summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorazul <azul@riseup.net>2017-03-14 15:17:26 +0000
committerazul <azul@riseup.net>2017-03-14 15:17:26 +0000
commit1a69dc86077e5bbde4b6a8f181e5711384c1f253 (patch)
tree618476e33e96fe4528b8e870f51d079ae0e43e76
parent67824594246aee807ebacdf61c4e2d0a136eab73 (diff)
parent19714d01e28ca9ba37564fe0ad48d81c665806dd (diff)
Merge branch 'recovery-code' into 'master'
Update recovery code See merge request !16
-rw-r--r--app/models/account.rb3
-rw-r--r--app/models/user.rb6
-rw-r--r--test/integration/api/update_account_test.rb6
-rw-r--r--test/unit/account_test.rb36
-rw-r--r--test/unit/user_test.rb10
5 files changed, 59 insertions, 2 deletions
diff --git a/app/models/account.rb b/app/models/account.rb
index d722caa..0731cac 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -62,6 +62,9 @@ class Account
update_login(attrs[:login])
@user.update_attributes attrs.slice(:password_verifier, :password_salt)
end
+ if attrs[:recovery_code_verifier].present?
+ @user.update_attributes attrs.slice(:recovery_code_verifier, :recovery_code_salt)
+ end
# TODO: move into identity controller
key = update_pgp_key(attrs[:public_key])
@user.errors.set :public_key, key.errors.full_messages
diff --git a/app/models/user.rb b/app/models/user.rb
index 259778b..f8869cd 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -8,6 +8,8 @@ class User < CouchRest::Model::Base
property :login, String, :accessible => true
property :password_verifier, String, :accessible => true
property :password_salt, String, :accessible => true
+ property :recovery_code_verifier, String, :accessible => true
+ property :recovery_code_salt, String, :accessible => true
property :contact_email, String, :accessible => true
property :contact_email_key, String, :accessible => true
property :invite_code, String, :accessible => true
@@ -33,8 +35,8 @@ class User < CouchRest::Model::Base
validate :identity_is_valid
- validates :password_salt, :password_verifier,
- :format => { :with => /\A[\dA-Fa-f]+\z/, :message => "Only hex numbers allowed" }
+ validates :password_salt, :password_verifier, :recovery_code_verifier, :recovery_code_salt,
+ :format => { :with => /\A[\h]*\z/, :message => "Only hex numbers allowed" }
validates :password, :presence => true,
:confirmation => true,
diff --git a/test/integration/api/update_account_test.rb b/test/integration/api/update_account_test.rb
index 1492006..108f05d 100644
--- a/test/integration/api/update_account_test.rb
+++ b/test/integration/api/update_account_test.rb
@@ -28,6 +28,12 @@ class UpdateAccountTest < SrpTest
assert server_auth["M2"]
end
+ test "update recovery code via api" do
+ authenticate
+ update_user recovery_code_verifier: "123", recovery_code_salt: "456"
+ assert last_response.successful?
+ end
+
test "change login with password_verifier" do
authenticate
new_login = 'zaph'
diff --git a/test/unit/account_test.rb b/test/unit/account_test.rb
index e00e589..058e196 100644
--- a/test/unit/account_test.rb
+++ b/test/unit/account_test.rb
@@ -96,6 +96,42 @@ class AccountTest < ActiveSupport::TestCase
user.account.destroy
end
+ test "create recovery code if it does not exist" do
+ user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code))
+ user.account.update(:recovery_code_verifier => "abc", :recovery_code_salt => "123")
+ user.reload
+
+ assert_equal "abc", user.recovery_code_verifier
+ assert_equal "123", user.recovery_code_salt
+
+ user.account.destroy
+ end
+
+ test "update recovery code that already exists" do
+ user = Account.create(FactoryGirl.attributes_for(:user,
+ :invite_code => @testcode.invite_code,
+ :recovery_code_verifier => "000",
+ :recovery_code_salt => "111"))
+
+ user.account.update(:recovery_code_verifier => "abc", :recovery_code_salt => "123")
+ user.reload
+
+ assert_equal "abc", user.recovery_code_verifier
+ assert_equal "123", user.recovery_code_salt
+
+ user.account.destroy
+ end
+
+ test "update password" do
+ user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code))
+ user.account.update(:password_verifier => "551A8B", :password_salt => "551A8B")
+
+ assert_equal "551A8B", user.password_verifier
+ assert_equal "551A8B", user.password_salt
+
+ user.account.destroy
+ end
+
test "Invite code count goes up by 1 when the invite code is entered" do
with_config invite_required: true do
user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code))
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index 02e94df..e181765 100644
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -28,6 +28,16 @@ class UserTest < ActiveSupport::TestCase
assert !@user.valid?
end
+ test "validates hex for recovery_code_verifier" do
+ @user.recovery_code_verifier = "1234567abcdef"
+ assert @user.valid?
+ end
+
+ test "validates recovery_code_verifier with non hex chars" do
+ @user.recovery_code_verifier = "gkpq"
+ assert !@user.valid?
+ end
+
test "test require alphanumerical for login" do
@user.login = "qw#r"
assert !@user.valid?