myoldpassword"
|
|
record.save!
|
|
record.reload
|
|
expect(record.password_validation_required?).to eq(false)
|
|
record.password = "mynewpassword"
|
|
expect(record.password_validation_required?).to eq(true)
|
|
end
|
|
end
|
|
|
|
describe "password not required" do
|
|
let(:record) { Fabricate.build(:user, password: @password) }
|
|
|
|
it "doesn't add an error if password is not required" do
|
|
@password = nil
|
|
validate
|
|
expect(record.errors[:password]).not_to be_present
|
|
end
|
|
|
|
it "validation required if a password is set" do
|
|
@password = "mygameshow"
|
|
expect(record.password_validation_required?).to eq(true)
|
|
end
|
|
|
|
it "adds an error even password not required" do
|
|
@password = "p"
|
|
validate
|
|
expect(record.errors[:password]).to be_present
|
|
end
|
|
end
|
|
end
|