[Fix #1285] Password strength is ensured when saving an administrateur
This commit is contained in:
Mathieu Magnin
gregoirenovel
parent
5d6f8de5a0
commit
499021588d
7 changed files with 75 additions and 23 deletions
|
|
@ -17,6 +17,17 @@ class Administrateur < ApplicationRecord
|
|||
|
||||
scope :inactive, -> { where(active: false) }
|
||||
|
||||
validate :password_complexity, if: Proc.new { |a| Devise.password_length.include?(a.password.try(:size)) }
|
||||
|
||||
def password_complexity
|
||||
if password.present?
|
||||
score = Zxcvbn.test(password, [], ZXCVBN_DICTIONNARIES).score
|
||||
if score < 4
|
||||
errors.add(:password, :not_strength)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def self.find_inactive_by_token(reset_password_token)
|
||||
self.inactive.with_reset_password_token(reset_password_token)
|
||||
end
|
||||
|
|
|
|||
15
config/locales/models/administrateur/fr.yml
Normal file
15
config/locales/models/administrateur/fr.yml
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
fr:
|
||||
activerecord:
|
||||
attributes:
|
||||
administrateur:
|
||||
password: Le mot de passe
|
||||
errors:
|
||||
models:
|
||||
administrateur:
|
||||
attributes:
|
||||
email:
|
||||
blank: 'doit être rempli'
|
||||
password:
|
||||
too_short: 'est trop court'
|
||||
blank: 'doit être rempli'
|
||||
not_strength: "n'est pas assez complexe"
|
||||
|
|
@ -7,9 +7,9 @@ describe Gestionnaires::PasswordsController, type: :controller do
|
|||
|
||||
describe "update" do
|
||||
context "unified login" do
|
||||
let(:gestionnaire) { create(:gestionnaire, email: 'unique@plop.com', password: 'password') }
|
||||
let(:user) { create(:user, email: 'unique@plop.com', password: 'password') }
|
||||
let(:administrateur) { create(:administrateur, email: 'unique@plop.com', password: 'password') }
|
||||
let(:gestionnaire) { create(:gestionnaire, email: 'unique@plop.com', password: 'un super mot de passe') }
|
||||
let(:user) { create(:user, email: 'unique@plop.com', password: 'un super mot de passe') }
|
||||
let(:administrateur) { create(:administrateur, email: 'unique@plop.com', password: 'un super mot de passe') }
|
||||
|
||||
before do
|
||||
@token = gestionnaire.send(:set_reset_password_token)
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ describe Users::PasswordsController, type: :controller do
|
|||
|
||||
describe "update" do
|
||||
context "unified login" do
|
||||
let(:user) { create(:user, email: 'unique@plop.com', password: 'password') }
|
||||
let(:gestionnaire) { create(:gestionnaire, email: 'unique@plop.com', password: 'password') }
|
||||
let(:administrateur) { create(:administrateur, email: 'unique@plop.com', password: 'password') }
|
||||
let(:user) { create(:user, email: 'unique@plop.com', password: 'mot de passe complexe') }
|
||||
let(:gestionnaire) { create(:gestionnaire, email: 'unique@plop.com', password: 'mot de passe complexe') }
|
||||
let(:administrateur) { create(:administrateur, email: 'unique@plop.com', password: 'mot de passe complexe') }
|
||||
|
||||
before do
|
||||
@token = user.send(:set_reset_password_token)
|
||||
|
|
@ -21,8 +21,8 @@ describe Users::PasswordsController, type: :controller do
|
|||
put :update, params: {
|
||||
user: {
|
||||
reset_password_token: @token,
|
||||
password: "supersecret",
|
||||
password_confirmation: "supersecret",
|
||||
password: "mot de passe super secret",
|
||||
password_confirmation: "mot de passe super secret",
|
||||
}
|
||||
}
|
||||
expect(subject.current_user).to eq(user)
|
||||
|
|
@ -33,8 +33,8 @@ describe Users::PasswordsController, type: :controller do
|
|||
put :update, params: {
|
||||
user: {
|
||||
reset_password_token: @token,
|
||||
password: "supersecret",
|
||||
password_confirmation: "supersecret",
|
||||
password: "mot de passe super secret",
|
||||
password_confirmation: "mot de passe super secret",
|
||||
}
|
||||
}
|
||||
expect(subject.current_user).to eq(user)
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ describe Users::SessionsController, type: :controller do
|
|||
|
||||
context "unified login" do
|
||||
let(:email) { 'unique@plop.com' }
|
||||
let(:password) { 'password' }
|
||||
let(:password) { 'un super mot de passe' }
|
||||
|
||||
let(:user) { create(:user, email: email, password: password) }
|
||||
let(:gestionnaire) { create(:gestionnaire, email: email, password: password) }
|
||||
|
|
@ -80,8 +80,8 @@ describe Users::SessionsController, type: :controller do
|
|||
end
|
||||
|
||||
context 'with different passwords' do
|
||||
let!(:gestionnaire) { create(:gestionnaire, email: email, password: 'another_password') }
|
||||
let!(:administrateur) { create(:administrateur, email: email, password: 'another_password') }
|
||||
let!(:gestionnaire) { create(:gestionnaire, email: email, password: 'mot de passe complexe') }
