mirror of
https://github.com/discourse/discourse.git
synced 2024-12-19 18:34:09 +08:00
32e261ef73
* Add migrations to ensure password hash is synced across users & user_passwords * Persist password-related data in user_passwords instead of users * Merge User#expire_old_email_tokens with User#expire_tokens_if_password_changed * Add post deploy migration to mark password-related columns from users table as read-only * Refactored UserPassword#confirm_password? and changes required to accommodate hashing the password after validations
53 lines
2.0 KiB
Ruby
53 lines
2.0 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.describe UserPasswordExpirer do
|
|
fab!(:password) { "somerandompassword" }
|
|
fab!(:user) { Fabricate(:user, password:) }
|
|
|
|
describe ".expire_user_password" do
|
|
it "should update `UserPassword#password_expired_at` if the user already has an existing UserPassword record with the same password hash, salt and algorithm" do
|
|
freeze_time(1.hour.ago) do
|
|
described_class.expire_user_password(user)
|
|
|
|
expect(user.reload.user_password.password_expired_at).to eq_time(Time.zone.now)
|
|
end
|
|
|
|
freeze_time do
|
|
expect { described_class.expire_user_password(user) }.not_to change(UserPassword, :count)
|
|
|
|
user_password = user.user_password.reload
|
|
|
|
expect(user_password.password_hash).to eq(user.password_hash)
|
|
expect(user_password.password_salt).to eq(user.salt)
|
|
expect(user_password.password_algorithm).to eq(user.password_algorithm)
|
|
expect(user_password.password_expired_at).to eq_time(Time.zone.now)
|
|
end
|
|
end
|
|
|
|
it "updates UserPassword attributes if user already has an existing UserPassword record which has a different password_hash" do
|
|
new_password = password + "_new"
|
|
old_password_hash = user.password_hash
|
|
|
|
freeze_time(1.hour.ago) do
|
|
described_class.expire_user_password(user)
|
|
|
|
expect(user.user_password.password_hash).to eq(old_password_hash)
|
|
expect(user.user_password.password_expired_at).to eq_time(Time.zone.now)
|
|
end
|
|
|
|
freeze_time do
|
|
user.update!(password: new_password)
|
|
expect { described_class.expire_user_password(user) }.not_to change(UserPassword, :count)
|
|
|
|
user_password = user.user_password.reload
|
|
|
|
expect(user_password.password_hash).not_to eq(old_password_hash)
|
|
expect(user_password.password_hash).to eq(user.password_hash)
|
|
expect(user_password.password_salt).to eq(user.salt)
|
|
expect(user_password.password_algorithm).to eq(user.password_algorithm)
|
|
expect(user_password.password_expired_at).to eq_time(Time.zone.now)
|
|
end
|
|
end
|
|
end
|
|
end
|