fix unique char counting in password validator

2024-11-23 01:16:38 -06:00 · 2017-02-10 10:38:17 -05:00 · 2017-02-10 10:38:17 -05:00 · 94e1105af7
commit 94e1105af7
parent 137e941814
3 changed files with 8 additions and 8 deletions
--- a/lib/validators/password_validator.rb
+++ b/lib/validators/password_validator.rb
@ -18,7 +18,7 @@ class PasswordValidator < ActiveModel::EachValidator
      record.errors.add(attribute, :same_as_current)
    elsif SiteSetting.block_common_passwords && CommonPasswords.common_password?(value)
      record.errors.add(attribute, :common)
-    elsif value.chars.uniq.size < SiteSetting.password_unique_characters
+    elsif value.chars.inject(Hash.new(0)) { |h,char| h[char] += 1; h }.reject { |k,v| v > 1 }.size < SiteSetting.password_unique_characters
      record.errors.add(attribute, :unique_characters)
    end
  end
--- a/spec/components/validators/password_validator_spec.rb
+++ b/spec/components/validators/password_validator_spec.rb
@ -93,19 +93,19 @@ describe PasswordValidator do
      end

      it "adds an error when there are too few unique characters" do
-        @password = "cheeeeeeeese"
+        @password = "aaaaaa5432"
        validate
        expect(record.errors[:password]).to include(password_error_message(:unique_characters))
      end

      it "doesn't add an error when there are enough unique characters" do
-        @password = "spooooooorts"
+        @password = "aaaaa54321"
        validate
        expect(record.errors[:password]).not_to be_present
      end

-      it "counts capital letters as unique" do
-        @password = "cHeEeeeeesE"
+      it "counts capital letters as different" do
+        @password = "aaaAaa5432"
        validate
        expect(record.errors[:password]).not_to be_present
      end
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -264,11 +264,11 @@ describe UsersController do
        token = user.email_tokens.create(email: user.email).token

        get :password_reset, token: token
-        put :password_reset, token: token, password: 'hg9ow8yhg98o'
-        put :password_reset, token: token, password: 'test123123Asdfsdf'
+        put :password_reset, token: token, password: 'hg9ow8yHG32O'
+        put :password_reset, token: token, password: 'test123987AsdfXYZ'

        user.reload
-        expect(user.confirm_password?('hg9ow8yhg98o')).to eq(true)
+        expect(user.confirm_password?('hg9ow8yHG32O')).to eq(true)

        # logged in now
        expect(user.user_auth_tokens.count).to eq(1)