team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding password hashing spec

Browse Source
This commit is contained in:
Mike McCabe
2013-10-09 12:55:00 -04:00
parent c9a64b9e82
commit e999c02506
2 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
spec/vulnerabilities/password_hashing_spec.rb
+26
View File
@@ -0,0 +1,26 @@
require 'spec_helper'
feature 'improper password hashing' do
before do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
end
scenario 'with just md5' do
new_pass = 'testpassword'
@normal_user.password = new_pass
@normal_user.password_confirmation = new_pass
@normal_user.save
pending(:if => verifying_fixed?) {Digest::MD5.hexdigest(new_pass).should == @normal_user.password}
end
scenario 'with md5 and salt' do
if @normal_user.has_attribute?('salt')
new_pass = 'testpassword'
@normal_user.password = new_pass
@normal_user.password_confirmation = new_pass
@normal_user.save
pending(:if => verifying_fixed?) {Digest::MD5.hexdigest(@normal_user.salt + new_pass).should == @normal_user.password}
end
end
end