mirror of
https://github.com/discourse/discourse.git
synced 2024-12-01 21:19:41 -06:00
6f747c6b71
We were blocking user registrations with same username and password, but allowing usernames to be changed to be same as password later. Also disallow names to be the same as password.
183 lines
5.5 KiB
Ruby
183 lines
5.5 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'rails_helper'
|
|
require_dependency "common_passwords/common_passwords"
|
|
|
|
describe PasswordValidator do
|
|
|
|
def password_error_message(key)
|
|
I18n.t("activerecord.errors.models.user.attributes.password.#{key.to_s}")
|
|
end
|
|
|
|
let(:validator) { described_class.new(attributes: :password) }
|
|
subject(:validate) { validator.validate_each(record, :password, @password) }
|
|
|
|
context "password required" do
|
|
let(:record) { u = Fabricate.build(:user, password: @password); u.password_required!; u }
|
|
|
|
context "password is not common" do
|
|
before do
|
|
CommonPasswords.stubs(:common_password?).returns(false)
|
|
end
|
|
|
|
context "min password length is 8" do
|
|
before { SiteSetting.min_password_length = 8 }
|
|
|
|
it "doesn't add an error when password is good" do
|
|
@password = "weron235alsfn234"
|
|
validate
|
|
expect(record.errors[:password]).not_to be_present
|
|
end
|
|
|
|
it "adds an error when password is too short" do
|
|
@password = "p"
|
|
validate
|
|
expect(record.errors[:password]).to be_present
|
|
end
|
|
|
|
it "adds an error when password is blank" do
|
|
@password = ''
|
|
validate
|
|
expect(record.errors[:password]).to be_present
|
|
end
|
|
|
|
it "adds an error when password is nil" do
|
|
@password = nil
|
|
validate
|
|
expect(record.errors[:password]).to be_present
|
|
end
|
|
|
|
it "adds an error when user is admin and password is less than 15 chars" do
|
|
SiteSetting.min_admin_password_length = 15
|
|
|
|
@password = "12345678912"
|
|
record.admin = true
|
|
validate
|
|
expect(record.errors[:password]).to be_present
|
|
end
|
|
end
|
|
|
|
context "min password length is 12" do
|
|
before { SiteSetting.min_password_length = 12 }
|
|
|
|
it "adds an error when password length is 11" do
|
|
@password = "gt38sdt92bv"
|
|
validate
|
|
expect(record.errors[:password]).to be_present
|
|
end
|
|
end
|
|
end
|
|
|
|
context "password is commonly used" do
|
|
before do
|
|
SiteSetting.min_password_length = 8
|
|
CommonPasswords.stubs(:common_password?).returns(true)
|
|
end
|
|
|
|
it "adds an error when block_common_passwords is enabled" do
|
|
SiteSetting.block_common_passwords = true
|
|
@password = "password"
|
|
validate
|
|
expect(record.errors[:password]).to include(password_error_message(:common))
|
|
end
|
|
|
|
it "doesn't add an error when block_common_passwords is disabled" do
|
|
SiteSetting.block_common_passwords = false
|
|
@password = "password"
|
|
validate
|
|
expect(record.errors[:password]).not_to be_present
|
|
end
|
|
end
|
|
|
|
context "password_unique_characters is 5" do
|
|
before do
|
|
SiteSetting.password_unique_characters = 5
|
|
end
|
|
|
|
it "adds an error when there are too few unique characters" do
|
|
SiteSetting.password_unique_characters = 6
|
|
@password = "aaaaaa5432"
|
|
validate
|
|
expect(record.errors[:password]).to include(password_error_message(:unique_characters))
|
|
end
|
|
|
|
it "doesn't add an error when there are enough unique characters" do
|
|
@password = "aaaaa12345"
|
|
validate
|
|
expect(record.errors[:password]).not_to be_present
|
|
end
|
|
|
|
it "counts capital letters as different" do
|
|
@password = "aaaAaa1234"
|
|
validate
|
|
expect(record.errors[:password]).not_to be_present
|
|
end
|
|
end
|
|
|
|
it "adds an error when password is the same as the username" do
|
|
@password = "porkchops1234"
|
|
record.username = @password
|
|
validate
|
|
expect(record.errors[:password]).to include(password_error_message(:same_as_username))
|
|
end
|
|
|
|
it "adds an error when password is the same as the name" do
|
|
@password = "myawesomepassword"
|
|
record.name = @password
|
|
validate
|
|
expect(record.errors[:password]).to include(password_error_message(:same_as_name))
|
|
end
|
|
|
|
it "adds an error when password is the same as the email" do
|
|
@password = "pork@chops.com"
|
|
record.email = @password
|
|
validate
|
|
expect(record.errors[:password]).to include(password_error_message(:same_as_email))
|
|
end
|
|
|
|
it "adds an error when new password is same as current password" do
|
|
@password = "mypetsname"
|
|
record.save!
|
|
record.reload
|
|
record.password = @password
|
|
validate
|
|
expect(record.errors[:password]).to include(password_error_message(:same_as_current))
|
|
end
|
|
|
|
it "validation required if password is required" do
|
|
expect(record.password_validation_required?).to eq(true)
|
|
end
|
|
|
|
it "validation not required after save until a new password is set" do
|
|
@password = "myoldpassword"
|
|
record.save!
|
|
record.reload
|
|
expect(record.password_validation_required?).to eq(false)
|
|
record.password = "mynewpassword"
|
|
expect(record.password_validation_required?).to eq(true)
|
|
end
|
|
end
|
|
|
|
context "password not required" do
|
|
let(:record) { Fabricate.build(:user, password: @password) }
|
|
|
|
it "doesn't add an error if password is not required" do
|
|
@password = nil
|
|
validate
|
|
expect(record.errors[:password]).not_to be_present
|
|
end
|
|
|
|
it "validation required if a password is set" do
|
|
@password = "mygameshow"
|
|
expect(record.password_validation_required?).to eq(true)
|
|
end
|
|
|
|
it "adds an error even password not required" do
|
|
@password = "p"
|
|
validate
|
|
expect(record.errors[:password]).to be_present
|
|
end
|
|
end
|
|
|
|
end
|