Merge pull request #16412 from yevhene/master

Fix in has_secure_password for passwords containing only spaces.
This commit is contained in:
Santiago Pastorino 2014-08-07 09:13:24 -03:00
commit e2689d1dad
3 changed files with 18 additions and 2 deletions

View File

@ -1,3 +1,9 @@
* Passwords with spaces only allowed in `ActiveModel::SecurePassword`.
Presence validation can be used to resore old behavior.
*Yevhene Shemet*
* Validate options passed to `ActiveModel::Validations.validate`. * Validate options passed to `ActiveModel::Validations.validate`.
Preventing, in many cases, the simple mistake of using `validate` instead of `validates`. Preventing, in many cases, the simple mistake of using `validate` instead of `validates`.

View File

@ -105,7 +105,7 @@ module ActiveModel
attr_reader :password attr_reader :password
# Encrypts the password into the +password_digest+ attribute, only if the # Encrypts the password into the +password_digest+ attribute, only if the
# new password is not blank. # new password is not empty.
# #
# class User < ActiveRecord::Base # class User < ActiveRecord::Base
# has_secure_password validations: false # has_secure_password validations: false
@ -119,7 +119,7 @@ module ActiveModel
def password=(unencrypted_password) def password=(unencrypted_password)
if unencrypted_password.nil? if unencrypted_password.nil?
self.password_digest = nil self.password_digest = nil
elsif unencrypted_password.present? elsif !unencrypted_password.empty?
@password = unencrypted_password @password = unencrypted_password
cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST : BCrypt::Engine.cost cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST : BCrypt::Engine.cost
self.password_digest = BCrypt::Password.create(unencrypted_password, cost: cost) self.password_digest = BCrypt::Password.create(unencrypted_password, cost: cost)

View File

@ -40,6 +40,11 @@ class SecurePasswordTest < ActiveModel::TestCase
assert @user.valid?(:create), 'user should be valid' assert @user.valid?(:create), 'user should be valid'
end end
test "create a new user with validation and a spaces only password" do
@user.password = ' ' * 72
assert @user.valid?(:create), 'user should be valid'
end
test "create a new user with validation and a blank password" do test "create a new user with validation and a blank password" do
@user.password = '' @user.password = ''
assert !@user.valid?(:create), 'user should be invalid' assert !@user.valid?(:create), 'user should be invalid'
@ -105,6 +110,11 @@ class SecurePasswordTest < ActiveModel::TestCase
assert @existing_user.valid?(:update), 'user should be valid' assert @existing_user.valid?(:update), 'user should be valid'
end end
test "updating an existing user with validation and a spaces only password" do
@user.password = ' ' * 72
assert @user.valid?(:update), 'user should be valid'
end
test "updating an existing user with validation and a blank password and password_confirmation" do test "updating an existing user with validation and a blank password and password_confirmation" do
@existing_user.password = '' @existing_user.password = ''
@existing_user.password_confirmation = '' @existing_user.password_confirmation = ''