github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-04 23:36:11 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Limit passwords to 200 characters

Browse Source 
Prevents layer 8 attack.
This commit is contained in:
riking
2014-09-11 12:22:11 -07:00
committed by Robin Ward
parent 216ee9f2f1
commit 2c6d03f87f
8 changed files with 78 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
spec/models/user_spec.rb
View File

@ -1150,4 +1150,30 @@ describe User do
end
end
describe "hash_passwords" do
let(:too_long) { "x" * (User.max_password_length + 1) }
def hash(password, salt)
User.new.send(:hash_password, password, salt)
end
it "returns the same hash for the same password and salt" do
hash('poutine', 'gravy').should == hash('poutine', 'gravy')
end
it "returns a different hash for the same salt and different password" do
hash('poutine', 'gravy').should_not == hash('fries', 'gravy')
end
it "returns a different hash for the same password and different salt" do
hash('poutine', 'gravy').should_not == hash('poutine', 'cheese')
end
it "raises an error when passwords are too long" do
-> { hash(too_long, 'gravy') }.should raise_error
end
end
end