Password Mismatch

When setting a password for a Web (on the "Edit Web" page),
ensure that the password matches. Previously, the "verify"
field was a placebo.
This commit is contained in:
Jacques Distler 2008-12-20 17:54:54 -06:00
parent 1f816af24b
commit 7828d79d35
2 changed files with 19 additions and 3 deletions

View file

@ -53,6 +53,8 @@ class AdminController < ApplicationController
# form submitted
if wiki.authenticate(system_password)
begin
raise Instiki::ValidationError.new("Password for this Web didn't match") unless
(params['password'].empty? or params['password'] == params['password_check'])
wiki.edit_web(
@web.address, params['address'], params['name'],
params['markup'].intern,

View file

@ -120,7 +120,7 @@ class AdminControllerTest < Test::Unit::TestCase
process('edit_web', 'system_password' => 'pswd',
'web' => 'wiki1', 'address' => 'renamed_wiki1', 'name' => 'Renamed Wiki1',
'markup' => 'markdown', 'color' => 'blue', 'additional_style' => 'whatever',
'safe_mode' => 'on', 'password' => 'new_password', 'published' => 'on',
'safe_mode' => 'on', 'password' => 'new_password', 'password_check' => 'new_password', 'published' => 'on',
'brackets_only' => 'on', 'count_pages' => 'on', 'allow_uploads' => 'on',
'max_upload_size' => '300')
@ -139,13 +139,27 @@ class AdminControllerTest < Test::Unit::TestCase
assert_equal 300, @web.max_upload_size
end
def test_edit_web_web_password_mismatch
@wiki.system.update_attribute(:password, 'pswd')
process('edit_web', 'system_password' => 'pswd',
'web' => 'wiki1', 'address' => 'renamed_wiki1', 'name' => 'Renamed Wiki1',
'markup' => 'markdown', 'color' => 'blue', 'additional_style' => 'whatever',
'safe_mode' => 'on', 'password' => 'new_password', 'password_check' => 'old_password', 'published' => 'on',
'brackets_only' => 'on', 'count_pages' => 'on', 'allow_uploads' => 'on',
'max_upload_size' => '300')
assert_response :success
assert @response.has_template_object?('error')
end
def test_edit_web_opposite_values
@wiki.system.update_attribute(:password, 'pswd')
process('edit_web', 'system_password' => 'pswd',
'web' => 'wiki1', 'address' => 'renamed_wiki1', 'name' => 'Renamed Wiki1',
'markup' => 'markdown', 'color' => 'blue', 'additional_style' => 'whatever',
'password' => 'new_password')
'password' => 'new_password', 'password_check' => 'new_password')
# safe_mode, published, brackets_only, count_pages, allow_uploads not set
# and should become false
@ -176,7 +190,7 @@ class AdminControllerTest < Test::Unit::TestCase
process('edit_web', 'system_password' => 'pswd',
'web' => 'wiki1', 'address' => 'another', 'name' => 'Renamed Wiki1',
'markup' => 'markdown', 'color' => 'blue', 'additional_style' => 'whatever',
'password' => 'new_password')
'password' => 'new_password', 'password_check' => 'new_password')
#returns to the same form
assert_response :success