StandardRB fixes
This commit is contained in:
Dan Milne
@@ -10,7 +10,7 @@ class ApplicationUserClaimTest < ActiveSupport::TestCase
|
||||
claim = ApplicationUserClaim.new(
|
||||
user: @user,
|
||||
application: @application,
|
||||
custom_claims: { "role": "admin" }
|
||||
custom_claims: {role: "admin"}
|
||||
)
|
||||
assert claim.valid?
|
||||
assert claim.save
|
||||
@@ -20,13 +20,13 @@ class ApplicationUserClaimTest < ActiveSupport::TestCase
|
||||
ApplicationUserClaim.create!(
|
||||
user: @user,
|
||||
application: @application,
|
||||
custom_claims: { "role": "admin" }
|
||||
custom_claims: {role: "admin"}
|
||||
)
|
||||
|
||||
duplicate = ApplicationUserClaim.new(
|
||||
user: @user,
|
||||
application: @application,
|
||||
custom_claims: { "role": "user" }
|
||||
custom_claims: {role: "user"}
|
||||
)
|
||||
|
||||
assert_not duplicate.valid?
|
||||
@@ -37,7 +37,7 @@ class ApplicationUserClaimTest < ActiveSupport::TestCase
|
||||
claim = ApplicationUserClaim.new(
|
||||
user: @user,
|
||||
application: @application,
|
||||
custom_claims: { "role": "admin", "level": 5 }
|
||||
custom_claims: {role: "admin", level: 5}
|
||||
)
|
||||
|
||||
parsed = claim.parsed_custom_claims
|
||||
@@ -59,7 +59,7 @@ class ApplicationUserClaimTest < ActiveSupport::TestCase
|
||||
claim = ApplicationUserClaim.new(
|
||||
user: @user,
|
||||
application: @application,
|
||||
custom_claims: { "groups": ["admin"], "role": "user" }
|
||||
custom_claims: {groups: ["admin"], role: "user"}
|
||||
)
|
||||
|
||||
assert_not claim.valid?
|
||||
@@ -70,7 +70,7 @@ class ApplicationUserClaimTest < ActiveSupport::TestCase
|
||||
claim = ApplicationUserClaim.new(
|
||||
user: @user,
|
||||
application: @application,
|
||||
custom_claims: { "kavita_groups": ["admin"], "role": "user" }
|
||||
custom_claims: {kavita_groups: ["admin"], role: "user"}
|
||||
)
|
||||
|
||||
assert claim.valid?
|
||||
|
||||
@@ -27,7 +27,7 @@ class OidcAccessTokenTest < ActiveSupport::TestCase
|
||||
assert_nil new_token.plaintext_token
|
||||
assert new_token.save
|
||||
assert_not_nil new_token.plaintext_token
|
||||
assert_match /^[A-Za-z0-9_-]+$/, new_token.plaintext_token
|
||||
assert_match(/^[A-Za-z0-9_-]+$/, new_token.plaintext_token)
|
||||
end
|
||||
|
||||
test "should set expiry before validation on create" do
|
||||
@@ -144,7 +144,7 @@ class OidcAccessTokenTest < ActiveSupport::TestCase
|
||||
|
||||
# All tokens should match the expected pattern
|
||||
tokens.each do |token|
|
||||
assert_match /^[A-Za-z0-9_-]+$/, token
|
||||
assert_match(/^[A-Za-z0-9_-]+$/, token)
|
||||
# Base64 token length may vary due to padding, just ensure it's reasonable
|
||||
assert token.length >= 43, "Token should be at least 43 characters"
|
||||
assert token.length <= 64, "Token should not exceed 64 characters"
|
||||
@@ -164,7 +164,7 @@ class OidcAccessTokenTest < ActiveSupport::TestCase
|
||||
)
|
||||
|
||||
assert access_token.plaintext_token.length > auth_code.plaintext_code.length,
|
||||
"Access tokens should be longer than authorization codes"
|
||||
"Access tokens should be longer than authorization codes"
|
||||
end
|
||||
|
||||
test "should have appropriate expiry times" do
|
||||
@@ -181,7 +181,7 @@ class OidcAccessTokenTest < ActiveSupport::TestCase
|
||||
|
||||
# Authorization codes expire in 10 minutes, access tokens in 1 hour
|
||||
assert access_token.expires_at > auth_code.expires_at,
|
||||
"Access tokens should have longer expiry than authorization codes"
|
||||
"Access tokens should have longer expiry than authorization codes"
|
||||
end
|
||||
|
||||
test "revoked tokens should not appear in valid scope" do
|
||||
|
||||
@@ -28,7 +28,7 @@ class OidcAuthorizationCodeTest < ActiveSupport::TestCase
|
||||
