discourse/spec/lib/validators/password_validator_spec.rb

202 lines
6.0 KiB
Ruby

# frozen_string_literal: true
RSpec.describe PasswordValidator do
def password_error_message(key)
I18n.t("activerecord.errors.models.user.attributes.password.#{key}")
end
subject(:validate) { validator.validate_each(record, :password, @password) }
let(:validator) { described_class.new(attributes: :password) }
describe "password required" do
let(:record) do
u = Fabricate.build(:user, password: @password)
u.password_required!
u
end
context "when password is not common" do
before { CommonPasswords.stubs(:common_password?).returns(false) }
context "when min password length is 8" do
before { SiteSetting.min_password_length = 8 }
it "doesn't add an error when password is good" do
@password = "weron235alsfn234"
validate
expect(record.errors[:password]).not_to be_present
end
it "adds an error when password is too short" do
@password = "p"
validate
expect(record.errors[:password]).to be_present
end
it "adds an error when password is blank" do
@password = ""
validate
expect(record.errors[:password]).to be_present
end
it "adds an error when password is nil" do
@password = nil
validate
expect(record.errors[:password]).to be_present
end
it "adds an error when user is admin and password is less than 15 chars" do
SiteSetting.min_admin_password_length = 15
@password = "12345678912"
record.admin = true
validate
expect(record.errors[:password]).to be_present
end
end
context "when min password length is 12" do
before { SiteSetting.min_password_length = 12 }
it "adds an error when password length is 11" do
@password = "gt38sdt92bv"
validate
expect(record.errors[:password]).to be_present
end
end
end
context "when password is commonly used" do
before do
SiteSetting.min_password_length = 8
CommonPasswords.stubs(:common_password?).returns(true)
end
it "adds an error when block_common_passwords is enabled" do
SiteSetting.block_common_passwords = true
@password = "password"
validate
expect(record.errors[:password]).to include(password_error_message(:common))
end
it "doesn't add an error when block_common_passwords is disabled" do
SiteSetting.block_common_passwords = false
@password = "password"
validate
expect(record.errors[:password]).not_to be_present
end
end
context "when password_unique_characters is 5" do
before { SiteSetting.password_unique_characters = 5 }
it "adds an error when there are too few unique characters" do
SiteSetting.password_unique_characters = 6
@password = "aaaaaa5432"
validate
expect(record.errors[:password]).to include(password_error_message(:unique_characters))
end
it "doesn't add an error when there are enough unique characters" do
@password = "aaaaa12345"
validate
expect(record.errors[:password]).not_to be_present
end
it "counts capital letters as different" do
@password = "aaaAaa1234"
validate
expect(record.errors[:password]).not_to be_present
end
end
it "adds an error when password is the same as the username" do
@password = "porkchops1234"
record.username = @password
validate
expect(record.errors[:password]).to include(password_error_message(:same_as_username))
end
it "adds an error when password is the same as the name" do
@password = "myawesomepassword"
record.name = @password
validate
expect(record.errors[:password]).to include(password_error_message(:same_as_name))
end
it "adds an error when password is the same as the email" do
@password = "pork@chops.com"
record.email = @password
validate
expect(record.errors[:password]).to include(password_error_message(:same_as_email))
end
it "adds an error when new password is same as current password" do
@password = "mypetsname"
record.save!
record.reload
record.password = @password
validate
expect(record.errors[:password]).to include(password_error_message(:same_as_current))
end
it "adds an error when new password is same as a previous password" do
@password = "thisisaoldpassword"
record.save!
record.reload
new_password = "thisisanewpassword"
_expired_user_password =
Fabricate(
:expired_user_password,
password: new_password,
password_algorithm: record.password_algorithm,
password_salt: record.salt,
user: record,
)
record.password = new_password
@password = new_password
validate
expect(record.errors[:password]).to include(password_error_message(:same_as_previous))
end
it "validation required if password is required" do
expect(record.password_validation_required?).to eq(true)
end
it "validation not required after save until a new password is set" do
@password = "myoldpassword"
record.save!
record.reload
expect(record.password_validation_required?).to eq(false)
record.password = "mynewpassword"
expect(record.password_validation_required?).to eq(true)
end
end
describe "password not required" do
let(:record) { Fabricate.build(:user, password: @password) }
it "doesn't add an error if password is not required" do
@password = nil
validate
expect(record.errors[:password]).not_to be_present
end
it "validation required if a password is set" do
@password = "mygameshow"
expect(record.password_validation_required?).to eq(true)
end
it "adds an error even password not required" do
@password = "p"
validate
expect(record.errors[:password]).to be_present
end
end
end