Compare commits

...

1 commit

Author SHA1 Message Date
Eugen Rochko
6989518052 Change min. password length from 8 to 12 2023-06-03 15:50:21 +02:00
6 changed files with 17 additions and 13 deletions

View file

@ -267,7 +267,7 @@ Devise.setup do |config|
# ==> Configuration for :validatable
# Range for password length.
config.password_length = 8..72
config.password_length = 12..72
# Email regex used to validate email formats. It simply asserts that
# one (and only one) @ exists in the given string. This is mainly

View file

@ -5,6 +5,8 @@ require 'rails_helper'
RSpec.describe Auth::RegistrationsController do
render_views
let(:password) { Faker::Internet.password(min_length: 12) }
shared_examples 'checks for enabled registrations' do |path|
around do |example|
registrations_mode = Setting.registrations_mode
@ -115,7 +117,7 @@ RSpec.describe Auth::RegistrationsController do
subject do
Setting.registrations_mode = 'open'
request.headers['Accept-Language'] = accept_language
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: password, password_confirmation: password, agreement: 'true' } }
end
around do |example|
@ -141,7 +143,7 @@ RSpec.describe Auth::RegistrationsController do
subject do
Setting.registrations_mode = 'open'
request.headers['Accept-Language'] = accept_language
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'false' } }
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: password, password_confirmation: password, agreement: 'false' } }
end
around do |example|
@ -161,7 +163,7 @@ RSpec.describe Auth::RegistrationsController do
subject do
Setting.registrations_mode = 'approved'
request.headers['Accept-Language'] = accept_language
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: password, password_confirmation: password, agreement: 'true' } }
end
around do |example|
@ -189,7 +191,7 @@ RSpec.describe Auth::RegistrationsController do
Setting.registrations_mode = 'approved'
request.headers['Accept-Language'] = accept_language
invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.ago)
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', invite_code: invite.code, agreement: 'true' } }
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: password, password_confirmation: password, invite_code: invite.code, agreement: 'true' } }
end
around do |example|
@ -219,7 +221,7 @@ RSpec.describe Auth::RegistrationsController do
Setting.require_invite_text = true
request.headers['Accept-Language'] = accept_language
invite = Fabricate(:invite, user: inviter, max_uses: nil, expires_at: 1.hour.from_now)
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', invite_code: invite.code, agreement: 'true' } }
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: password, password_confirmation: password, invite_code: invite.code, agreement: 'true' } }
end
around do |example|

View file

@ -5,7 +5,8 @@ require 'rails_helper'
describe Settings::Migration::RedirectsController do
render_views
let!(:user) { Fabricate(:user, password: 'testtest') }
let(:password) { Faker::Internet.password(min_length: 12) }
let(:user) { Fabricate(:user, password: password) }
before do
sign_in user, scope: :user
@ -30,7 +31,7 @@ describe Settings::Migration::RedirectsController do
before { stub_resolver }
it 'redirects to the settings migration path' do
post :create, params: { form_redirect: { acct: 'new@host.com', current_password: 'testtest' } }
post :create, params: { form_redirect: { acct: 'new@host.com', current_password: password } }
expect(response).to redirect_to(settings_migration_path)
end

View file

@ -3,7 +3,7 @@
Fabricator(:user) do
account { Fabricate.build(:account, user: nil) }
email { sequence(:email) { |i| "#{i}#{Faker::Internet.email}" } }
password '123456789'
password { Faker::Internet.password(min_length: 12) }
confirmed_at { Time.zone.now }
current_sign_in_at { Time.zone.now }
agreement true

View file

@ -4,7 +4,7 @@ require 'rails_helper'
require 'devise_two_factor/spec_helpers'
RSpec.describe User do
let(:password) { 'abcd1234' }
let(:password) { Faker::Internet.password(min_length: 12) }
let(:account) { Fabricate(:account, username: 'alice') }
it_behaves_like 'two_factor_backupable'
@ -426,7 +426,7 @@ RSpec.describe User do
end
describe '#reset_password!' do
subject(:user) { Fabricate(:user, password: 'foobar12345') }
subject(:user) { Fabricate(:user, password: password) }
let!(:session_activation) { Fabricate(:session_activation, user: user) }
let!(:access_token) { Fabricate(:access_token, resource_owner_id: user.id) }
@ -437,7 +437,7 @@ RSpec.describe User do
end
it 'changes the password immediately' do
expect(user.external_or_valid_password?('foobar12345')).to be false
expect(user.external_or_valid_password?(password)).to be false
end
it 'deactivates all sessions' do

View file

@ -5,8 +5,9 @@ require 'rails_helper'
RSpec.describe AppSignUpService, type: :service do
subject { described_class.new }
let(:password) { Faker::Internet.password(min_length: 12) }
let(:app) { Fabricate(:application, scopes: 'read write') }
let(:good_params) { { username: 'alice', password: '12345678', email: 'good@email.com', agreement: true } }
let(:good_params) { { username: 'alice', password: password, email: 'good@email.com', agreement: true } }
let(:remote_ip) { IPAddr.new('198.0.2.1') }
describe '#call' do