diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/users/passwords_controller.rb index a6921a188..945635d9e 100644 --- a/app/controllers/users/passwords_controller.rb +++ b/app/controllers/users/passwords_controller.rb @@ -1,4 +1,6 @@ class Users::PasswordsController < Devise::PasswordsController + include DevisePopulatedResource + after_action :try_to_authenticate_instructeur, only: [:update] after_action :try_to_authenticate_administrateur, only: [:update] @@ -8,19 +10,9 @@ class Users::PasswordsController < Devise::PasswordsController # end # POST /resource/password - def create - # Check the credentials associated to the mail to generate a correct reset link - email = params[:user][:email] - if Administrateur.by_email(email) - @devise_mapping = Devise.mappings[:administrateur] - params[:administrateur] = params[:user] - # uncomment to check password complexity for Instructeur - # elsif Instructeur.by_email(email) - # @devise_mapping = Devise.mappings[:instructeur] - # params[:instructeur] = params[:user] - end - super - end + # def create + # super + # end # GET /resource/password/edit?reset_password_token=abcdef # def edit @@ -67,15 +59,4 @@ class Users::PasswordsController < Devise::PasswordsController end end end - - def test_strength - @score, @words, @length = ZxcvbnService.new(password_params[:password]).complexity - @min_length = PASSWORD_MIN_LENGTH - @min_complexity = PASSWORD_COMPLEXITY_FOR_USER - render 'shared/password/test_strength' - end - - def password_params - params.require(:user).permit(:reset_password_token, :password) - end end diff --git a/app/views/users/passwords/edit.html.haml b/app/views/users/passwords/edit.html.haml index 33b8d466b..46d33dd55 100644 --- a/app/views/users/passwords/edit.html.haml +++ b/app/views/users/passwords/edit.html.haml @@ -14,9 +14,9 @@ = f.hidden_field :reset_password_token = f.label 'Nouveau mot de passe' - = f.password_field :password, autofocus: true, autocomplete: 'off' + = render 'password_complexity/field', { form: f, test_complexity: populated_resource.validate_password_complexity? } = f.label 'Confirmez le nouveau mot de passe' = f.password_field :password_confirmation, autocomplete: 'off' - = f.submit 'Changer le mot de passe', class: 'button primary' + = f.submit 'Changer le mot de passe', class: 'button large primary expand', id: "submit-password", data: { disable_with: "Envoi…" } diff --git a/spec/features/users/managing_password_spec.rb b/spec/features/users/managing_password_spec.rb index 16d16fe10..97d5c9946 100644 --- a/spec/features/users/managing_password_spec.rb +++ b/spec/features/users/managing_password_spec.rb @@ -27,11 +27,12 @@ feature 'Managing password:' do end context 'for admins' do - let(:user) { create(:user) } - let(:administrateur) { create(:administrateur, user: user) } - let(:new_password) { 'a new, long, and complicated password!' } + let(:administrateur) { create(:administrateur) } + let(:user) { administrateur.user } + let(:weak_password) { '12345678' } + let(:strong_password) { 'a new, long, and complicated password!' } - scenario 'an admin can reset their password' do + scenario 'an admin can reset their password', js: true do visit root_path click_on 'Connexion' click_on 'Mot de passe oublié ?' @@ -48,8 +49,16 @@ feature 'Managing password:' do expect(page).to have_content 'Changement de mot de passe' - fill_in 'user_password', with: new_password - fill_in 'user_password_confirmation', with: new_password + fill_in 'user_password', with: weak_password + fill_in 'user_password_confirmation', with: weak_password + expect(page).to have_text('Mot de passe très vulnérable') + expect(page).to have_button('Changer le mot de passe', disabled: true) + + fill_in 'user_password', with: strong_password + fill_in 'user_password_confirmation', with: strong_password + expect(page).to have_text('Mot de passe suffisamment fort et sécurisé') + expect(page).to have_button('Changer le mot de passe', disabled: false) + click_on 'Changer le mot de passe' expect(page).to have_content('Votre mot de passe a bien été modifié.') end