Raise ArgumentError when calling change_password! with blank password (#333)

Spone · web-flow · commit b74751636ea0 · 2023-02-08T23:11:31.000Z
* Raise ArgumentError when calling change_password! with blank password

* Add CHANGELOG entry
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,8 @@
 # Changelog
 ## HEAD
 
+* Raise ArgumentError when calling change_password! with blank password [#333](https://github.com/Sorcery/sorcery/pull/333)
+
 ## 0.16.4
 
 * Adapt to open request protection strategy of rails 7.0 [#318](https://github.com/Sorcery/sorcery/pull/318)
diff --git a/lib/sorcery/model/submodules/reset_password.rb b/lib/sorcery/model/submodules/reset_password.rb
@@ -131,6 +131,8 @@ def change_password(new_password, raise_on_failure: false)
           end
 
           def change_password!(new_password)
+            raise ArgumentError, 'Blank password passed to change_password!' if new_password.blank?
+
             change_password(new_password, raise_on_failure: true)
           end
 
diff --git a/spec/shared_examples/user_reset_password_shared_examples.rb b/spec/shared_examples/user_reset_password_shared_examples.rb
@@ -328,6 +328,18 @@
       expect(user.reset_password_token).to be_nil
     end
 
+    it 'when change_password! is called with empty argument, raise an exception' do
+      expect {
+        user.change_password!('')
+      }.to raise_error(ArgumentError, 'Blank password passed to change_password!')
+    end
+
+    it 'when change_password! is called with nil argument, raise an exception' do
+      expect {
+        user.change_password!(nil)
+      }.to raise_error(ArgumentError, 'Blank password passed to change_password!')
+    end
+
     it 'when change_password is called, deletes reset_password_token and calls #save' do
       new_password = 'blabulsdf'
 
