Merge pull request #6476 from betagouv/fix-password-complexity

This commit is contained in:
Pierre de La Morinerie 2021-09-21 10:38:39 -05:00 committed by GitHub
commit 0e4741ef99
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 35 additions and 7 deletions

View file

@ -2,9 +2,12 @@ module DevisePopulatedResource
extend ActiveSupport::Concern
# During a GET /password/edit, the resource is a brand new object.
# This method gives access to the actual resource record, complete with email, relationships, etc.
# This method gives access to the actual resource record (if available), complete with email, relationships, etc.
#
# If the resource can't be found (typically because the reset password token has expired),
# returns the default blank record.
def populated_resource
resource_class.with_reset_password_token(resource.reset_password_token)
resource_class.with_reset_password_token(resource.reset_password_token) || resource
end
included do

View file

@ -17,7 +17,10 @@ describe DevisePopulatedResource, type: :controller do
end
context 'when initiating a password reset' do
subject { get :edit, params: { reset_password_token: @token } }
subject { get :edit, params: { reset_password_token: token } }
context 'with a valid token' do
let(:token) { @token }
it 'returns the fully populated resource' do
subject
@ -26,6 +29,18 @@ describe DevisePopulatedResource, type: :controller do
end
end
context 'with an expired token' do
let(:token) { 'invalid-token' }
it 'returns a new blank resource' do
subject
expect(controller.populated_resource).to be_present
expect(controller.populated_resource.new_record?).to be(true)
expect(controller.populated_resource.email).to be_blank
end
end
end
context 'when submitting a password reset' do
subject { put :update, params: { user: { reset_password_token: @token } } }

View file

@ -98,4 +98,14 @@ feature 'Managing password:' do
expect(page).to have_content('Votre mot de passe a bien été modifié.')
end
end
scenario 'the password reset token has expired' do
visit edit_user_password_path(reset_password_token: 'invalid-password-token')
expect(page).to have_content 'Changement de mot de passe'
fill_in 'user_password', with: 'SomePassword'
fill_in 'user_password_confirmation', with: 'SomePassword'
click_on 'Changer le mot de passe'
expect(page).to have_content('Votre lien de nouveau mot de passe a expiré')
end
end