Adding pepper and stretches configuration per model, and globaly setup through Devise.pepper and Devise.stretches

2026-01-22 21:28:01 -05:00 · 2009-10-20 11:08:40 -02:00
parent 4d45672298
commit 342f948bc8
9 changed files with 169 additions and 61 deletions
--- a/test/active_record_test.rb
+++ b/test/active_record_test.rb
@@ -1,79 +1,96 @@
 require 'test/test_helper'

-class Authenticable < ActiveRecord::Base
+class Authenticable < User
  devise
 end

-class Confirmable < ActiveRecord::Base
+class Confirmable < User
  devise :confirmable
 end

-class Recoverable < ActiveRecord::Base
+class Recoverable < User
  devise :recoverable
 end

-class Validatable < ActiveRecord::Base
+class Rememberable < User
+  devise :rememberable
+end
+
+class Validatable < User
  devise :validatable
 end

-class Devisable < ActiveRecord::Base
+class Devisable < User
  devise :all
 end

+class Exceptable < User
+  devise :all, :except => [:recoverable, :rememberable, :validatable]
+end
+
+class Configurable < User
+  devise :all, :stretches => 15, :pepper => 'abcdef'
+end
+
 class ActiveRecordTest < ActiveSupport::TestCase

-  def include_authenticable_module?(mod)
-    mod.devise_modules.include?(:authenticable) &&
-    mod.included_modules.include?(Devise::Models::Authenticable)
+  def include_module?(klass, mod)
+    klass.devise_modules.include?(mod) &&
+    klass.included_modules.include?(Devise::Models::const_get(mod.to_s.classify))
  end

-  def include_confirmable_module?(mod)
-    mod.devise_modules.include?(:confirmable) &&
-    mod.included_modules.include?(Devise::Models::Confirmable)
+  def assert_include_modules(klass, *modules)
+    modules.each do |mod|
+      assert include_module?(klass, mod)
+    end
  end

-  def include_recoverable_module?(mod)
-    mod.devise_modules.include?(:recoverable) &&
-    mod.included_modules.include?(Devise::Models::Recoverable)
+  def assert_not_include_modules(klass, *modules)
+    modules.each do |mod|
+      assert_not include_module?(klass, mod)
+    end
  end

-  def include_validatable_module?(mod)
-    mod.devise_modules.include?(:validatable) &&
-    mod.included_modules.include?(Devise::Models::Validatable)
+  test 'include by default authenticable only' do
+    assert_include_modules Authenticable, :authenticable
+    assert_not_include_modules Authenticable, :confirmable, :recoverable, :rememberable, :validatable
  end

-  test 'acts as devisable should include by default authenticable only' do
-    assert include_authenticable_module?(Authenticable)
-    assert_not include_confirmable_module?(Authenticable)
-    assert_not include_recoverable_module?(Authenticable)
-    assert_not include_validatable_module?(Authenticable)
+  test 'add confirmable module only' do
+    assert_include_modules Confirmable, :authenticable, :confirmable
+    assert_not_include_modules Confirmable, :recoverable, :rememberable, :validatable
  end

-  test 'acts as devisable should be able to add confirmable module only' do
-    assert include_authenticable_module?(Confirmable)
-    assert include_confirmable_module?(Confirmable)
-    assert_not include_recoverable_module?(Confirmable)
-    assert_not include_validatable_module?(Confirmable)
+  test 'add recoverable module only' do
+    assert_include_modules Recoverable, :authenticable, :recoverable
+    assert_not_include_modules Recoverable, :confirmable, :rememberable, :validatable
  end

-  test 'acts as devisable should be able to add recoverable module only' do
-    assert include_authenticable_module?(Recoverable)
-    assert_not include_confirmable_module?(Recoverable)
-    assert include_recoverable_module?(Recoverable)
-    assert_not include_validatable_module?(Recoverable)
+  test 'add rememberable module only' do
+    assert_include_modules Rememberable, :authenticable, :rememberable
+    assert_not_include_modules Rememberable, :confirmable, :recoverable, :validatable
  end

-  test 'acts as devisable should be able to add validatable module only' do
-    assert include_authenticable_module?(Validatable)
-    assert_not include_confirmable_module?(Validatable)
-    assert_not include_recoverable_module?(Validatable)
-    assert include_validatable_module?(Validatable)
+  test 'add validatable module only' do
+    assert_include_modules Validatable, :authenticable, :validatable
+    assert_not_include_modules Validatable, :confirmable, :recoverable, :rememberable
  end

-  test 'acts as devisable should be able to add all modules' do
-    assert include_authenticable_module?(Devisable)
-    assert include_confirmable_module?(Devisable)
-    assert include_recoverable_module?(Devisable)
-    assert include_validatable_module?(Devisable)
+  test 'add all modules' do
+    assert_include_modules Devisable,
+      :authenticable, :confirmable, :recoverable, :rememberable, :validatable
+  end
+
+  test 'configure modules with except option' do
+    assert_include_modules Exceptable, :authenticable, :confirmable
+    assert_not_include_modules Exceptable, :recoverable, :rememberable, :validatable
+  end
+
+  test 'set a default value for stretches' do
+    assert_equal 15, Configurable.new.send(:stretches)
+  end
+
+  test 'set a default value for pepper' do
+    assert_equal 'abcdef', Configurable.new.send(:pepper)
  end
 end
--- a/test/models/authenticable_test.rb
+++ b/test/models/authenticable_test.rb
@@ -74,11 +74,41 @@ class AuthenticableTest < ActiveSupport::TestCase
  end

  test 'should encrypt password using a sha1 hash' do
-    Devise::Models::Authenticable.pepper = 'pepper'
-    Devise::Models::Authenticable.stretches = 1
-    user = create_user
-    expected_password = ::Digest::SHA1.hexdigest("--#{user.password_salt}--pepper--123456--pepper--")
-    assert_equal expected_password, user.encrypted_password
+    user = new_user
+    assert_equal encrypt_password(user), user.encrypted_password
+  end
+
+  def encrypt_password(user, pepper=nil, stretches=1)
+    user.instance_variable_set(:@stretches, stretches) if stretches
+    user.password = '123456'
+    ::Digest::SHA1.hexdigest("--#{user.password_salt}--#{pepper}--123456--#{pepper}--")
+  end
+
+  test 'should fallback to devise pepper default configuring' do
+    begin
+      Devise.pepper = ''
+      user = new_user
+      assert_equal encrypt_password(user), user.encrypted_password
+      Devise.pepper = 'new_pepper'
+      user = new_user
+      assert_equal encrypt_password(user, 'new_pepper'), user.encrypted_password
+      Devise.pepper = '123456'
+      user = new_user
+      assert_equal encrypt_password(user, '123456'), user.encrypted_password
+    ensure
+      Devise.pepper = nil
+    end
+  end
+
+  test 'should fallback to devise stretches default configuring' do
+    begin
+      default_stretches = Devise.stretches
+      Devise.stretches = 1
+      user = new_user
+      assert_equal encrypt_password(user, nil, nil), user.encrypted_password
+    ensure
+      Devise.stretches = default_stretches
+    end
  end

  test 'should test for a valid password' do