inject more french dictionnaries to zxcvbn lib

config/initializers/zxcvbn.rb

@@ -1,9 +1,12 @@
 # frozen_string_literal: true
 
-path = Rails.root.join("config/words_fr_frequency_list.txt")
-lines = path.readlines.map(&:strip)
-filename = File.basename(path, ".*")
+new_frequency_lists = ['words_fr', 'passwords_fr', 'surnames_fr', 'female_names_fr', 'male_names_fr'].index_with do |n|
+    Zxcvbn.file_enumerator(Rails.root.join("config/zxcvbn_frequency_lists/#{n}.txt"))
+  end
+
+new_ranked_dictionary = new_frequency_lists.transform_values do |lst|
+  Zxcvbn::Matching.build_ranked_dict(lst)
+end
 
-new_ranked_dictionary = Hash[filename, Zxcvbn::Matching.build_ranked_dict(lines)]
 # Zxcvbn::Matching::RANKED_DICTIONARIES.merge! new_ranked_dictionary
 Zxcvbn::Matching::RANKED_DICTIONARIES = new_ranked_dictionary

config/words_fr_frequency_list.txt

@@ -1,4 +0,0 @@
-password
-00000000
-test
-azerty

config/zxcvbn_frequency_lists/female_names_fr.txt

@@ -0,0 +1,100 @@
+Marie
+Julie
+Camille
+Emilie
+Aurélie
+Léa
+Manon
+Elodie
+Laura
+Sarah
+Chloé
+Pauline
+Anaïs
+Céline
+Audrey
+Marine
+Marion
+Mélanie
+Emma
+Lucie
+Mathilde
+Charlotte
+Amandine
+Stéphanie
+Sophie
+Laetitia
+Justine
+Clara
+Océane
+Caroline
+Inès
+Claire
+Amélie
+Virginie
+Morgane
+Sabrina
+Jessica
+Fanny
+Jade
+Juliette
+Mélissa
+Jennifer
+Eva
+Vanessa
+Cindy
+Lisa
+Louise
+Alexandra
+Clémence
+Alice
+Lola
+Aurore
+Cécile
+Elise
+Delphine
+Noemie
+Margaux
+Coralie
+Hélène
+Célia
+Maeva
+Angelique
+Romane
+Sandra
+Estelle
+Adeline
+Alicia
+Zoé
+Sandrine
+Jeanne
+Laure
+Elisa
+Christell
+Anne
+Léna
+Nathalie
+Margot
+Julia
+Ludivine
+Ophélie
+Sonia
+Elsa
+Agathe
+Myriam
+Emmanuelle
+Lilou
+Alexia
+Charlène
+Emeline
+Marina
+Ambre
+Gaelle
+Lina
+Anna
+Lou
+Isabelle
+Solène
+Laurie
+Nina
+Maelys

config/zxcvbn_frequency_lists/male_names_fr.txt

@@ -0,0 +1,100 @@
+Nicolas
+Julien
+Thomas
+Alexandre
+Maxime
+Romain
+Guillaume
+Anthony
+Kevin
+Antoine
+Lucas
+Sébastien
+Clément
+Benjamin
+Pierre
+Mathieu
+Quentin
+Florian
+Vincent
+Alexis
+David
+Hugo
+Jeremy
+Théo
+Jonathan
+Damien
+Adrien
+Enzo
+Valentin
+Louis
+Nathan
+Paul
+Baptiste
+Mickael
+Cedric
+Raphaël
+Arthur
+Christophe
+Loïc
+Aurélien
+Léo
+Arnaud
+Matthieu
+Fabien
+Tom
+Mathis
+Dylan
+Axel
+Ludovic
+Jerome
+Benoît
+Simon
+Gabriel
+Frédéric
+Olivier
+Rémi
+Samuel
+Jules
+Stéphane
+Sylvain
+Mohamed
+Jean
+Victor
+Jordan
+François
+Corentin
+Gregory
+Cyril
+Bastien
+Florent
+Yanis
+Thibault
+Maxence
+Yann
+Laurent
+Michael
+Mathéo
+Martin
+Gaëtan
+Mehdi
+Robin
+William
+Christopher
+Ethan
+Noah
+Charles
+Emmanuel
+Xavier
+Adam
+Tristan
+Yoann
+Tony
+Marc
+Dimitri
+Thibaut
+Rémy
+Evan
+Steven
+Dorian
+Franck

