Home/ Questions/Q 8748937
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T12:36:38+00:00

I’m writing some unit tests to ensure a User model cannot have a password

  • 0

I’m writing some unit tests to ensure a User model cannot have a password < 8 characters long.

I started with a User model:

class User < ActiveRecord::Base
  ...
  validates :password, :length =>{
    :minimum => 90,
    :too_short => "password is too short, must be at least %{count} characters"
  }, :on => :create

end

And a user_spec.rb test:

describe User do
  subject { FactoryGirl.build :user }

 its(:password) { should have_at_least(8).items }
end

However I realised that this doesn’t actually test my validation, it just tests that my factory had a password >= 8 characters.

Is there a nice way to do this other than testing the valid? method for 0-7 character passwords?

My theory is that if I only test for 7 characters and someone accidentally hard codes that 4 characters passwords are OK this would pass validation but isn’t really what was intended.
There could be some code else where that depends on a password being more than 8 characters (not likely but in other situations could be true) and so allowing a password of 4 is incorrect.

In this case the person who changed the password validation in the model won’t know that that they’ve done anything wrong.

I’d just like to know how to properly test situations like this nicely with TDD.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Using the ensure_length_of matcher in thoughtbot’s shoulda matchers, you can do this:

    describe User do
  it { should validate_length_of(:password).is_at_least(8)
                                         .with_message(/password is too short/) }
end

    See also: How can I test :inclusion validation in Rails using RSpec

    • 0