From 0b0e47b7cddb4bf0cd7fe786e8e988f7cac9380e Mon Sep 17 00:00:00 2001 From: Lisa Durand Date: Tue, 3 Sep 2024 17:45:37 +0200 Subject: [PATCH] change passwords in specs --- .../long_lived_authenticity_token_spec.rb | 2 +- spec/controllers/experts/avis_controller_spec.rb | 6 +++--- .../france_connect/particulier_controller_spec.rb | 4 ++-- .../gestionnaires/activate_controller_spec.rb | 2 +- spec/controllers/users/activate_controller_spec.rb | 2 +- spec/factories/expert.rb | 2 +- spec/factories/gestionnaire.rb | 2 +- spec/factories/instructeur.rb | 2 +- spec/models/user_spec.rb | 11 +++++++---- spec/spec_helper.rb | 2 +- spec/system/accessibilite/wcag_usager_spec.rb | 2 +- spec/system/forgery_spec.rb | 2 +- spec/system/routing/rules_full_scenario_spec.rb | 2 +- spec/system/users/managing_password_spec.rb | 2 +- 14 files changed, 23 insertions(+), 20 deletions(-) diff --git a/spec/controllers/application_controller/long_lived_authenticity_token_spec.rb b/spec/controllers/application_controller/long_lived_authenticity_token_spec.rb index 4f8e8aefe..38a58bcbc 100644 --- a/spec/controllers/application_controller/long_lived_authenticity_token_spec.rb +++ b/spec/controllers/application_controller/long_lived_authenticity_token_spec.rb @@ -61,7 +61,7 @@ end RSpec.describe "CSRF cleanup", type: :request do describe 'csrf_cleaner hook', :allow_forgery_protection do let(:user) { create(:user, password: password) } - let(:password) { 'my-very-secure-password' } + let(:password) { SECURE_PASSWORD } it 'refreshes the long-lived cookie after authentication' do get new_user_session_path diff --git a/spec/controllers/experts/avis_controller_spec.rb b/spec/controllers/experts/avis_controller_spec.rb index 01d082ef6..f1435d431 100644 --- a/spec/controllers/experts/avis_controller_spec.rb +++ b/spec/controllers/experts/avis_controller_spec.rb @@ -598,7 +598,7 @@ describe Experts::AvisController, type: :controller do context 'with a random avis, procedure and user' do let(:avis_id) { create(:avis).id } - let(:random_user) { create(:user) } + let(:random_user) { create(:user, password: '{Another-$3cure-p4ssWord}') } let(:email) { random_user.email } it 'doesn’t change the random user password' do @@ -613,7 +613,7 @@ describe Experts::AvisController, type: :controller do let(:avis) { create(:avis) } let(:avis_id) { avis.id } let(:procedure_id) { avis.procedure.id } - let(:random_user) { create(:user) } + let(:random_user) { create(:user, password: '{Another-$3cure-p4ssWord}') } let(:email) { random_user.email } it 'doesn’t change the random user password' do @@ -629,7 +629,7 @@ describe Experts::AvisController, type: :controller do it 'doesn’t change the expert password' do subject - expect(expert.user.reload.valid_password?(SECURE_PASSWORD)).to be false + expect(expert.user.reload.valid_password?('{Another-$3cure-p4ssWord}')).to be false end it { is_expected.to redirect_to new_user_session_url } diff --git a/spec/controllers/france_connect/particulier_controller_spec.rb b/spec/controllers/france_connect/particulier_controller_spec.rb index add906511..bdf717e27 100644 --- a/spec/controllers/france_connect/particulier_controller_spec.rb +++ b/spec/controllers/france_connect/particulier_controller_spec.rb @@ -394,7 +394,7 @@ describe FranceConnect::ParticulierController, type: :controller do fci.update!(requested_email: email.downcase) end - let!(:user) { create(:user, email:, password: 'abcdefgh') } + let!(:user) { create(:user, email:, password: SECURE_PASSWORD) } it 'merges the account, signs in, and delete the merge token' do subject @@ -408,7 +408,7 @@ describe FranceConnect::ParticulierController, type: :controller do end context 'but the targeted user is an instructeur' do - let!(:user) { create(:instructeur, email: email, password: 'abcdefgh').user } + let!(:user) { create(:instructeur, email: email, password: SECURE_PASSWORD).user } it 'redirects to the new session' do subject diff --git a/spec/controllers/gestionnaires/activate_controller_spec.rb b/spec/controllers/gestionnaires/activate_controller_spec.rb index 87430ae5a..df5c08492 100644 --- a/spec/controllers/gestionnaires/activate_controller_spec.rb +++ b/spec/controllers/gestionnaires/activate_controller_spec.rb @@ -23,7 +23,7 @@ describe Gestionnaires::ActivateController, type: :controller do describe '#create' do let!(:gestionnaire) { create(:gestionnaire) } let(:token) { gestionnaire.user.send(:set_reset_password_token) } - let(:password) { 'another-password-ok?' } + let(:password) { '{another-password-ok?}' } before { post :create, params: { gestionnaire: { reset_password_token: token, password: password } } } diff --git a/spec/controllers/users/activate_controller_spec.rb b/spec/controllers/users/activate_controller_spec.rb index bfbd7ef66..45d04e6d4 100644 --- a/spec/controllers/users/activate_controller_spec.rb +++ b/spec/controllers/users/activate_controller_spec.rb @@ -23,7 +23,7 @@ describe Users::ActivateController, type: :controller do describe '#create' do let!