Reinier Balt wrote:
> One problem I see is when people want to downgrade. You chop the
> password field back to 40 chars, but it will cause all users incapable
> of logging in. Perhaps we can put a default password in the password on
> migration.down? like sha1('secret123') so we leave Tracks operable on
> downgrade?
https://github.com/bsag/tracks-old/pull/26#issuecomment-2001500
Expressions '...should == @user' caused specs to fail because of
ArgumentError in 'User authentication resets password'
wrong number of arguments (0 for 1)
Replacing expectations declared for User objects with expectations declared
for their id fields solves the problem and doesn't change specs' logic.
BCrypt is regarded as a more secure alternative to hashing using message
digest algorithms, such as MD5 and SHA families [0, 1, 2]. Apart from
built-in salting it is adaptable to the increasing power of modern
processing units, which makes it more secure against brute-force cracking.
This commit makes all passwords hashed using BCrypt. The session tokens
remain generated using SHA1. Tests were updated, `rake test:units` and
`rake test:functionals` didn't report any regressions.
[0] http://bcrypt.sourceforge.net/
[1] http://en.wikipedia.org/w/index.php?title=Bcrypt&oldid=439692871
[2] eab1c72/README.md
There was a selenium test that verified that projects could not have
commas that was previously missed. Modify that test so that it verifies
that the project was created successfully.
There were several places where newer versions of gems were being
pulled. Those newer versions were breaking the functional tests and the
cucumber features.
Go back to known working versions of the gems that were causing failures
The default version of actionwebservice removes wsdl_service_name. The
dejan/actionwebservice repository from git is a fork of the datanoise
repository that we were using that has the gemspec fixed to not use a
specific version of Rails.
Add the Gemfile and Gemfile.lock files used to specify the dependencies
of the app.
The Gemfile specifies the dependencies and the Gemfile.lock is a
snapshot of the dependencies. If the Gemfile changes, then Bundler will
look at the differences between the Gemfile and the Gemfile.lock to
determine what other gems to install or upgrade
