devise: use password_complexity in User::PasswordsController

This fixes the password strength meter no longer being displayed when
an admin changes their password.

app/controllers/users/passwords_controller.rb

@@ -1,4 +1,6 @@
 class Users::PasswordsController < Devise::PasswordsController
+  include DevisePopulatedResource
+
   after_action :try_to_authenticate_instructeur, only: [:update]
   after_action :try_to_authenticate_administrateur, only: [:update]
 
@@ -8,19 +10,9 @@ class Users::PasswordsController < Devise::PasswordsController
   # end
 
   # POST /resource/password
-  def create
-    # Check the credentials associated to the mail to generate a correct reset link
-    email = params[:user][:email]
-    if Administrateur.by_email(email)
-      @devise_mapping = Devise.mappings[:administrateur]
-      params[:administrateur] = params[:user]
-      # uncomment to check password complexity for Instructeur
-      # elsif Instructeur.by_email(email)
-      #   @devise_mapping = Devise.mappings[:instructeur]
-      #   params[:instructeur] = params[:user]
-    end
-    super
-  end
+  # def create
+  #   super
+  # end
 
   # GET /resource/password/edit?reset_password_token=abcdef
   # def edit
@@ -67,15 +59,4 @@ class Users::PasswordsController < Devise::PasswordsController
       end
     end
   end
-
-  def test_strength
-    @score, @words, @length = ZxcvbnService.new(password_params[:password]).complexity
-    @min_length = PASSWORD_MIN_LENGTH
-    @min_complexity = PASSWORD_COMPLEXITY_FOR_USER
-    render 'shared/password/test_strength'
-  end
-
-  def password_params
-    params.require(:user).permit(:reset_password_token, :password)
-  end
 end

app/views/users/passwords/edit.html.haml

@@ -14,9 +14,9 @@
       = f.hidden_field :reset_password_token
 
       = f.label 'Nouveau mot de passe'
-      = f.password_field :password, autofocus: true, autocomplete: 'off'
+      = render 'password_complexity/field', { form: f, test_complexity: populated_resource.validate_password_complexity? }
 
       = f.label 'Confirmez le nouveau mot de passe'
       = f.password_field :password_confirmation, autocomplete: 'off'
 
-      = f.submit 'Changer le mot de passe', class: 'button primary'
+      = f.submit 'Changer le mot de passe', class: 'button large primary expand', id: "submit-password", data: { disable_with: "Envoi…" }

spec/features/users/managing_password_spec.rb

@@ -27,11 +27,12 @@ feature 'Managing password:' do
   end
 
   context 'for admins' do
-    let(:user) { create(:user) }
-    let(:administrateur) { create(:administrateur, user: user) }
-    let(:new_password) { 'a new, long, and complicated password!' }
+    let(:administrateur) { create(:administrateur) }
+    let(:user) { administrateur.user }
+    let(:weak_password) { '12345678' }
+    let(:strong_password) { 'a new, long, and complicated password!' }
 
-    scenario 'an admin can reset their password' do
+    scenario 'an admin can reset their password', js: true do
       visit root_path
       click_on 'Connexion'
       click_on 'Mot de passe oublié ?'
@@ -48,8 +49,16 @@ feature 'Managing password:' do
 
       expect(page).to have_content 'Changement de mot de passe'
 
-      fill_in 'user_password', with: new_password
-      fill_in 'user_password_confirmation', with: new_password
+      fill_in 'user_password', with: weak_password
+      fill_in 'user_password_confirmation', with: weak_password
+      expect(page).to have_text('Mot de passe très vulnérable')
+      expect(page).to have_button('Changer le mot de passe', disabled: true)
+
+      fill_in 'user_password', with: strong_password
+      fill_in 'user_password_confirmation', with: strong_password
+      expect(page).to have_text('Mot de passe suffisamment fort et sécurisé')
+      expect(page).to have_button('Changer le mot de passe', disabled: false)
+
       click_on 'Changer le mot de passe'
       expect(page).to have_content('Votre mot de passe a bien été modifié.')
     end