From d776e9ea988b0bc00b24c0e0760bcfe3d95057a7 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sun, 7 Oct 2012 21:00:36 +0200
Subject: adding validations for valid login chars and verifier and salt being
 hex

---
 users/app/models/user.rb     | 10 ++++++----
 users/test/unit/user_test.rb | 41 ++++++++++++++++++++++++++---------------
 2 files changed, 32 insertions(+), 19 deletions(-)

(limited to 'users')

diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index e10f55e..1afb9db 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -9,8 +9,10 @@ class User < CouchRest::Model::Base
     :presence => true
 
   validates :login,
-    :uniqueness => true,
-    :format => { :with => /\A\w+\z/,
+    :uniqueness => true
+
+  validates :login,
+    :format => { :with => /\A[A-Za-z\d_]+\z/,
       :message => "Only letters, digits and _ allowed" }
 
   validates :password_salt, :password_verifier,
@@ -31,8 +33,8 @@ class User < CouchRest::Model::Base
     # valid set of attributes for testing
     def valid_attributes_hash
       { :login => "me",
-        :password_verifier => "1234",
-        :password_salt => "4321" }
+        :password_verifier => "1234ABC",
+        :password_salt => "4321AB" }
     end
 
   end
diff --git a/users/test/unit/user_test.rb b/users/test/unit/user_test.rb
index 870d422..822ef33 100644
--- a/users/test/unit/user_test.rb
+++ b/users/test/unit/user_test.rb
@@ -3,37 +3,48 @@ require 'test_helper'
 class UserTest < ActiveSupport::TestCase
 
   include SRP::Util
+  setup do
+    @attribs = User.valid_attributes_hash
+    @user = User.new(@attribs)
+  end
+
   test "test set of attributes should be valid" do
-    user = User.new(User.valid_attributes_hash)
-    assert user.valid?
+    @user.valid?
+    assert_equal Hash.new, @user.errors.messages
+  end
+
+  test "test require hex for password_verifier" do
+    @user.password_verifier = "QWER"
+    assert !@user.valid?
+  end
+
+  test "test require alphanumerical for login" do
+    @user.login = "qwär"
+    assert !@user.valid?
   end
 
   test "find_by_param gets User by login" do
-    user = User.create!(User.valid_attributes_hash)
-    assert_equal user, User.find_by_param(user.login)
-    user.destroy
+    @user.save
+    assert_equal @user, User.find_by_param(@user.login)
+    @user.destroy
   end
 
   test "to_param gives user login" do
-    user = User.new(User.valid_attributes_hash)
-    assert_equal user.login, user.to_param
+    assert_equal @user.login, @user.to_param
   end
 
   test "verifier returns number for the hex in password_verifier" do
-    user = User.new(User.valid_attributes_hash)
-    assert_equal user.password_verifier.hex, user.verifier
+    assert_equal @user.password_verifier.hex, @user.verifier
   end
 
   test "salt returns number for the hex in password_salt" do
-    user = User.new(User.valid_attributes_hash)
-    assert_equal user.password_salt.hex, user.salt
+    assert_equal @user.password_salt.hex, @user.salt
   end
 
-  test "should include SRP::Authentication" do
+  test "should include SRP" do
     client_rnd = bigrand(32).hex
-    user = User.new(User.valid_attributes_hash)
-    srp_session = user.initialize_auth(client_rnd)
-    assert srp_session.is_a? SRP::Authentication::Session
+    srp_session = @user.initialize_auth(client_rnd)
+    assert srp_session.is_a? SRP::Session
     assert_equal client_rnd, srp_session.aa
   end
 
-- 
cgit v1.2.3