(:user) { create(:user) } let(:token) { user.send(:set_reset_password_token) } - let(:password) { 'another-password-ok?' } + let(:password) { '{another-password-ok?}' } before { post :create, params: { user: { reset_password_token: token, password: password } } } diff --git a/spec/factories/expert.rb b/spec/factories/expert.rb index d71224d2f..dc9ec2b81 100644 --- a/spec/factories/expert.rb +++ b/spec/factories/expert.rb @@ -8,7 +8,7 @@ FactoryBot.define do transient do email { generate(:expert_email) } - password { 'somethingverycomplated!' } + password { '{My-$3cure-p4ssWord}' } end end end diff --git a/spec/factories/gestionnaire.rb b/spec/factories/gestionnaire.rb index f9e1c5453..c44943700 100644 --- a/spec/factories/gestionnaire.rb +++ b/spec/factories/gestionnaire.rb @@ -8,7 +8,7 @@ FactoryBot.define do transient do email { generate(:gestionnaire_email) } - password { 'somethingverycomplated!' } + password { '{My-$3cure-p4ssWord}' } end end end diff --git a/spec/factories/instructeur.rb b/spec/factories/instructeur.rb index 31d9e8b02..1f55d57de 100644 --- a/spec/factories/instructeur.rb +++ b/spec/factories/instructeur.rb @@ -10,7 +10,7 @@ FactoryBot.define do transient do email { generate(:instructeur_email) } - password { '{my-%s3cure[]-p4$$w0rd' } + password { '{My-$3cure-p4ssWord}' } end trait :email_verified do diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 3ad7b89dd..3737d8a7a 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -103,7 +103,7 @@ describe User, type: :model do describe '.create_or_promote_to_instructeur' do let(:email) { 'inst1@gmail.com' } - let(:password) { 'un super password !' } + let(:password) { SECURE_PASSWORD } let(:admins) { [] } subject { User.create_or_promote_to_instructeur(email, password, administrateurs: admins) } @@ -437,10 +437,13 @@ describe User, type: :model do context 'when the password is long enough, but simple' do let(:password) { 'simple-password' } + it { expect(subject).to eq(["Le champ « Mot de passe » n’est pas assez complexe. Saisir un mot de passe plus complexe"]) } + end - it 'doesn’t enforce the password complexity' do - expect(subject).to be_empty - end + context 'when the password is long and complex' do + let(:password) { passwords[min_complexity] } + + it { expect(subject).to be_empty } end end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index c4b107c02..3de5955f2 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -24,7 +24,7 @@ require 'simplecov' if ENV["CI"] || ENV["COVERAGE"] # see config in .simplecov f require 'rspec/retry' -SECURE_PASSWORD = 'my-s3cure-p4ssword' +SECURE_PASSWORD = '{My-$3cure-p4ssWord}' RSpec.configure do |config| config.filter_run_excluding disable: true diff --git a/spec/system/accessibilite/wcag_usager_spec.rb b/spec/system/accessibilite/wcag_usager_spec.rb index 4ce2ebc0f..470431dba 100644 --- a/spec/system/accessibilite/wcag_usager_spec.rb +++ b/spec/system/accessibilite/wcag_usager_spec.rb @@ -2,7 +2,7 @@ describe 'wcag rules for usager', chrome: true do let(:procedure) { create(:procedure, :published, :with_service, :for_individual) } - let(:password) { 'a very complicated password' } + let(:password) { SECURE_PASSWORD } let(:litteraire_user) { create(:user, password: password) } def test_external_links_have_title_says_it_opens_in_a_new_tab diff --git a/spec/system/forgery_spec.rb b/spec/system/forgery_spec.rb index f60b19d88..ae331308c 100644 --- a/spec/system/forgery_spec.rb +++ b/spec/system/forgery_spec.rb @@ -2,7 +2,7 @@ describe 'Protecting against request forgeries:', :allow_forgery_protection, :show_exception_pages do let(:user) { create(:user, password: password) } - let(:password) { 'ThisIsTheUserPassword' } + let(:password) { SECURE_PASSWORD } before do visit new_user_session_path diff --git a/spec/system/routing/rules_full_scenario_spec.rb b/spec/system/routing/rules_full_scenario_spec.rb index 80283bfc5..3a418560c 100644 --- a/spec/system/routing/rules_full_scenario_spec.rb +++ b/spec/system/routing/rules_full_scenario_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true describe 'The routing with rules', js: true do - let(:password) { 'a very complicated password' } + let(:password) { SECURE_PASSWORD } let(:procedure) do create(:procedure, :with_service, :for_individual, :with_zone, types_de_champ_public: [ diff --git a/spec/system/users/managing_password_spec.rb b/spec/system/users/managing_password_spec.rb index 6965ac88e..002b7c9b6 100644 --- a/spec/system/users/managing_password_spec.rb +++ b/spec/system/users/managing_password_spec.rb @@ -3,7 +3,7 @@ describe 'Managing password:', js: true do context 'for simple users' do let(:user) { create(:user) } - let(:new_password) { 'a simple password' } + let(:new_password) { 'a new, long, and complicated password!' } scenario 'a simple user can reset their password' do visit root_path