[Fix #1285] Password strength is ensured when saving an administrateur
This commit is contained in:
parent
5d6f8de5a0
commit
499021588d
7 changed files with 75 additions and 23 deletions
|
@ -17,6 +17,17 @@ class Administrateur < ApplicationRecord
|
||||||
|
|
||||||
scope :inactive, -> { where(active: false) }
|
scope :inactive, -> { where(active: false) }
|
||||||
|
|
||||||
|
validate :password_complexity, if: Proc.new { |a| Devise.password_length.include?(a.password.try(:size)) }
|
||||||
|
|
||||||
|
def password_complexity
|
||||||
|
if password.present?
|
||||||
|
score = Zxcvbn.test(password, [], ZXCVBN_DICTIONNARIES).score
|
||||||
|
if score < 4
|
||||||
|
errors.add(:password, :not_strength)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def self.find_inactive_by_token(reset_password_token)
|
def self.find_inactive_by_token(reset_password_token)
|
||||||
self.inactive.with_reset_password_token(reset_password_token)
|
self.inactive.with_reset_password_token(reset_password_token)
|
||||||
end
|
end
|
||||||
|
|
15
config/locales/models/administrateur/fr.yml
Normal file
15
config/locales/models/administrateur/fr.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
fr:
|
||||||
|
activerecord:
|
||||||
|
attributes:
|
||||||
|
administrateur:
|
||||||
|
password: Le mot de passe
|
||||||
|
errors:
|
||||||
|
models:
|
||||||
|
administrateur:
|
||||||
|
attributes:
|
||||||
|
email:
|
||||||
|
blank: 'doit être rempli'
|
||||||
|
password:
|
||||||
|
too_short: 'est trop court'
|
||||||
|
blank: 'doit être rempli'
|
||||||
|
not_strength: "n'est pas assez complexe"
|
|
@ -7,9 +7,9 @@ describe Gestionnaires::PasswordsController, type: :controller do
|
||||||
|
|
||||||
describe "update" do
|
describe "update" do
|
||||||
context "unified login" do
|
context "unified login" do
|
||||||
let(:gestionnaire) { create(:gestionnaire, email: 'unique@plop.com', password: 'password') }
|
let(:gestionnaire) { create(:gestionnaire, email: 'unique@plop.com', password: 'un super mot de passe') }
|
||||||
let(:user) { create(:user, email: 'unique@plop.com', password: 'password') }
|
let(:user) { create(:user, email: 'unique@plop.com', password: 'un super mot de passe') }
|
||||||
let(:administrateur) { create(:administrateur, email: 'unique@plop.com', password: 'password') }
|
let(:administrateur) { create(:administrateur, email: 'unique@plop.com', password: 'un super mot de passe') }
|
||||||
|
|
||||||
before do
|
before do
|
||||||
@token = gestionnaire.send(:set_reset_password_token)
|
@token = gestionnaire.send(:set_reset_password_token)
|
||||||
|
|
|
@ -7,9 +7,9 @@ describe Users::PasswordsController, type: :controller do
|
||||||
|
|
||||||
describe "update" do
|
describe "update" do
|
||||||
context "unified login" do
|
context "unified login" do
|
||||||
let(:user) { create(:user, email: 'unique@plop.com', password: 'password') }
|
let(:user) { create(:user, email: 'unique@plop.com', password: 'mot de passe complexe') }
|
||||||
let(:gestionnaire) { create(:gestionnaire, email: 'unique@plop.com', password: 'password') }
|
let(:gestionnaire) { create(:gestionnaire, email: 'unique@plop.com', password: 'mot de passe complexe') }
|
||||||
let(:administrateur) { create(:administrateur, email: 'unique@plop.com', password: 'password') }
|
let(:administrateur) { create(:administrateur, email: 'unique@plop.com', password: 'mot de passe complexe') }
|
||||||
|
|
||||||
before do
|
before do
|
||||||
@token = user.send(:set_reset_password_token)
|
@token = user.send(:set_reset_password_token)
|
||||||
|
@ -21,8 +21,8 @@ describe Users::PasswordsController, type: :controller do
|
||||||
put :update, params: {
|
put :update, params: {
|
||||||
user: {
|
user: {
|
||||||
reset_password_token: @token,
|
reset_password_token: @token,
|
||||||
password: "supersecret",
|
password: "mot de passe super secret",
|
||||||
password_confirmation: "supersecret",
|
password_confirmation: "mot de passe super secret",
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
expect(subject.current_user).to eq(user)
