Joseph Mastey
b934194ffe
* use bang version of save methods in the seeds file, so that when you fix validation, it will at least explode, rather than silently failing to create users * fix two tests where passwords are hardcoded so that they use stronger passwords, since password complexity is not the important bit of either of those tests.
19 lines
546 B
Ruby
19 lines
546 B
Ruby
require 'spec_helper'
|
|
|
|
feature 'improper password hashing' do
|
|
before do
|
|
UserFixture.reset_all_users
|
|
@normal_user = UserFixture.normal_user
|
|
end
|
|
|
|
scenario "with just md5\nTutorial: https://github.com/OWASP/railsgoat/wiki/A6-Sensitive-Data-Exposure-Insecure-Password-Storage" do
|
|
new_pass = 'testPassw0rd!'
|
|
@normal_user.password = new_pass
|
|
@normal_user.password_confirmation = new_pass
|
|
@normal_user.save
|
|
pending if verifying_fixed?
|
|
expect(Digest::MD5.hexdigest(new_pass)).to eq(@normal_user.password)
|
|
end
|
|
|
|
end
|