Remove support for deprecated password-hashing algorithm

* Remove all methods implementing and checking for the old algorithm * Document a pre-upgrade step to check for remaining obsolete passwords * Remove config.salt
2026-01-10 11:18:51 +01:00 · 2014-11-15 09:46:59 -05:00 · 2014-11-15 09:46:59 -05:00 · ea0d40060a
commit ea0d40060a
parent 6caa2de318
19 changed files with 17 additions and 164 deletions
--- a/test/controllers/preferences_controller_test.rb
+++ b/test/controllers/preferences_controller_test.rb
@ -2,11 +2,6 @@ require 'test_helper'

 class PreferencesControllerTest < ActionController::TestCase

-  def setup
-    super
-    assert_equal "change-me", Tracks::Config.salt
-  end
-
  test "render_date_format requires login" do
    get :render_date_format
    assert_redirected_to login_path
--- a/test/controllers/users_controller_test.rb
+++ b/test/controllers/users_controller_test.rb
@ -18,7 +18,7 @@ class UsersControllerTest < ActionController::TestCase
    get :index
    assert_response :success
    assert_equal "TRACKS::Manage Users", assigns['page_title']
-    assert_equal 5, assigns['total_users']
+    assert_equal 4, assigns['total_users']
    assert_equal users_url, session['return-to']
  end

--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@ -48,13 +48,3 @@ ldap_user:
  first_name: International
  last_name: Harvester
  auth_type: CAS
-
-user_with_sha1_password:
-  id: 6
-  login: mr_deprecated
-  crypted_password: <%= Digest::SHA1::hexdigest("#{Tracks::Config.salt}--foobar--") %>
-  token: <%= Digest::SHA1.hexdigest("mr_deprecatedSun Feb 19 14:42:45 GMT 20060.408173979260027") %>
-  is_admin: false
-  first_name: Mister
-  last_name: Deprecated
-  auth_type: database
--- a/test/integration/users_xml_api_test.rb
+++ b/test/integration/users_xml_api_test.rb
@ -70,7 +70,7 @@ class UsersXmlApiTest < ActionDispatch::IntegrationTest
    get '/users.xml', {}, basic_auth_headers()
    assert_response :success
    assert_tag :tag => "users",
-               :children => { :count => 5, :only => { :tag => "user" } }
+               :children => { :count => 4, :only => { :tag => "user" } }
    assert_no_tag :tag => "password"
  end

--- a/test/models/preference_test.rb
+++ b/test/models/preference_test.rb
@ -4,7 +4,6 @@ class PreferenceTest < ActiveSupport::TestCase
  fixtures :users, :preferences

  def setup
-    assert_equal "change-me", Tracks::Config.salt
    @admin_user = User.find(1)
    @other_user = User.find(2)
  end
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@ -4,7 +4,6 @@ class UserTest < ActiveSupport::TestCase
  fixtures :users, :preferences, :projects, :contexts, :todos, :recurring_todos

  def setup
-    assert_equal "change-me", Tracks::Config.salt
    @admin_user = User.find(1)
    @other_user = User.find(2)
  end
@ -287,31 +286,10 @@ class UserTest < ActiveSupport::TestCase
    users(:other_user).forget_me
    assert_nil users(:other_user).remember_token
  end
-  
-  def test_should_discover_using_depracted_password
-    assert_nil @admin_user.uses_deprecated_password?
-    assert_nil @other_user.uses_deprecated_password?
-    assert users(:user_with_sha1_password).uses_deprecated_password?
-  end
-
-  def test_should_not_have_deprecated_password_after_update
-    u = users(:user_with_sha1_password)
-    assert u.uses_deprecated_password?
-    u.change_password("foobar", "foobar")
-    assert_nil u.uses_deprecated_password?
-  end
-
-  def test_should_authenticate_with_deprecated_password
-    assert_nil User.authenticate('mr_deprecated', 'wrong password')
-    assert_equal users(:user_with_sha1_password),
-      User.authenticate('mr_deprecated', 'foobar')
-  end

  def test_password_matches
    assert_not_nil User.authenticate(@admin_user.login, "abracadabra")
    assert_nil User.authenticate(@admin_user.login, "incorrect")
-    assert_not_nil User.authenticate(users(:user_with_sha1_password).login, "foobar")
-    assert_nil User.authenticate(users(:user_with_sha1_password).login, "wrong")
  end

  def test_update_positions_of_contexts
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@ -3,7 +3,7 @@ require File.expand_path('../../config/environment', __FILE__)
 require 'rails/test_help'

 # set config for tests. Overwrite those read from config/site.yml. Use inject to avoid warning about changing CONSTANT
-{ "salt" => "change-me", "authentication_schemes" => ["database"], "prefered_auth" => "database", "email_dispatch" => nil}.inject( SITE_CONFIG ) { |h, elem| h[elem[0]] = elem[1]; h }
+{ "authentication_schemes" => ["database"], "prefered_auth" => "database", "email_dispatch" => nil}.inject( SITE_CONFIG ) { |h, elem| h[elem[0]] = elem[1]; h }

 class ActiveSupport::TestCase
  # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order.