discourse/spec/components/validators/password_validator_spec.rb

require 'rails_helper'
require_dependency "common_passwords/common_passwords"

describe PasswordValidator do

  let(:validator) { described_class.new({attributes: :password}) }
  subject(:validate) { validator.validate_each(record,:password,@password) }

  context "password required" do
    let(:record) { u = Fabricate.build(:user, password: @password); u.password_required!; u }

    context "password is not common" do
      before do
        CommonPasswords.stubs(:common_password?).returns(false)
      end

      context "min password length is 8" do
        before { SiteSetting.stubs(:min_password_length).returns(8) }

        it "doesn't add an error when password is good" do
          @password = "weron235alsfn234"
          validate
          expect(record.errors[:password]).not_to be_present
        end

        it "adds an error when password is too short" do
          @password = "p"
          validate
          expect(record.errors[:password]).to be_present
        end

        it "adds an error when password is blank" do
          @password = ''
          validate
          expect(record.errors[:password]).to be_present
        end

        it "adds an error when password is nil" do
          @password = nil
          validate
          expect(record.errors[:password]).to be_present
        end

        it "adds an error when user is admin and password is less than 15 chars" do
          SiteSetting.min_admin_password_length = 15

          @password = "12345678912"
          record.admin = true
          validate
          expect(record.errors[:password]).to be_present
        end
      end

      context "min password length is 12" do
        before { SiteSetting.stubs(:min_password_length).returns(12) }

        it "adds an error when password length is 11" do
          @password = "gt38sdt92bv"
          validate
          expect(record.errors[:password]).to be_present
        end
      end
    end

    context "password is commonly used" do
      before do
        SiteSetting.stubs(:min_password_length).returns(8)
        CommonPasswords.stubs(:common_password?).returns(true)
      end

      it "adds an error when block_common_passwords is enabled" do
        SiteSetting.stubs(:block_common_passwords).returns(true)
        @password = "password"
        validate
        expect(record.errors[:password]).to be_present
      end

      it "doesn't add an error when block_common_passwords is disabled" do
        SiteSetting.stubs(:block_common_passwords).returns(false)
        @password = "password"
        validate
        expect(record.errors[:password]).not_to be_present
      end
    end

    it "adds an error when password is the same as the username" do
      @password = "porkchops1234"
      record.username = @password
      validate
      expect(record.errors[:password]).to be_present
    end

    it "adds an error when password is the same as the email" do
      @password = "pork@chops.com"
      record.email = @password
      validate
      expect(record.errors[:password]).to be_present
    end
  end

  context "password not required" do
    let(:record) { Fabricate.build(:user, password: @password) }

    it "doesn't add an error if password is not required" do
      @password = nil
      validate
      expect(record.errors[:password]).not_to be_present
    end
  end

end
Prepare for separation of RSpec helper files Since rspec-rails 3, the default installation creates two helper files: * `spec_helper.rb` * `rails_helper.rb` `spec_helper.rb` is intended as a way of running specs that do not require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's current `spec_helper.rb` does). For more information: https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files In this commit, I've simply replaced all instances of `spec_helper` with `rails_helper`, and renamed the original `spec_helper.rb`. This brings the Discourse project closer to the standard usage of RSpec in a Rails app. At present, every spec relies on loading Rails, but there are likely many that don't need to. In a future pull request, I hope to introduce a separate, minimal `spec_helper.rb` which can be used in tests which don't rely on Rails. 2015-10-11 10:41:23 +01:00			`require 'rails_helper'`
Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-20 16:34:34 -05:00			`require_dependency "common_passwords/common_passwords"`
Move password validation into PasswordValidator 2013-12-19 15:12:03 -05:00
			`describe PasswordValidator do`

			`let(:validator) { described_class.new({attributes: :password}) }`
			`subject(:validate) { validator.validate_each(record,:password,@password) }`

			`context "password required" do`
			`let(:record) { u = Fabricate.build(:user, password: @password); u.password_required!; u }`

Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-20 16:34:34 -05:00			`context "password is not common" do`
			`before do`
Fix password_validator_spec 2013-12-27 11:15:53 -05:00			`CommonPasswords.stubs(:common_password?).returns(false)`
Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-20 16:34:34 -05:00			`end`
Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length. 2013-12-19 16:15:36 -05:00
Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-20 16:34:34 -05:00			`context "min password length is 8" do`
			`before { SiteSetting.stubs(:min_password_length).returns(8) }`

			`it "doesn't add an error when password is good" do`
			`@password = "weron235alsfn234"`
			`validate`
few components with rspec3 syntax 2015-01-09 13:34:37 -03:00			`expect(record.errors[:password]).not_to be_present`
Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-20 16:34:34 -05:00			`end`