|
expect(subject.current_user).to eq(user)
|
||||||
|
@ -33,8 +33,8 @@ describe Users::PasswordsController, type: :controller do
|
||||||
put :update, params: {
|
put :update, params: {
|
||||||
user: {
|
user: {
|
||||||
reset_password_token: @token,
|
reset_password_token: @token,
|
||||||
password: "supersecret",
|
password: "mot de passe super secret",
|
||||||
password_confirmation: "supersecret",
|
password_confirmation: "mot de passe super secret",
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
expect(subject.current_user).to eq(user)
|
expect(subject.current_user).to eq(user)
|
||||||
|
|
|
@ -24,7 +24,7 @@ describe Users::SessionsController, type: :controller do
|
||||||
|
|
||||||
context "unified login" do
|
context "unified login" do
|
||||||
let(:email) { 'unique@plop.com' }
|
let(:email) { 'unique@plop.com' }
|
||||||
let(:password) { 'password' }
|
let(:password) { 'un super mot de passe' }
|
||||||
|
|
||||||
let(:user) { create(:user, email: email, password: password) }
|
let(:user) { create(:user, email: email, password: password) }
|
||||||
let(:gestionnaire) { create(:gestionnaire, email: email, password: password) }
|
let(:gestionnaire) { create(:gestionnaire, email: email, password: password) }
|
||||||
|
@ -80,8 +80,8 @@ describe Users::SessionsController, type: :controller do
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with different passwords' do
|
context 'with different passwords' do
|
||||||
let!(:gestionnaire) { create(:gestionnaire, email: email, password: 'another_password') }
|
let!(:gestionnaire) { create(:gestionnaire, email: email, password: 'mot de passe complexe') }
|
||||||
let!(:administrateur) { create(:administrateur, email: email, password: 'another_password') }
|
let!(:administrateur) { create(:administrateur, email: email, password: 'mot de passe complexe') }
|
||||||
|
|
||||||
before do
|
before do
|
||||||
user
|
user
|
||||||
|
@ -165,7 +165,7 @@ describe Users::SessionsController, type: :controller do
|
||||||
end
|
end
|
||||||
|
|
||||||
context "when associated administrateur" do
|
context "when associated administrateur" do
|
||||||
let(:administrateur) { create(:administrateur, email: 'unique@plop.com', password: 'password') }
|
let(:administrateur) { create(:administrateur, email: 'unique@plop.com') }
|
||||||
|
|
||||||
it 'signs user + gestionnaire + administrateur out' do
|
it 'signs user + gestionnaire + administrateur out' do
|
||||||
sign_in user
|
sign_in user
|
||||||
|
|
|
@ -2,6 +2,6 @@ FactoryBot.define do
|
||||||
sequence(:administrateur_email) { |n| "admin#{n}@admin.com" }
|
sequence(:administrateur_email) { |n| "admin#{n}@admin.com" }
|
||||||
factory :administrateur do
|
factory :administrateur do
|
||||||
email { generate(:administrateur_email) }
|
email { generate(:administrateur_email) }
|
||||||
password { 'password' }
|
password { 'mon chien aime les bananes' }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -9,7 +9,7 @@ describe Administrateur, type: :model do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'after_save' do
|
describe 'after_save' do
|
||||||
subject { described_class.new(email: 'toto@tps.com', password: 'password') }
|
subject { create(:administrateur) }
|
||||||
before do
|
before do
|
||||||
subject.save
|
subject.save
|
||||||
end
|
end
|
||||||
|
@ -19,7 +19,7 @@ describe Administrateur, type: :model do
|
||||||
describe 'generate_api_token' do
|
describe 'generate_api_token' do
|
||||||
let(:token) { 'bullshit' }
|
let(:token) { 'bullshit' }
|
||||||
let(:new_token) { 'pocket_master' }
|
let(:new_token) { 'pocket_master' }
|
||||||
let!(:admin_1) { create(:administrateur, email: 'toto@tps.com', password: 'password', api_token: token) }
|
let!(:admin_1) { create(:administrateur, api_token: token) }
|
||||||
before do
|
before do
|
||||||
allow(SecureRandom).to receive(:hex).and_return(token, new_token)
|
allow(SecureRandom).to receive(:hex).and_return(token, new_token)
|
||||||
admin_1.renew_api_token
|
admin_1.renew_api_token
|
||||||
|
@ -34,22 +34,22 @@ describe Administrateur, type: :model do
