Permalink
Browse files

Add secured passwords

  • Loading branch information...
1 parent 35d7c1d commit 20377b6a2a0f7b5331e6bea4981b4bb528f2ba89 @dskecse committed Mar 4, 2014
Showing with 54 additions and 2 deletions.
  1. +1 −0 Gemfile
  2. +4 −0 Gemfile.lock
  3. +3 −0 app/models/user.rb
  4. +5 −0 db/migrate/20140304191443_add_password_digest_to_users.rb
  5. +2 −1 db/schema.rb
  6. +39 −1 spec/models/user_spec.rb
View
@@ -5,6 +5,7 @@ ruby '2.0.0'
gem 'rails', '4.0.3'
gem 'pg', '0.17.1'
+gem 'bcrypt-ruby', '~> 3.1.2'
gem 'bootstrap-sass', '~> 2.3.2'
gem 'coffee-rails', '~> 4.0.0'
gem 'sass-rails', '~> 4.0.0'
View
@@ -27,6 +27,9 @@ GEM
tzinfo (~> 0.3.37)
arel (4.0.2)
atomic (1.1.14)
+ bcrypt (3.1.7)
+ bcrypt-ruby (3.1.5)
+ bcrypt (>= 3.1.3)
bootstrap-sass (2.3.2.2)
sass (~> 3.2)
builder (3.1.4)
@@ -205,6 +208,7 @@ PLATFORMS
ruby
DEPENDENCIES
+ bcrypt-ruby (~> 3.1.2)
bootstrap-sass (~> 2.3.2)
capybara (~> 2.2.0)
childprocess (~> 0.5.1)
View
@@ -6,4 +6,7 @@ class User < ActiveRecord::Base
validates :name, presence: true, length: { maximum: 50 }
validates :email, presence: true, format: { with: VALID_EMAIL_REGEX },
uniqueness: { case_sensitive: false }
+ validates :password, length: { minimum: 6 }
+
+ has_secure_password
end
@@ -0,0 +1,5 @@
+class AddPasswordDigestToUsers < ActiveRecord::Migration
+ def change
+ add_column :users, :password_digest, :string
+ end
+end
View
@@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20140302222602) do
+ActiveRecord::Schema.define(version: 20140304191443) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"
@@ -21,6 +21,7 @@
t.string "email"
t.datetime "created_at"
t.datetime "updated_at"
+ t.string "password_digest"
end
add_index "users", ["email"], name: "index_users_on_email", unique: true, using: :btree
@@ -2,12 +2,19 @@
describe User do
before do
- @user = User.new(name: 'Example User', email: 'user@example.com')
+ @user = User.new(name: 'Example User',
+ email: 'user@example.com',
+ password: 'foobar',
+ password_confirmation: 'foobar')
end
subject { @user }
it { should respond_to(:name) }
it { should respond_to(:email) }
+ it { should respond_to(:password_digest) }
+ it { should respond_to(:password) }
+ it { should respond_to(:password_confirmation) }
+ it { should respond_to(:authenticate) }
it { should be_valid }
@@ -54,4 +61,35 @@
it { should_not be_valid }
end
+
+ context 'when password is not present' do
+ before { @user.password = @user.password_confirmation = ' ' }
+ it { should_not be_valid }
+ end
+
+ context 'when password does not match confirmation' do
+ before { @user.password_confirmation = 'mismatch' }
+ it { should_not be_valid }
+ end
+
+ context 'when password is short' do
+ before { @user.password = @user.password_confirmation = 'a' * 5 }
+ it { should_not be_valid }
+ end
+
+ context 'return value of authenticate method' do
+ before { @user.save }
+ let(:found_user) { User.find_by(email: @user.email) }
+
+ context 'with valid password' do
+ it { should eq found_user.authenticate(@user.password) }
+ end
+
+ context 'with invalid password' do
+ let(:user_for_invalid_password) { found_user.authenticate('invalid') }
+
+ it { should_not eq user_for_invalid_password }
+ specify { expect(user_for_invalid_password).to be_false }
+ end
+ end
end

0 comments on commit 20377b6

Please sign in to comment.