summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjessib <jessib@riseup.net>2013-08-22 11:32:31 -0700
committerjessib <jessib@riseup.net>2013-08-22 11:32:31 -0700
commit8c45a3c54f2b0b709ebf040de0db00b6913e709b (patch)
tree3474b0db6b7e4921566af430fa36d790ac021dd0
parent41de2179c67fc09e1558280c5601cc07b2e40b43 (diff)
parent75db45671d432a0d81805ad50c6cc9f8f7eff7a7 (diff)
Merge pull request #70 from azul/bugfix/validate_login_like_signup
use the same login validations on sessions and users
-rw-r--r--users/app/models/login_format_validation.rb19
-rw-r--r--users/app/models/session.rb6
-rw-r--r--users/app/models/user.rb15
-rw-r--r--users/test/integration/browser/account_test.rb2
4 files changed, 23 insertions, 19 deletions
diff --git a/users/app/models/login_format_validation.rb b/users/app/models/login_format_validation.rb
new file mode 100644
index 0000000..1d02bd1
--- /dev/null
+++ b/users/app/models/login_format_validation.rb
@@ -0,0 +1,19 @@
+module LoginFormatValidation
+ extend ActiveSupport::Concern
+
+ included do
+ # Have multiple regular expression validations so we can get specific error messages:
+ validates :login,
+ :format => { :with => /\A.{2,}\z/,
+ :message => "Login must have at least two characters"}
+ validates :login,
+ :format => { :with => /\A[a-z\d_\.-]+\z/,
+ :message => "Only lowercase letters, digits, . - and _ allowed."}
+ validates :login,
+ :format => { :with => /\A[a-z].*\z/,
+ :message => "Login must begin with a lowercase letter"}
+ validates :login,
+ :format => { :with => /\A.*[a-z\d]\z/,
+ :message => "Login must end with a letter or digit"}
+ end
+end
diff --git a/users/app/models/session.rb b/users/app/models/session.rb
index a9fdb1b..0d7e10e 100644
--- a/users/app/models/session.rb
+++ b/users/app/models/session.rb
@@ -1,12 +1,10 @@
class Session < SRP::Session
include ActiveModel::Validations
+ include LoginFormatValidation
attr_accessor :login
- validates :login,
- :presence => true,
- :format => { :with => /\A[A-Za-z\d_]+\z/,
- :message => "Only letters, digits and _ allowed" }
+ validates :login, :presence => true
def initialize(user = nil, aa = nil)
super(user, aa) if user
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index 0a89f7c..c1988f3 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -1,4 +1,5 @@
class User < CouchRest::Model::Base
+ include LoginFormatValidation
use_database :users
@@ -15,20 +16,6 @@ class User < CouchRest::Model::Base
:uniqueness => true,
:if => :serverside?
- # Have multiple regular expression validations so we can get specific error messages:
- validates :login,
- :format => { :with => /\A.{2,}\z/,
- :message => "Login must have at least two characters"}
- validates :login,
- :format => { :with => /\A[a-z\d_\.-]+\z/,
- :message => "Only lowercase letters, digits, . - and _ allowed."}
- validates :login,
- :format => { :with => /\A[a-z].*\z/,
- :message => "Login must begin with a lowercase letter"}
- validates :login,
- :format => { :with => /\A.*[a-z\d]\z/,
- :message => "Login must end with a letter or digit"}
-
validate :login_is_unique_alias
validates :password_salt, :password_verifier,
diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb
index c65c491..b412980 100644
--- a/users/test/integration/browser/account_test.rb
+++ b/users/test/integration/browser/account_test.rb
@@ -28,8 +28,8 @@ class AccountTest < BrowserIntegrationTest
fill_in 'Password', with: "password"
inject_malicious_js
click_on 'Log In'
- assert !page.has_content?("Welcome")
assert page.has_content?("Invalid random key")
+ assert page.has_no_content?("Welcome")
end
def inject_malicious_js