assert_nil new_code.code_hmac
|
||||
assert new_code.save
|
||||
assert_not_nil new_code.code_hmac
|
||||
assert_match /^[a-f0-9]{64}$/, new_code.code_hmac # SHA256 hex digest
|
||||
assert_match(/^[a-f0-9]{64}$/, new_code.code_hmac) # SHA256 hex digest
|
||||
end
|
||||
|
||||
test "should set expiry before validation on create" do
|
||||
@@ -186,7 +186,7 @@ class OidcAuthorizationCodeTest < ActiveSupport::TestCase
|
||||
|
||||
# All codes should be SHA256 hex digests
|
||||
codes.each do |code|
|
||||
assert_match /^[a-f0-9]{64}$/, code
|
||||
assert_match(/^[a-f0-9]{64}$/, code)
|
||||
assert_equal 64, code.length # SHA256 hex digest
|
||||
end
|
||||
end
|
||||
|
||||
@@ -218,7 +218,7 @@ class OidcUserConsentTest < ActiveSupport::TestCase
|
||||
|
||||
# Application requests more than granted
|
||||
assert_not @consent.covers_scopes?(["openid", "profile", "groups"]),
|
||||
"Should not cover scopes not granted"
|
||||
"Should not cover scopes not granted"
|
||||
|
||||
# Application requests subset
|
||||
assert @consent.covers_scopes?(["email"]), "Should cover subset of granted scopes"
|
||||
|
||||
@@ -165,4 +165,4 @@ class PkceAuthorizationCodeTest < ActiveSupport::TestCase
|
||||
# Should be valid even without code_challenge
|
||||
assert auth_code.valid?
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -73,7 +73,7 @@ class UserPasswordManagementTest < ActiveSupport::TestCase
|
||||
assert_not authenticated_user.authenticate("WrongPassword"), "Should not authenticate with wrong password"
|
||||
|
||||
# Test password changes invalidate old sessions
|
||||
old_password_digest = @user.password_digest
|
||||
@user.password_digest
|
||||
@user.password = "NewPassword123!"
|
||||
@user.save!
|
||||
|
||||
@@ -102,7 +102,7 @@ class UserPasswordManagementTest < ActiveSupport::TestCase
|
||||
assert new_user.password_digest.length > 50, "Password digest should be substantial"
|
||||
|
||||
# Test digest format (bcrypt hashes start with $2a$)
|
||||
assert_match /^\$2a\$/, new_user.password_digest, "Password digest should be bcrypt format"
|
||||
assert_match(/^\$2a\$/, new_user.password_digest, "Password digest should be bcrypt format")
|
||||
|
||||
# Test authentication against digest
|
||||
authenticated_user = User.find(new_user.id)
|
||||
@@ -250,4 +250,4 @@ class UserPasswordManagementTest < ActiveSupport::TestCase
|
||||
assert_not_nil @user.last_sign_in_at, "last_sign_in_at should be set after update"
|
||||
assert @user.last_sign_in_at > 1.minute.ago, "last_sign_in_at should be recent"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -33,7 +33,7 @@ class UserTest < ActiveSupport::TestCase
|
||||
end
|
||||
|
||||
test "does not find user with invalid invitation token" do
|
||||
user = User.create!(
|
||||
User.create!(
|
||||
email_address: "test@example.com",
|
||||
password: "password123",
|
||||
status: :pending_invitation
|
||||
@@ -222,7 +222,7 @@ class UserTest < ActiveSupport::TestCase
|
||||
# Should store 10 BCrypt hashes
|
||||
assert_equal 10, stored_hashes.length
|
||||
stored_hashes.each do |hash|
|
||||
assert hash.start_with?('$2a$'), "Should be BCrypt hash"
|
||||
assert hash.start_with?("$2a$"), "Should be BCrypt hash"
|
||||
end
|
||||
|
||||
# Verify each plain code matches its corresponding hash
|
||||
@@ -298,7 +298,7 @@ class UserTest < ActiveSupport::TestCase
|
||||
# Make 5 failed attempts to trigger rate limit
|
||||
5.times do |i|
|
||||
result = user.verify_backup_code("INVALID123")
|
||||
assert_not result, "Failed attempt #{i+1} should return false"
|
||||
assert_not result, "Failed attempt #{i + 1} should return false"
|
||||
end
|
||||
|
||||
# Check that the cache is tracking attempts
|
||||
|
||||
Reference in New Issue
Block a user