|
||||||
administrateur = create(:administrateur)
|
administrateur = create(:administrateur)
|
||||||
user = create(:user, email: administrateur.email)
|
user = create(:user, email: administrateur.email)
|
||||||
|
|
||||||
administrateur.update(email: 'whoami@plop.com', password: 'super secret')
|
administrateur.update(email: 'whoami@plop.com', password: 'voilà un super mdp')
|
||||||
|
|
||||||
user.reload
|
user.reload
|
||||||
expect(user.email).to eq('whoami@plop.com')
|
expect(user.email).to eq('whoami@plop.com')
|
||||||
expect(user.valid_password?('super secret')).to be(true)
|
expect(user.valid_password?('voilà un super mdp')).to be(true)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'syncs credentials to associated administrateur' do
|
it 'syncs credentials to associated administrateur' do
|
||||||
administrateur = create(:administrateur)
|
administrateur = create(:administrateur)
|
||||||
gestionnaire = create(:gestionnaire, email: administrateur.email)
|
gestionnaire = create(:gestionnaire, email: administrateur.email)
|
||||||
|
|
||||||
administrateur.update(email: 'whoami@plop.com', password: 'super secret')
|
administrateur.update(email: 'whoami@plop.com', password: 'et encore un autre mdp')
|
||||||
|
|
||||||
gestionnaire.reload
|
gestionnaire.reload
|
||||||
expect(gestionnaire.email).to eq('whoami@plop.com')
|
expect(gestionnaire.email).to eq('whoami@plop.com')
|
||||||
expect(gestionnaire.valid_password?('super secret')).to be(true)
|
expect(gestionnaire.valid_password?('et encore un autre mdp')).to be(true)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -64,8 +64,8 @@ describe Administrateur, type: :model do
|
||||||
let(:administrateur) { create(:administration).invite_admin('paul@tps.fr') }
|
let(:administrateur) { create(:administration).invite_admin('paul@tps.fr') }
|
||||||
let(:reset_password_token) { administrateur.invite!(administration.id) }
|
let(:reset_password_token) { administrateur.invite!(administration.id) }
|
||||||
|
|
||||||
it { expect(Administrateur.reset_password(reset_password_token, '12345678').errors).to be_empty }
|
it { expect(Administrateur.reset_password(reset_password_token, "j'aime manger des radis").errors).to be_empty }
|
||||||
it { expect(Administrateur.reset_password('123', '12345678').errors).not_to be_empty }
|
it { expect(Administrateur.reset_password('123', "j'aime manger des radis").errors).not_to be_empty }
|
||||||
it { expect(Administrateur.reset_password(reset_password_token, '').errors).not_to be_empty }
|
it { expect(Administrateur.reset_password(reset_password_token, '').errors).not_to be_empty }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -79,4 +79,30 @@ describe Administrateur, type: :model do
|
||||||
it { expect(administrateur.feature_enabled?(:champ_siret)).to be_falsey }
|
it { expect(administrateur.feature_enabled?(:champ_siret)).to be_falsey }
|
||||||
it { expect(administrateur.feature_enabled?(:champ_pj)).to be_truthy }
|
it { expect(administrateur.feature_enabled?(:champ_pj)).to be_truthy }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "#password_complexity" do
|
||||||
|
let(:administrateur) { build(:administrateur, password: password) }
|
||||||
|
|
||||||
|
subject do
|
||||||
|
administrateur.save
|
||||||
|
administrateur.errors[:password]
|
||||||
|
end
|
||||||
|
|
||||||
|
context "with a strong password" do
|
||||||
|
let(:password) { "la démat c'est simple" }
|
||||||
|
it { expect(subject).to eq([]) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context "with a weak password" do
|
||||||
|
let(:password) { "12345678" }
|
||||||
|
it { expect(subject).to include "n'est pas assez complexe" }
|
||||||
|
it { expect(subject).not_to include "est trop court" }
|
||||||
|
end
|
||||||
|
|
||||||
|
context "with a short password" do
|
||||||
|
let(:password) { "1" }
|
||||||
|
it { expect(subject).to include "est trop court" }
|
||||||
|
it { expect(subject).not_to include "n'est pas assez complexe" }
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue