devise: use password_complexity in User::PasswordsController

This fixes the password strength meter no longer being displayed when
an admin changes their password.
This commit is contained in:
Pierre de La Morinerie 2021-09-02 19:20:30 +00:00
parent ed8b19d2eb
commit 62e4f7ee32
3 changed files with 22 additions and 32 deletions

View file

@ -1,4 +1,6 @@
class Users::PasswordsController < Devise::PasswordsController
include DevisePopulatedResource
after_action :try_to_authenticate_instructeur, only: [:update]
after_action :try_to_authenticate_administrateur, only: [:update]
@ -8,19 +10,9 @@ class Users::PasswordsController < Devise::PasswordsController
# end
# POST /resource/password
def create
# Check the credentials associated to the mail to generate a correct reset link
email = params[:user][:email]
if Administrateur.by_email(email)
@devise_mapping = Devise.mappings[:administrateur]
params[:administrateur] = params[:user]
# uncomment to check password complexity for Instructeur
# elsif Instructeur.by_email(email)
# @devise_mapping = Devise.mappings[:instructeur]
# params[:instructeur] = params[:user]
end
super
end
# def create
# super
# end
# GET /resource/password/edit?reset_password_token=abcdef
# def edit
@ -67,15 +59,4 @@ class Users::PasswordsController < Devise::PasswordsController
end
end
end
def test_strength
@score, @words, @length = ZxcvbnService.new(password_params[:password]).complexity
@min_length = PASSWORD_MIN_LENGTH
@min_complexity = PASSWORD_COMPLEXITY_FOR_USER
render 'shared/password/test_strength'
end
def password_params
params.require(:user).permit(:reset_password_token, :password)
end
end

View file

@ -14,9 +14,9 @@
= f.hidden_field :reset_password_token
= f.label 'Nouveau mot de passe'
= f.password_field :password, autofocus: true, autocomplete: 'off'
= render 'password_complexity/field', { form: f, test_complexity: populated_resource.validate_password_complexity? }
= f.label 'Confirmez le nouveau mot de passe'
= f.password_field :password_confirmation, autocomplete: 'off'
= f.submit 'Changer le mot de passe', class: 'button primary'
= f.submit 'Changer le mot de passe', class: 'button large primary expand', id: "submit-password", data: { disable_with: "Envoi…" }

View file

@ -27,11 +27,12 @@ feature 'Managing password:' do
end
context 'for admins' do
let(:user) { create(:user) }
let(:administrateur) { create(:administrateur, user: user) }
let(:new_password) { 'a new, long, and complicated password!' }
let(:administrateur) { create(:administrateur) }
let(:user) { administrateur.user }
let(:weak_password) { '12345678' }
let(:strong_password) { 'a new, long, and complicated password!' }
scenario 'an admin can reset their password' do
scenario 'an admin can reset their password', js: true do
visit root_path
click_on 'Connexion'
click_on 'Mot de passe oublié ?'
@ -48,8 +49,16 @@ feature 'Managing password:' do
expect(page).to have_content 'Changement de mot de passe'
fill_in 'user_password', with: new_password
fill_in 'user_password_confirmation', with: new_password
fill_in 'user_password', with: weak_password
fill_in 'user_password_confirmation', with: weak_password
expect(page).to have_text('Mot de passe très vulnérable')
expect(page).to have_button('Changer le mot de passe', disabled: true)
fill_in 'user_password', with: strong_password
fill_in 'user_password_confirmation', with: strong_password
expect(page).to have_text('Mot de passe suffisamment fort et sécurisé')
expect(page).to have_button('Changer le mot de passe', disabled: false)
click_on 'Changer le mot de passe'
expect(page).to have_content('Votre mot de passe a bien été modifié.')
end