jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added test to make sure password is not leaked in user json/xml feed

Browse Source
This commit is contained in:
albert
2011-09-10 16:02:16 -04:00
parent a7846731d5
commit d9c3a5b519
2 changed files with 40 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/initializers/active_record_api_extensions.rb
View File

@@ -17,7 +17,8 @@ module Danbooru
options[:except] += hidden_attributes options[:except] += hidden_attributes
super(options, &block) super(options, &block)
end end
protected
def hidden_attributes def hidden_attributes
[:uploader_ip_addr, :updater_ip_addr, :creator_ip_addr, :ip_addr] [:uploader_ip_addr, :updater_ip_addr, :creator_ip_addr, :ip_addr]
end end

38
test/unit/user_test.rb
View File

@@ -156,6 +156,24 @@ class UserTest < ActiveSupport::TestCase
end end
end end
context "ip address" do
setup do
@user = Factory.create(:user)
end
context "in the json representation" do
should "not appear" do
assert(@user.to_json !~ /addr/)
end
end
context "in the xml representation" do
should "not appear" do
assert(@user.to_xml !~ /addr/)
end
end
end
context "password" do context "password" do
should "match the confirmation" do should "match the confirmation" do
@user = Factory.create(:user) @user = Factory.create(:user)
@@ -187,6 +205,26 @@ class UserTest < ActiveSupport::TestCase
new_pass = @user.reset_password new_pass = @user.reset_password
assert(User.authenticate(@user.name, new_pass), "Authentication should have succeeded") assert(User.authenticate(@user.name, new_pass), "Authentication should have succeeded")
end end
context "in the json representation" do
setup do
@user = Factory.create(:user)
end
should "not appear" do
assert(@user.to_json !~ /password/)
end
end
context "in the xml representation" do
setup do
@user = Factory.create(:user)
end
should "not appear" do
assert(@user.to_xml !~ /password/)
end
end
end end
end end
end end