Reputation: 2283
RSpec - The passwords in my test are not matching up
I wrote up a test that should describe the case where @user and found_user should be the same via password match. This also describes when they're different. I'm not using devise or anything, but rather building out my own authentication with has_secure_password
describe "return value of authenticate method" do
before { @user.save }
let(:found_user) { User.find_by(email: @user.email) }
describe "with a valid password" do
it { should eq found_user.authenticate(@user.password) }
end
describe "with an invalid password" do
let(:user_for_invalid_password) { found_user.authenticate('invalid') }
it { should_not eq user_for_invalid_password }
specify { expect(user_for_invalid_password).to be_false }
end
end
The part that's failing is with a valid password block. The error message clearly shows that password_digest isn't matching up
Here's the relavent output:
expected: password_digest: "$2a$04$cDKhuWzsZuW8Gm4t5fJjpu6rmbwh10ZAt2Yae.BO0iuD...">
got: password_digest: "$2a$04$jwfHjoLI0RpDIAEr9SMKGOZqeH.J5ILOkzalKCYQdDW4...">
I've attempted removing the @user.save in the before block thinking that might solve it, but it didn't.
I'm not really sure why they're coming up differently or what it is that I'm doing wrong. I'm fairly new to rspec and testing in general.
I should mention that my authenticate method is working in the rails console. So I have a situation where the application code works, but the tests are failing.
Any help would be much appreciated.
My user class is here: https://gist.github.com/DavidVII/f190d1f1e114234bb7d7
Thnx!
Upvotes: 2
Views: 2061
Answers (2)
Reputation: 1
describe "with an invalid password" do
let(:@user_for_invalid_password) { [email protected]('invalid') }
it { should_not eq @user_for_invalid_password }
specify { expect(@user_for_invalid_password).to be_falsey}
end
end
Upvotes: 0
Reputation: 27207
Your test won't work with bcrypt password hashing (I can tell this what you are using from the form of the string), as it generates a new random salt for each password change. This is a good thing, don't alter that behaviour.
So you should not write tests that look for stored passwords being equal to known values. It is not 100% clear if you intended that in the test, or have accidentally over-simplified the test due to all the abstraction you get though using has_secure_pasword, or some other thing has led you to the current code.
Instead, your tests around password handling should be more black box, and assert that you can log in with the known password, and not login with any others (including code-breaking cases such as nils, empty strings, super-long passwords and a string which matches the hashed password).
Upvotes: 4
Related Questions
- User password update rspec
- RSpec Rails NoMethodError: undefined method `password=' for User
- Reset Password testing with Rspec
- issues with testing authorization in Rails
- connected to db, but rspec says in `initialize': FATAL: password authentication failed for user "sample_app" (PG::Error)
- Test User Authentication with RSpec
- RSpec tests on has_secure_password strange behaviour
- I just can't get my valid password test to pass
- Password format in rails
- Why is rspec not updating the database record with a password reset token?