config/zxcvbn_frequency_lists/surnames_fr.txt

@@ -0,0 +1,200 @@
+Martin
+Bernard
+Thomas
+Petit
+Robert
+Richard
+Dubois
+Durand
+Moreau
+Laurent
+Simon
+Michel
+Lefebvre
+Leroy
+David
+Roux
+Morel
+Bertrand
+Fournier
+Girard
+Fontaine
+Lambert
+Dupont
+Bonnet
+Rousseau
+Vincent
+Muller
+Lefevre
+Faure
+Andre
+Mercier
+Guerin
+Garcia
+Boyer
+Blanc
+Garnier
+Chevalier
+Francois
+Legrand
+Gauthier
+Perrin
+Robin
+Clement
+Morin
+Henry
+Nicolas
+Roussel
+Gautier
+Mathieu
+Masson
+Duval
+Marchand
+Denis
+Lemaire
+Dumont
+Marie
+Noel
+Meyer
+Dufour
+Meunier
+Martinez
+Blanchard
+Brun
+Riviere
+Lucas
+Joly
+Giraud
+Brunet
+Gaillard
+Barbier
+Gerard
+Arnaud
+Renard
+Roche
+Schmitt
+Roy
+Leroux
+Caron
+Colin
+Vidal
+Picard
+Roger
+Fabre
+Aubert
+Lemoine
+Renaud
+Dumas
+Payet
+Olivier
+Lacroix
+Philippe
+Pierre
+Bourgeois
+Lopez
+Benoit
+Leclerc
+Rey
+Leclercq
+Sanchez
+Lecomte
+Rolland
+Guillaume
+Jean
+Hubert
+Dupuy
+Carpentier
+Guillot
+Berger
+Perez
+Dupuis
+Louis
+Moulin
+Deschamps
+Vasseur
+Huet
+Boucher
+Fernandez
+Fleury
+Adam
+Royer
+Paris
+Jacquet
+Klein
+Poirier
+Charles
+Aubry
+Guyot
+Carre
+Renault
+Menard
+Maillard
+Charpentier
+Marty
+Bertin
+Baron
+Da Silva
+Bailly
+Herve
+Schneider
+Le Gall
+Collet
+Leger
+Bouvier
+Julien
+Prevost
+Millet
+Le Roux
+Daniel
+Perrot
+Cousin
+Germain
+Breton
+Rodriguez
+Langlois
+Remy
+Besson
+Leveque
+Le Goff
+Pelletier
+Leblanc
+Barre
+Lebrun
+Grondin
+Perrier
+Marchal
+Weber
+Boulanger
+Mallet
+Hamon
+Jacob
+Monnier
+Michaud
+Guichard
+Poulain
+Etienne
+Gillet
+Hoarau
+Tessier
+Chevallier
+Collin
+Lemaitre
+Benard
+Chauvin
+Bouchet
+Marechal
+Gay
+Humbert
+Gonzalez
+Antoine
+Perret
+Reynaud
+Cordier
+Lejeune
+Barthelemy
+Delaunay
+Carlier
+Pichon
+Pasquier
+Lamy
+Gilbert

spec/controllers/password_complexity_controller_spec.rb

@@ -3,7 +3,7 @@
 describe PasswordComplexityController, type: :controller do
   describe '#show' do
     let(:params) do
-      { user: { password: 'moderately complex password' } }
+      { user: { password: 'motDePasseTropFacile' } }
     end
 
     subject { get :show, format: :turbo_stream, params: params }
@@ -15,7 +15,7 @@ describe PasswordComplexityController, type: :controller do
 
     context 'with a different resource name' do
       let(:params) do
-        { super_admin: { password: 'moderately complex password' } }
+        { super_admin: { password: 'motDePasseTropFacile' } }
       end
 
