diff options
| author | Azul <azul@leap.se> | 2012-10-07 21:00:36 +0200 |
|---|---|---|
| committer | Azul <azul@leap.se> | 2012-10-07 21:00:36 +0200 |
| commit | d776e9ea988b0bc00b24c0e0760bcfe3d95057a7 (patch) | |
| tree | d99ff7d801a6f280bd637e0681ef05e67db57d48 /users | |
| parent | 2215250a39162f9e1fcb8f90e02a637faa63438c (diff) | |
adding validations for valid login chars and verifier and salt being hex
Diffstat (limited to 'users')
| -rw-r--r-- | users/app/models/user.rb | 10 | ||||
| -rw-r--r-- | users/test/unit/user_test.rb | 41 |
2 files changed, 32 insertions, 19 deletions
diff --git a/users/app/models/user.rb b/users/app/models/user.rb index e10f55e..1afb9db 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -9,8 +9,10 @@ class User < CouchRest::Model::Base :presence => true validates :login, - :uniqueness => true, - :format => { :with => /\A\w+\z/, + :uniqueness => true + + validates :login, + :format => { :with => /\A[A-Za-z\d_]+\z/, :message => "Only letters, digits and _ allowed" } validates :password_salt, :password_verifier, @@ -31,8 +33,8 @@ class User < CouchRest::Model::Base # valid set of attributes for testing def valid_attributes_hash { :login => "me", - :password_verifier => "1234", - :password_salt => "4321" } + :password_verifier => "1234ABC", + :password_salt => "4321AB" } end end diff --git a/users/test/unit/user_test.rb b/users/test/unit/user_test.rb index 870d422..822ef33 100644 --- a/users/test/unit/user_test.rb +++ b/users/test/unit/user_test.rb @@ -3,37 +3,48 @@ require 'test_helper' class UserTest < ActiveSupport::TestCase include SRP::Util + setup do + @attribs = User.valid_attributes_hash + @user = User.new(@attribs) + end + test "test set of attributes should be valid" do - user = User.new(User.valid_attributes_hash) - assert user.valid? + @user.valid? + assert_equal Hash.new, @user.errors.messages + end + + test "test require hex for password_verifier" do + @user.password_verifier = "QWER" + assert !@user.valid? + end + + test "test require alphanumerical for login" do + @user.login = "qwär" + assert !@user.valid? end test "find_by_param gets User by login" do - user = User.create!(User.valid_attributes_hash) - assert_equal user, User.find_by_param(user.login) - user.destroy + @user.save + assert_equal @user, User.find_by_param(@user.login) + @user.destroy end test "to_param gives user login" do - user = User.new(User.valid_attributes_hash) - assert_equal user.login, user.to_param + assert_equal @user.login, @user.to_param end test "verifier returns number for the hex in password_verifier" do - user = User.new(User.valid_attributes_hash) - assert_equal user.password_verifier.hex, user.verifier + assert_equal @user.password_verifier.hex, @user.verifier end test "salt returns number for the hex in password_salt" do - user = User.new(User.valid_attributes_hash) - assert_equal user.password_salt.hex, user.salt + assert_equal @user.password_salt.hex, @user.salt end - test "should include SRP::Authentication" do + test "should include SRP" do client_rnd = bigrand(32).hex - user = User.new(User.valid_attributes_hash) - srp_session = user.initialize_auth(client_rnd) - assert srp_session.is_a? SRP::Authentication::Session + srp_session = @user.initialize_auth(client_rnd) + assert srp_session.is_a? SRP::Session assert_equal client_rnd, srp_session.aa end |