DGNum/demarches-normaliennes
15
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

models: improve password complexity specs

Browse source
This commit is contained in:
Pierre de La Morinerie 2021-09-09 09:40:23 -05:00
parent e97b7164dd
commit 586f8ec543
2 changed files with 43 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
spec/models/super_admin_spec.rb
View file

@ -69,35 +69,37 @@ describe SuperAdmin, type: :model do
# 2 - somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8) # 2 - somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
# 3 - safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10) # 3 - safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
# 4 - very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10) # 4 - very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)
passwords = ['pass', '12pass23', 'démarches ', 'démarches-simple', '{My-$3cure-p4ssWord}'] passwords = ['password', '12pass23', 'démarches ', 'démarches-simple', '{My-$3cure-p4ssWord}']
min_complexity = PASSWORD_COMPLEXITY_FOR_ADMIN min_complexity = PASSWORD_COMPLEXITY_FOR_ADMIN
let(:email) { 'mail@beta.gouv.fr' } let(:email) { 'mail@beta.gouv.fr' }
let(:super_admin) { build(:super_admin, email: email, password: password) } let(:super_admin) { build(:super_admin, email: email, password: password) }
subject do subject do
super_admin.save super_admin.valid?
super_admin.errors.full_messages super_admin.errors.full_messages
end end
context 'when password is too short' do context 'when the password is too short' do
let(:password) { 's' * (PASSWORD_MIN_LENGTH - 1) } let(:password) { 's' * (PASSWORD_MIN_LENGTH - 1) }
it { expect(subject).to eq(["Le mot de passe est trop court"]) } it 'reports an error about password length (but not about complexity)' do
expect(subject).to eq(["Le mot de passe est trop court"])
end
end end
context 'when password is too simple' do passwords[0..(min_complexity - 1)].each do |simple_password|
passwords[0..(min_complexity - 1)].each do |password| context 'when the password is long enough, but too simple' do
let(:password) { password } let(:password) { simple_password }
it { expect(subject).to eq(["Le mot de passe nest pas assez complexe"]) } it { expect(subject).to eq(["Le mot de passe nest pas assez complexe"]) }
end end
end end
context 'when password is acceptable' do context 'when the password is long and complex' do
let(:password) { passwords[min_complexity] } let(:password) { passwords[min_complexity] }
it { expect(subject).to eq([]) } it { expect(subject).to be_empty }
end end
end end
end end

53
spec/models/user_spec.rb
View file

@ -363,45 +363,56 @@ describe User, type: :model do
# 2 - somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8) # 2 - somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
# 3 - safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10) # 3 - safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
# 4 - very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10) # 4 - very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)
passwords = ['pass', '12pass23', 'démarches ', 'démarches-simple', '{My-$3cure-p4ssWord}'] passwords = ['password', '12pass23', 'démarches ', 'démarches-simple', '{My-$3cure-p4ssWord}']
min_complexity = PASSWORD_COMPLEXITY_FOR_ADMIN min_complexity = PASSWORD_COMPLEXITY_FOR_ADMIN
context 'administrateurs' do subject do
let(:email) { 'mail@beta.gouv.fr' } user.valid?
let(:administrateur) { build(:user, email: email, password: password, administrateur: build(:administrateur)) } user.errors.full_messages
end
subject do context 'for administrateurs' do
administrateur.save let(:user) { build(:user, email: 'admin@exemple.fr', password: password, administrateur: build(:administrateur)) }
administrateur.errors.full_messages
end
context 'when password is too short' do context 'when the password is too short' do
let(:password) { 's' * (PASSWORD_MIN_LENGTH - 1) } let(:password) { 's' * (PASSWORD_MIN_LENGTH - 1) }
it { expect(subject).to eq(["Le mot de passe est trop court"]) } it 'reports an error about password length (but not about complexity)' do
expect(subject).to eq(["Le mot de passe est trop court"])
end
end end
context 'when password is too simple' do passwords[0..(min_complexity - 1)].each do |simple_password|
passwords[0..(min_complexity - 1)].each do |password| context 'when the password is long enough, but too simple' do
let(:password) { password } let(:password) { simple_password }
it { expect(subject).to eq(["Le mot de passe nest pas assez complexe"]) } it { expect(subject).to eq(["Le mot de passe nest pas assez complexe"]) }
end end
end end
context 'when password is acceptable' do context 'when the password is long and complex' do
let(:password) { passwords[min_complexity] } let(:password) { passwords[min_complexity] }
it { expect(subject).to eq([]) } it { expect(subject).to be_empty }
end end
end end
context 'simple users' do context 'for simple users' do
passwords.each do |password| let(:user) { build(:user, email: 'user@exemple.fr', password: password) }
let(:user) { build(:user, email: 'some@email.fr', password: password) }
it 'has no complexity validation' do context 'when the password is too short' do
user.save let(:password) { 's' * (PASSWORD_MIN_LENGTH - 1) }
expect(user.errors.full_messages).to eq([])
it 'reports an error about password length (but not about complexity)' do
expect(subject).to eq(["Le mot de passe est trop court"])
end
end
context 'when the password is long enough, but simple' do
let(:password) { 'simple-password' }
it 'doesnt enforce the password complexity' do
expect(subject).to be_empty
end end
end end
end end