github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-26 05:53:38 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
a455567f9e
discourse/spec/services/user_password_expirer_spec.rb
Kelv a455567f9e
DEV: make UserPassword 1:1 to User (#28528) 
* add data migration to keep only unexpired or most recently expired user password
* refactor to 1:1 relationship between User and UserPassword
* add migration to remove redundant indexes on user passwords
2024-09-03 11:09:33 +08:00

66 lines
2.6 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
RSpec.describe UserPasswordExpirer do
fab!(:password) { "somerandompassword" }
fab!(:user) { Fabricate(:user, password:) }
describe ".expire_user_password" do
it "should create a new UserPassword record with the user's current password information" do
freeze_time
expect { described_class.expire_user_password(user) }.to change(UserPassword, :count).by 1
user_password = user.reload.user_password
expect(user_password.password_hash).to eq(user.password_hash)
expect(user_password.password_salt).to eq(user.salt)
expect(user_password.password_algorithm).to eq(user.password_algorithm)
expect(user_password.password_expired_at).to eq_time(Time.zone.now)
end
it "should update `UserPassword#password_expired_at` if the user already has an existing UserPassword record with the same password hash, salt and algorithm" do
freeze_time(1.hour.ago) do
described_class.expire_user_password(user)
expect(user.reload.user_password.password_expired_at).to eq_time(Time.zone.now)
end
freeze_time do
expect { described_class.expire_user_password(user) }.not_to change(UserPassword, :count)
user_password = user.user_password.reload
expect(user_password.password_hash).to eq(user.password_hash)
expect(user_password.password_salt).to eq(user.salt)
expect(user_password.password_algorithm).to eq(user.password_algorithm)
expect(user_password.password_expired_at).to eq_time(Time.zone.now)
end
end
it "updates UserPassword attributes if user already has an existing UserPassword record which has a different password_hash" do
new_password = password + "_new"
old_password_hash = user.password_hash
freeze_time(1.hour.ago) do
described_class.expire_user_password(user)
expect(user.user_password.password_hash).to eq(old_password_hash)
expect(user.user_password.password_expired_at).to eq_time(Time.zone.now)
end
freeze_time do
user.update!(password: new_password)
expect { described_class.expire_user_password(user) }.not_to change(UserPassword, :count)
user_password = user.user_password.reload
expect(user_password.password_hash).not_to eq(old_password_hash)
expect(user_password.password_hash).to eq(user.password_hash)
expect(user_password.password_salt).to eq(user.salt)
expect(user_password.password_algorithm).to eq(user.password_algorithm)
expect(user_password.password_expired_at).to eq_time(Time.zone.now)
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink