From 417818997fca057635793cdf60a3e1bfa6716e35 Mon Sep 17 00:00:00 2001 From: Thais Siqueira Date: Fri, 10 Mar 2017 11:28:39 -0300 Subject: Adds recovery code to user account Related with https://github.com/pixelated/pixelated-user-agent/issues/924 With @aarni --- app/models/account.rb | 3 +++ app/models/user.rb | 2 ++ test/integration/api/update_account_test.rb | 6 +++++ test/unit/account_test.rb | 36 +++++++++++++++++++++++++++++ 4 files changed, 47 insertions(+) diff --git a/app/models/account.rb b/app/models/account.rb index d722caa..0731cac 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -62,6 +62,9 @@ class Account update_login(attrs[:login]) @user.update_attributes attrs.slice(:password_verifier, :password_salt) end + if attrs[:recovery_code_verifier].present? + @user.update_attributes attrs.slice(:recovery_code_verifier, :recovery_code_salt) + end # TODO: move into identity controller key = update_pgp_key(attrs[:public_key]) @user.errors.set :public_key, key.errors.full_messages diff --git a/app/models/user.rb b/app/models/user.rb index 259778b..215a3b0 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -8,6 +8,8 @@ class User < CouchRest::Model::Base property :login, String, :accessible => true property :password_verifier, String, :accessible => true property :password_salt, String, :accessible => true + property :recovery_code_verifier, String, :accessible => true + property :recovery_code_salt, String, :accessible => true property :contact_email, String, :accessible => true property :contact_email_key, String, :accessible => true property :invite_code, String, :accessible => true diff --git a/test/integration/api/update_account_test.rb b/test/integration/api/update_account_test.rb index 1492006..108f05d 100644 --- a/test/integration/api/update_account_test.rb +++ b/test/integration/api/update_account_test.rb @@ -28,6 +28,12 @@ class UpdateAccountTest < SrpTest assert server_auth["M2"] end + test "update recovery code via api" do + authenticate + update_user recovery_code_verifier: "123", recovery_code_salt: "456" + assert last_response.successful? + end + test "change login with password_verifier" do authenticate new_login = 'zaph' diff --git a/test/unit/account_test.rb b/test/unit/account_test.rb index e00e589..058e196 100644 --- a/test/unit/account_test.rb +++ b/test/unit/account_test.rb @@ -96,6 +96,42 @@ class AccountTest < ActiveSupport::TestCase user.account.destroy end + test "create recovery code if it does not exist" do + user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code)) + user.account.update(:recovery_code_verifier => "abc", :recovery_code_salt => "123") + user.reload + + assert_equal "abc", user.recovery_code_verifier + assert_equal "123", user.recovery_code_salt + + user.account.destroy + end + + test "update recovery code that already exists" do + user = Account.create(FactoryGirl.attributes_for(:user, + :invite_code => @testcode.invite_code, + :recovery_code_verifier => "000", + :recovery_code_salt => "111")) + + user.account.update(:recovery_code_verifier => "abc", :recovery_code_salt => "123") + user.reload + + assert_equal "abc", user.recovery_code_verifier + assert_equal "123", user.recovery_code_salt + + user.account.destroy + end + + test "update password" do + user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code)) + user.account.update(:password_verifier => "551A8B", :password_salt => "551A8B") + + assert_equal "551A8B", user.password_verifier + assert_equal "551A8B", user.password_salt + + user.account.destroy + end + test "Invite code count goes up by 1 when the invite code is entered" do with_config invite_required: true do user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code)) -- cgit v1.2.3 From 19714d01e28ca9ba37564fe0ad48d81c665806dd Mon Sep 17 00:00:00 2001 From: Thais Siqueira Date: Fri, 10 Mar 2017 12:02:56 -0300 Subject: Validates recovery code as hexadecimal data. Related with https://github.com/pixelated/pixelated-user-agent/issues/924 With @aarni --- app/models/user.rb | 4 ++-- test/unit/user_test.rb | 10 ++++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/app/models/user.rb b/app/models/user.rb index 215a3b0..f8869cd 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -35,8 +35,8 @@ class User < CouchRest::Model::Base validate :identity_is_valid - validates :password_salt, :password_verifier, - :format => { :with => /\A[\dA-Fa-f]+\z/, :message => "Only hex numbers allowed" } + validates :password_salt, :password_verifier, :recovery_code_verifier, :recovery_code_salt, + :format => { :with => /\A[\h]*\z/, :message => "Only hex numbers allowed" } validates :password, :presence => true, :confirmation => true, diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index 02e94df..e181765 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -28,6 +28,16 @@ class UserTest < ActiveSupport::TestCase assert !@user.valid? end + test "validates hex for recovery_code_verifier" do + @user.recovery_code_verifier = "1234567abcdef" + assert @user.valid? + end + + test "validates recovery_code_verifier with non hex chars" do + @user.recovery_code_verifier = "gkpq" + assert !@user.valid? + end + test "test require alphanumerical for login" do @user.login = "qw#r" assert !@user.valid? -- cgit v1.2.3