From 220ed6c7914f5977d36b7617e9c38999317f57e5 Mon Sep 17 00:00:00 2001 From: erdgeist Date: Thu, 16 Jul 2026 19:45:42 +0200 Subject: Implement transparent password hash migration Add has_secure_password and bcrypt while retaining compatibility with legacy SHA-1 password hashes. Existing users are upgraded to password_digest on their next successful login. Add regression tests covering both legacy and modern authentication paths. --- test/models/user_test.rb | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) (limited to 'test') diff --git a/test/models/user_test.rb b/test/models/user_test.rb index 049892e..514bdea 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -62,6 +62,62 @@ class UserTest < ActiveSupport::TestCase def test_should_not_authenticate_unknown_user assert_nil User.authenticate("nosuchuser", "monkey") end + + def test_user_with_crypted_password_is_migrated_on_login + user = users(:quentin) + + assert_nil user.password_digest + + assert User.authenticate("quentin", "monkey") + + user.reload + + assert_not_nil user.password_digest + assert_nil user.crypted_password + assert_nil user.salt + end + + def test_new_user_uses_password_digest + user = create_user + + assert_not_nil user.password_digest + assert_nil user.crypted_password + assert_nil user.salt + + assert_equal user, User.authenticate("quire", "quire69") + end + + def test_legacy_user_is_migrated_on_login + user = users(:quentin) + + assert_nil user.password_digest + assert_not_nil user.crypted_password + assert_not_nil user.salt + + assert_equal user, User.authenticate("quentin", "monkey") + + user.reload + + assert_not_nil user.password_digest + assert_nil user.crypted_password + assert_nil user.salt + end + + def test_migrated_user_authenticates_using_password_digest + user = users(:quentin) + + # Trigger automatic migration. + assert_equal user, User.authenticate("quentin", "monkey") + + user.reload + + assert_not_nil user.password_digest + assert_nil user.crypted_password + assert_nil user.salt + + # Second login should now use password_digest. + assert_equal user, User.authenticate("quentin", "monkey") + end protected def create_user(options = {}) -- cgit v1.3