-
Notifications
You must be signed in to change notification settings - Fork 2k
User CRUD Tests saving hashed password #966
Comments
@mleanos I can definitely confirm this bug is right. |
@lirantal If you see where the tests are originating from, it's not interacting with the password generator at all. I'm pretty sure the issue is that in the case of the User Crud tests, the I also wonder if adding the check for the password |
Ahh ok, got it. |
@lirantal What do you mean "in general"? Can you provide an example, or reference? From what I see, we're testing the strength of the password after user input. In respect to mongoose, the Adding the Regardless, we should have the |
So it's somewhat related to the discussion we had back then about whether to use the |
I agree that we should have the model take care of making sure the password has been changed before sending to the password validation. I do think we need to evaluate how we test. Do we have a test that explicitly looks for this issue? If not, we should. I also think that when our individual tests should start with a clean state (i.e. not leverage previous test's user information). Some of the test I have written do not follow this strategy, so I think a PR to fix that is in order. WDYT? |
Yes one of the user tests in the model has a test for changing a password and confirming that a new hash is generated. Maybe we can enhance it with another test for pre-validations? maybe there's already one, I'm not sure. We need to take another look at the tests in the user model. The tests do start with a clean slate (although some are dependent on the other so they don't clean) Take a look at them |
While running the server tests, I'm periodically running into an issue with some of the User CRUD tests. I would get a model validation error on the
password
field. Each time, the validation was complaining about the "may not contain sequences of three or more..". I would re-run the tests and may, or may not, run into this issue again.Today, I decided to dig a bit deeper into this. What it looks like to me is the following tests are attempting to re-save the hashed password. Once I realized this, the issue appearing only periodically made sense. The hashed password isn't always going to contain 3 or more consecutive characters.
We fixed pretty much the same issue with the User model's
pre('save')
method. But I think we now have to add that same fix to thepre('validate')
method usingthis.isModified('password')
This is only happening with these tests, since they re-save the user...
https://github.com/meanjs/mean/blob/master/modules/users/tests/server/user.server.routes.tests.js#L129-L265
@lirantal Would you agree with the suggested fix? I ask you because I know you're working directly with the User CRUD tests right now. You may have the most insight at this time.
@jloveland WDYT?
The text was updated successfully, but these errors were encountered: