add complexity check to admin account creation

2020-09-17 15:53:03 +02:00 · 2020-09-17 15:53:03 +02:00 · 1e32a3c11f
commit 1e32a3c11f
parent 5a8fbde0e7
3 changed files with 39 additions and 0 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -54,6 +54,14 @@ class User < ApplicationRecord

  before_validation -> { sanitize_email(:email) }

+  validate :password_complexity, if: -> (u) { u.administrateur.present? && Devise.password_length.include?(u.password.try(:size)) }
+
+  def password_complexity
+    if password.present? && ZxcvbnService.new(password).score < PASSWORD_COMPLEXITY_FOR_ADMIN
+      errors.add(:password, :not_strong)
+    end
+  end
+
  # Override of Devise::Models::Confirmable#send_confirmation_instructions
  def send_confirmation_instructions
    unless @raw_confirmation_token
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@ -82,6 +82,7 @@ fr:
              taken: déjà utilisé
            password:
              too_short: 'est trop court'
+              not_strong: 'n’est pas assez complexe'
            password_confirmation:
              confirmation: ': Les deux mots de passe ne correspondent pas'
        invite:
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -295,4 +295,34 @@ describe User, type: :model do
      end
    end
  end
+
+  describe '#password_complexity' do
+    let(:email) { 'mail@beta.gouv.fr' }
+    let(:passwords) { ['pass', '12pass23', 'démarches ', 'démarches-simple', '{My-$3cure-p4ssWord}'] }
+    let(:administrateur) { build(:user, email: email, password: password, administrateur: build(:administrateur)) }
+    let(:min_complexity) { PASSWORD_COMPLEXITY_FOR_ADMIN }
+
+    subject do
+      administrateur.save
+      administrateur.errors.full_messages
+    end
+
+    context 'when password is too short' do
+      let(:password) { 's' * (PASSWORD_MIN_LENGTH - 1) }
+
+      it { expect(subject).to eq(["Le mot de passe est trop court"]) }
+    end
+
+    context 'when password is too simple' do
+      let(:password) { passwords[min_complexity - 1] }
+
+      it { expect(subject).to eq(["Le mot de passe n’est pas assez complexe"]) }
+    end
+
+    context 'when password is acceptable' do
+      let(:password) { passwords[min_complexity] }
+
+      it { expect(subject).to eq([]) }
+    end
+  end
 end