       it 'computes a password score' do

spec/models/user_spec.rb

@@ -390,7 +390,7 @@ describe User, type: :model do
     # 2 - somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
     # 3 - safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
     # 4 - very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)
-    passwords = ['000000000000', '123456789123', 'megapass2024', 'lesdémarches', '{My-$3cure-p4ssWord}']
+    passwords = ['000000000000', '123456789123', '123456789 123', 'lesdémarches', '{My-$3cure-p4ssWord}']
     min_complexity = PASSWORD_COMPLEXITY_FOR_ADMIN
 
     subject do

spec/services/zxcvbn_service_spec.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 describe ZxcvbnService do
-  let(:password) { 'medium-strength-password' }
+  let(:password) { SECURE_PASSWORD }
   subject(:service) { ZxcvbnService.new(password) }
 
   describe '#score' do
@@ -10,9 +10,16 @@ describe ZxcvbnService do
     end
   end
 
-  describe '#complexity' do
-    it 'returns the password score, vulnerability and length' do
-      expect(service.complexity).to eq [4, 24]
+  describe '#complexity for strong password' do
+    it 'returns the password score and length' do
+      expect(service.complexity).to eq [4, 20]
+    end
+  end
+
+  describe '#complexity for not strong password' do
+    let(:password) { 'motdepassefrançais' }
+    it 'returns the password score and length' do
+      expect(service.complexity).to eq [1, 18]
     end
   end
 

spec/system/users/managing_password_spec.rb

@@ -33,7 +33,7 @@ describe 'Managing password:', js: true do
   context 'for admins' do
     let(:administrateur) { administrateurs(:default_admin) }
     let(:user) { administrateur.user }
-    let(:weak_password) { '12345678' }
+    let(:weak_password) { '000000000000' }
     let(:strong_password) { 'a new, long, and complicated password!' }
 
     scenario 'an admin can reset their password' do
@@ -72,7 +72,7 @@ describe 'Managing password:', js: true do
 
   context 'for super-admins' do
     let(:super_admin) { create(:super_admin) }
-    let(:weak_password) { '12345678' }
+    let(:weak_password) { '000000000000' }
     let(:strong_password) { 'a new, long, and complicated password!' }
 
     scenario 'a super-admin can reset their password' do
@@ -109,8 +109,8 @@ describe 'Managing password:', js: true do
     visit edit_user_password_path(reset_password_token: 'invalid-password-token')
     expect(page).to have_content 'Changement de mot de passe'
 
-    fill_in 'user_password', with: 'SomePassword'
-    fill_in 'user_password_confirmation', with: 'SomePassword'
+    fill_in 'user_password', with: SECURE_PASSWORD
+    fill_in 'user_password_confirmation', with: SECURE_PASSWORD
     click_on 'Changer le mot de passe'
     expect(page).to have_content('Votre lien de nouveau mot de passe a expiré')
   end

spec/system/users/sign_up_spec.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-describe 'Signing up:' do
+describe 'Signing up:', js: true do
   let(:user_email) { generate :user_email }
   let(:user_password) { SECURE_PASSWORD }
   let(:procedure) { create :simple_procedure, :with_service }
@@ -24,7 +24,7 @@ describe 'Signing up:' do
       click_on "Créer un compte #{APPLICATION_NAME}"
       expect(page).to have_selector('.suspect-email', visible: false)
       fill_in 'Adresse électronique', with: 'bidou@yahoo.rf'
-      fill_in 'Mot de passe', with: '12345'
+      fill_in 'Mot de passe', with: '1 2 3 4 5 6 '
     end
 
     scenario 'they can accept the suggestion', js: true do
@@ -51,12 +51,12 @@ describe 'Signing up:' do
 
   scenario 'a new user can’t sign-up with too short password when visiting a procedure' do
     visit commencer_path(path: procedure.path)
-    click_on "Créer un compte #{APPLICATION_NAME}"
+    click_on 'Créer un compte'
 
     expect(page).to have_current_path new_user_registration_path
-    sign_up_with user_email, '1234567'
-    expect(page).to have_current_path user_registration_path
-    expect(page).to have_content "Le champ « Mot de passe » est trop court. Saisir un mot de passe avec au moins 12 caractères"
+    fill_in :user_email, with: user_email
+    fill_in :user_password, with: '1234567'
+    expect(page).to have_content "Le mot de passe doit faire au moins 12 caractères."
 
     # Then with a good password
     sign_up_with user_email, user_password