Merge pull request #6476 from betagouv/fix-password-complexity

This commit is contained in:
Pierre de La Morinerie 2021-09-21 10:38:39 -05:00 committed by GitHub
commit 0e4741ef99
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 35 additions and 7 deletions

View file

@ -2,9 +2,12 @@ module DevisePopulatedResource
extend ActiveSupport::Concern extend ActiveSupport::Concern
# During a GET /password/edit, the resource is a brand new object. # During a GET /password/edit, the resource is a brand new object.
# This method gives access to the actual resource record, complete with email, relationships, etc. # This method gives access to the actual resource record (if available), complete with email, relationships, etc.
#
# If the resource can't be found (typically because the reset password token has expired),
# returns the default blank record.
def populated_resource def populated_resource
resource_class.with_reset_password_token(resource.reset_password_token) resource_class.with_reset_password_token(resource.reset_password_token) || resource
end end
included do included do

View file

@ -17,12 +17,27 @@ describe DevisePopulatedResource, type: :controller do
end end
context 'when initiating a password reset' do context 'when initiating a password reset' do
subject { get :edit, params: { reset_password_token: @token } } subject { get :edit, params: { reset_password_token: token } }
it 'returns the fully populated resource' do context 'with a valid token' do
subject let(:token) { @token }
expect(controller.populated_resource.id).to eq(user.id)
expect(controller.populated_resource.email).to eq(user.email) it 'returns the fully populated resource' do
subject
expect(controller.populated_resource.id).to eq(user.id)
expect(controller.populated_resource.email).to eq(user.email)
end
end
context 'with an expired token' do
let(:token) { 'invalid-token' }
it 'returns a new blank resource' do
subject
expect(controller.populated_resource).to be_present
expect(controller.populated_resource.new_record?).to be(true)
expect(controller.populated_resource.email).to be_blank
end
end end
end end

View file

@ -98,4 +98,14 @@ feature 'Managing password:' do
expect(page).to have_content('Votre mot de passe a bien été modifié.') expect(page).to have_content('Votre mot de passe a bien été modifié.')
end end
end end
scenario 'the password reset token has expired' do
visit edit_user_password_path(reset_password_token: 'invalid-password-token')
expect(page).to have_content 'Changement de mot de passe'
fill_in 'user_password', with: 'SomePassword'
fill_in 'user_password_confirmation', with: 'SomePassword'
click_on 'Changer le mot de passe'
expect(page).to have_content('Votre lien de nouveau mot de passe a expiré')
end
end end