Adds random salt to user passwords (#7410).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4936 e93f8b46-1217-0410-a6f0-8f06a7374b81

1 files changed, 33 insertions, 1 deletions

diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index 63e422701..3f324ddc4 100644
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -361,7 +361,6 @@ class UserTest < ActiveSupport::TestCase
     user = User.try_to_login("admin", "hello")
     assert_kind_of User, user
     assert_equal "admin", user.login
-    assert_equal User.hash_password("hello"), user.hashed_password    
   end
   
   def test_name_format
@@ -383,6 +382,22 @@ class UserTest < ActiveSupport::TestCase
     assert_equal nil, user  
   end
   
+  context ".try_to_login" do
+    context "with good credentials" do
+      should "return the user" do
+        user = User.try_to_login("admin", "admin")
+        assert_kind_of User, user
+        assert_equal "admin", user.login
+      end
+    end
+    
+    context "with wrong credentials" do
+      should "return nil" do
+        assert_nil User.try_to_login("admin", "foo")
+      end
+    end
+  end
+  
   if ldap_configured?
     context "#try_to_login using LDAP" do
       context "with failed connection to the LDAP server" do
@@ -727,6 +742,23 @@ class UserTest < ActiveSupport::TestCase
       should 'be added and tested'
     end
   end
+
+  def test_salt_unsalted_passwords
+    # Restore a user with an unsalted password
+    user = User.find(1)
+    user.salt = nil
+    user.hashed_password = User.hash_password("unsalted")
+    user.save!
+    
+    User.salt_unsalted_passwords!
+    
+    user.reload
+    # Salt added
+    assert !user.salt.blank?
+    # Password still valid
+    assert user.check_password?("unsalted")
+    assert_equal user, User.try_to_login(user.login, "unsalted")
+  end
   
   if Object.const_defined?(:OpenID)