team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding password hashing spec

Browse Source
This commit is contained in:
Mike McCabe
2013-10-09 12:55:00 -04:00
parent c9a64b9e82
commit e999c02506
2 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
spec/support/capybara_shared.rb
+1 -1
View File
@@ -16,7 +16,7 @@ def verifying_fixed?
******************************************************************************
You are running the RailsGoat Capybara Specs in Training mode. These specs
are supposed to fail, indicating vulnerabilities exist. They contain
spoilers, so do not read the code in spec/features if your goal is to
spoilers, so do not read the code in spec/vulnerabilities if your goal is to
learn more about patching the vulnerabilities. You should fix the
vulnerabilities in the application in order to get these specs to pass**.
You can use them to measure your progress.
spec/vulnerabilities/password_hashing_spec.rb
+26
View File
@@ -0,0 +1,26 @@
require 'spec_helper'
feature 'improper password hashing' do
before do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
end
scenario 'with just md5' do
new_pass = 'testpassword'
@normal_user.password = new_pass
@normal_user.password_confirmation = new_pass
@normal_user.save
pending(:if => verifying_fixed?) {Digest::MD5.hexdigest(new_pass).should == @normal_user.password}
end
scenario 'with md5 and salt' do
if @normal_user.has_attribute?('salt')
new_pass = 'testpassword'
@normal_user.password = new_pass
@normal_user.password_confirmation = new_pass
@normal_user.save
pending(:if => verifying_fixed?) {Digest::MD5.hexdigest(@normal_user.salt + new_pass).should == @normal_user.password}
end
end
end