So I have the Salted Hash Login Generator-based access control up and running... very easily I must add. I have changed the salt in the hashing function for security against rainbow-type attacks, but now of course my unit tests fail (because the hashed password in the fixture does not match the password in the unit test). Is there an easy programmatic way to update the fixtures without hashing each one? -- Brad Ediger 866-EDIGERS
Hello Brad, Brad Ediger said the following on 2005-09-13 10:24:> So I have the Salted Hash Login Generator-based access control up and > running... very easily I must add. I have changed the salt in the > hashing function for security against rainbow-type attacks, but now of > course my unit tests fail (because the hashed password in the fixture > does not match the password in the unit test). Is there an easy > programmatic way to update the fixtures without hashing each one?The original LoginGenerator simply resets the salt to the expected value before running the tests. You can do something like this: -- account_test.rb require File.dirname(__FILE__) + ''/../test_helper'' # Set salt to ''change-me'' because that''s what the fixtures assume. class StaffMember @salt = ''change-me'' end Now, I don''t have SaltedLoginGenerator''s code before my eyes, but it should be along those lines. Bye ! François
On 9/13/05, François Beausoleil <fbeausoleil-IQIa899fVSs@public.gmane.org> wrote:> Hello Brad, > > Brad Ediger said the following on 2005-09-13 10:24: > > So I have the Salted Hash Login Generator-based access control up and > > running... very easily I must add. I have changed the salt in the > > hashing function for security against rainbow-type attacks, but now of > > course my unit tests fail (because the hashed password in the fixture > > does not match the password in the unit test). Is there an easy > > programmatic way to update the fixtures without hashing each one? > > The original LoginGenerator simply resets the salt to the expected value > before running the tests. You can do something like this: > > -- account_test.rb > require File.dirname(__FILE__) + ''/../test_helper'' > > # Set salt to ''change-me'' because that''s what the fixtures assume. > class StaffMember > @salt = ''change-me'' > endYes, this is exactly what needs to be done. I believe the most recent gem for the SH Login generator already has this in the functional test. Just change ''change-me'' in your controller and _not_ in the tests. Ken