|
||||
let!(:administrateur) { create(:administrateur, email: email, password: 'mot de passe complexe') }
|
||||
|
||||
before do
|
||||
user
|
||||
|
|
@ -165,7 +165,7 @@ describe Users::SessionsController, type: :controller do
|
|||
end
|
||||
|
||||
context "when associated administrateur" do
|
||||
let(:administrateur) { create(:administrateur, email: 'unique@plop.com', password: 'password') }
|
||||
let(:administrateur) { create(:administrateur, email: 'unique@plop.com') }
|
||||
|
||||
it 'signs user + gestionnaire + administrateur out' do
|
||||
sign_in user
|
||||
|
|
|
|||
|
|
@ -2,6 +2,6 @@ FactoryBot.define do
|
|||
sequence(:administrateur_email) { |n| "admin#{n}@admin.com" }
|
||||
factory :administrateur do
|
||||
email { generate(:administrateur_email) }
|
||||
password { 'password' }
|
||||
password { 'mon chien aime les bananes' }
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ describe Administrateur, type: :model do
|
|||
end
|
||||
|
||||
describe 'after_save' do
|
||||
subject { described_class.new(email: 'toto@tps.com', password: 'password') }
|
||||
subject { create(:administrateur) }
|
||||
before do
|
||||
subject.save
|
||||
end
|
||||
|
|
@ -19,7 +19,7 @@ describe Administrateur, type: :model do
|
|||
describe 'generate_api_token' do
|
||||
let(:token) { 'bullshit' }
|
||||
let(:new_token) { 'pocket_master' }
|
||||
let!(:admin_1) { create(:administrateur, email: 'toto@tps.com', password: 'password', api_token: token) }
|
||||
let!(:admin_1) { create(:administrateur, api_token: token) }
|
||||
before do
|
||||
allow(SecureRandom).to receive(:hex).and_return(token, new_token)
|
||||
admin_1.renew_api_token
|
||||
|
|
@ -34,22 +34,22 @@ describe Administrateur, type: :model do
|
|||
administrateur = create(:administrateur)
|
||||
user = create(:user, email: administrateur.email)
|
||||
|
||||
administrateur.update(email: 'whoami@plop.com', password: 'super secret')
|
||||
administrateur.update(email: 'whoami@plop.com', password: 'voilà un super mdp')
|
||||
|
||||
user.reload
|
||||
expect(user.email).to eq('whoami@plop.com')
|
||||
expect(user.valid_password?('super secret')).to be(true)
|
||||
expect(user.valid_password?('voilà un super mdp')).to be(true)
|
||||
end
|
||||
|
||||
it 'syncs credentials to associated administrateur' do
|
||||
administrateur = create(:administrateur)
|
||||
gestionnaire = create(:gestionnaire, email: administrateur.email)
|
||||
|
||||
administrateur.update(email: 'whoami@plop.com', password: 'super secret')
|
||||
administrateur.update(email: 'whoami@plop.com', password: 'et encore un autre mdp')
|
||||
|
||||
gestionnaire.reload
|
||||
expect(gestionnaire.email).to eq('whoami@plop.com')
|
||||
expect(gestionnaire.valid_password?('super secret')).to be(true)
|
||||
expect(gestionnaire.valid_password?('et encore un autre mdp')).to be(true)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -64,8 +64,8 @@ describe Administrateur, type: :model do
|
|||
let(:administrateur) { create(:administration).invite_admin('paul@tps.fr') }
|
||||
let(:reset_password_token) { administrateur.invite!(administration.id) }
|
||||
|
||||
it { expect(Administrateur.reset_password(reset_password_token, '12345678').errors).to be_empty }
|
||||
it { expect(Administrateur.reset_password('123', '12345678').errors).not_to be_empty }
|
||||
it { expect(Administrateur.reset_password(reset_password_token, "j'aime manger des radis").errors).to be_empty }
|
||||
it { expect(Administrateur.reset_password('123', "j'aime manger des radis").errors).not_to be_empty }
|
||||
it { expect(Administrateur.reset_password(reset_password_token, '').errors).not_to be_empty }
|
||||
end
|
||||
|
||||
|
|
@ -79,4 +79,30 @@ describe Administrateur, type: :model do
|
|||
it { expect(administrateur.feature_enabled?(:champ_siret)).to be_falsey }
|
||||
it { expect(administrateur.feature_enabled?(:champ_pj)).to be_truthy }
|
||||
end
|
||||
|
||||
describe "#password_complexity" do
|
||||
let(:administrateur) { build(:administrateur, password: password) }
|
||||
|
||||
subject do
|
||||
administrateur.save
|
||||
administrateur.errors[:password]
|
||||
end
|
||||
|
||||
context "with a strong password" do
|
||||
let(:password) { "la démat c'est simple" }
|
||||
it { expect(subject).to eq([]) }
|
||||
end
|
||||
|
||||
context "with a weak password" do
|
||||
let(:password) { "12345678" }
|
||||
it { expect(subject).to include "n'est pas assez complexe" }
|
||||
it { expect(subject).not_to include "est trop court" }
|
||||
end
|
||||
|
||||
context "with a short password" do
|
||||
let(:password) { "1" }
|
||||
it { expect(subject).to include "est trop court" }
|
||||
it { expect(subject).not_to include "n'est pas assez complexe" }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in a new issue