From ed8b19d2eb445631b70dcec6edd1f508a92af17c Mon Sep 17 00:00:00 2001
From: Pierre de La Morinerie <kemenaran@gmail.com>
Date: Tue, 31 Aug 2021 16:15:08 +0000
Subject: [PATCH] app: use password_complexity in
 Administrateurs::ActivateController

---
 app/views/administrateurs/activate/new.html.haml |  3 +--
 config/routes.rb                                 |  4 ----
 spec/features/admin/admin_creation_spec.rb       | 13 +++++++++++--
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/app/views/administrateurs/activate/new.html.haml b/app/views/administrateurs/activate/new.html.haml
index ae11eebdc..5d17e6aa8 100644
--- a/app/views/administrateurs/activate/new.html.haml
+++ b/app/views/administrateurs/activate/new.html.haml
@@ -16,7 +16,6 @@
 
       = f.label :password do
         Mot de passe
-
-      = render partial: 'shared/password/edit_password', locals: { form: f, controller: 'administrateurs/passwords' }
+      = render 'password_complexity/field', { form: f, test_complexity: true }
 
       = f.submit 'Continuer', class: 'button large primary expand', id: "submit-password", data: { disable_with: "Envoi..." }
diff --git a/config/routes.rb b/config/routes.rb
index 4b5de2c28..bc29a6f95 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -110,10 +110,6 @@ Rails.application.routes.draw do
     get '/users/password/reset-link-sent' => 'users/passwords#reset_link_sent'
   end
 
-  devise_scope :administrateur do
-    get '/administrateurs/password/test_strength' => 'administrateurs/passwords#test_strength'
-  end
-
   get 'password_complexity' => 'password_complexity#show', as: 'show_password_complexity'
 
   #
diff --git a/spec/features/admin/admin_creation_spec.rb b/spec/features/admin/admin_creation_spec.rb
index befcb152d..938bd1c56 100644
--- a/spec/features/admin/admin_creation_spec.rb
+++ b/spec/features/admin/admin_creation_spec.rb
@@ -2,6 +2,8 @@ feature 'As an administrateur', js: true do
   let(:super_admin) { create(:super_admin) }
   let(:admin_email) { 'new_admin@gouv.fr' }
   let(:new_admin) { Administrateur.by_email(admin_email) }
+  let(:weak_password) { '12345678' }
+  let(:strong_password) { 'a new, long, and complicated password!' }
 
   before do
     perform_enqueued_jobs do
@@ -9,14 +11,21 @@ feature 'As an administrateur', js: true do
     end
   end
 
-  scenario 'I can register' do
+  scenario 'I can register', js: true do
     expect(new_admin.reload.user.active?).to be(false)
 
     confirmation_email = open_email(admin_email)
     token_params = confirmation_email.body.match(/token=[^"]+/)
 
     visit "admin/activate?#{token_params}"
-    fill_in :administrateur_password, with: 'my-s3cure-p4ssword'
+    fill_in :administrateur_password, with: weak_password
+
+    expect(page).to have_text('Mot de passe très vulnérable')
+    expect(page).to have_button('Continuer', disabled: true)
+
+    fill_in :administrateur_password, with: strong_password
+    expect(page).to have_text('Mot de passe suffisamment fort et sécurisé')
+    expect(page).to have_button('Continuer', disabled: false)
 
     click_button 'Continuer'