			`it "adds an error when password is too short" do`
			`@password = "p"`
			`validate`
few components with rspec3 syntax 2015-01-09 13:34:37 -03:00			`expect(record.errors[:password]).to be_present`
Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-20 16:34:34 -05:00			`end`

			`it "adds an error when password is blank" do`
			`@password = ''`
			`validate`
few components with rspec3 syntax 2015-01-09 13:34:37 -03:00			`expect(record.errors[:password]).to be_present`
Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-20 16:34:34 -05:00			`end`

			`it "adds an error when password is nil" do`
			`@password = nil`
			`validate`
few components with rspec3 syntax 2015-01-09 13:34:37 -03:00			`expect(record.errors[:password]).to be_present`
Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-20 16:34:34 -05:00			`end`
FEATURE: new setting min_admin_password_length and better default 2016-03-02 14:01:38 +05:30
			`it "adds an error when user is admin and password is less than 15 chars" do`
			`SiteSetting.min_admin_password_length = 15`

			`@password = "12345678912"`
			`record.admin = true`
			`validate`
			`expect(record.errors[:password]).to be_present`
			`end`
Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length. 2013-12-19 16:15:36 -05:00			`end`

Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-20 16:34:34 -05:00			`context "min password length is 12" do`
			`before { SiteSetting.stubs(:min_password_length).returns(12) }`

			`it "adds an error when password length is 11" do`
			`@password = "gt38sdt92bv"`
			`validate`
few components with rspec3 syntax 2015-01-09 13:34:37 -03:00			`expect(record.errors[:password]).to be_present`
Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-20 16:34:34 -05:00			`end`
Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length. 2013-12-19 16:15:36 -05:00			`end`
Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-20 16:34:34 -05:00			`end`
Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length. 2013-12-19 16:15:36 -05:00
Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-20 16:34:34 -05:00			`context "password is commonly used" do`
			`before do`
FEATURE: new setting min_admin_password_length and better default 2016-03-02 14:01:38 +05:30			`SiteSetting.stubs(:min_password_length).returns(8)`
Fix password_validator_spec 2013-12-27 11:15:53 -05:00			`CommonPasswords.stubs(:common_password?).returns(true)`
Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length. 2013-12-19 16:15:36 -05:00			`end`

Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-20 16:34:34 -05:00			`it "adds an error when block_common_passwords is enabled" do`
			`SiteSetting.stubs(:block_common_passwords).returns(true)`
			`@password = "password"`
Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length. 2013-12-19 16:15:36 -05:00			`validate`
few components with rspec3 syntax 2015-01-09 13:34:37 -03:00			`expect(record.errors[:password]).to be_present`
Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length. 2013-12-19 16:15:36 -05:00			`end`
Move password validation into PasswordValidator 2013-12-19 15:12:03 -05:00
Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-20 16:34:34 -05:00			`it "doesn't add an error when block_common_passwords is disabled" do`
			`SiteSetting.stubs(:block_common_passwords).returns(false)`
			`@password = "password"`
Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length. 2013-12-19 16:15:36 -05:00			`validate`
few components with rspec3 syntax 2015-01-09 13:34:37 -03:00			`expect(record.errors[:password]).not_to be_present`
Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length. 2013-12-19 16:15:36 -05:00			`end`
Move password validation into PasswordValidator 2013-12-19 15:12:03 -05:00			`end`
FEATURE: don't allow username and password to be the same 2015-02-25 11:59:57 -05:00
			`it "adds an error when password is the same as the username" do`
FEATURE: new setting min_admin_password_length and better default 2016-03-02 14:01:38 +05:30			`@password = "porkchops1234"`
FEATURE: don't allow username and password to be the same 2015-02-25 11:59:57 -05:00			`record.username = @password`
			`validate`
			`expect(record.errors[:password]).to be_present`
			`end`
FEATURE: don't allow username and email to be the same 2015-02-27 13:47:43 -05:00
			`it "adds an error when password is the same as the email" do`
			`@password = "pork@chops.com"`
			`record.email = @password`
			`validate`
			`expect(record.errors[:password]).to be_present`
			`end`
Move password validation into PasswordValidator 2013-12-19 15:12:03 -05:00			`end`

			`context "password not required" do`
			`let(:record) { Fabricate.build(:user, password: @password) }`

			`it "doesn't add an error if password is not required" do`
			`@password = nil`
			`validate`
few components with rspec3 syntax 2015-01-09 13:34:37 -03:00			`expect(record.errors[:password]).not_to be_present`
Move password validation into PasswordValidator 2013-12-19 15:12:03 -05:00			`end`
			`end`

			`end`