Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fixes #3106 - improve weak password error on initial user creation

Browse source
This commit is contained in:
Mantas Masalskis 2020-07-13 13:27:44 +02:00 committed by Thorsten Eckel
parent dc69141877
commit 236ef88d93
4 changed files with 43 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
app/assets/javascripts/app/controllers/getting_started.coffee
View file

@ -187,7 +187,7 @@ class Admin extends App.WizardFullScreen
@html App.view('getting_started/admin')() @html App.view('getting_started/admin')()
new App.ControllerForm( @form = new App.ControllerForm(
el: @$('.js-admin-form') el: @$('.js-admin-form')
model: App.User model: App.User
screen: 'signup' screen: 'signup'
@ -208,9 +208,16 @@ class Admin extends App.WizardFullScreen
) )
if errors if errors
@log 'error new', errors @log 'error new', errors
# Only highlight, but don't add message. Error text breaks layout.
Object.keys(errors).forEach (key) ->
errors[key] = null
@formValidate(form: e.target, errors: errors) @formValidate(form: e.target, errors: errors)
@formEnable(e) @formEnable(e)
return false return false
else
@formValidate(form: e.target, errors: errors)
# save user # save user
user.save( user.save(
@ -231,11 +238,10 @@ class Admin extends App.WizardFullScreen
fail: (settings, details) => fail: (settings, details) =>
@formEnable(e) @formEnable(e)
App.Event.trigger 'notify', { if _.isArray(details.error)
type: 'error' @form.showAlert( App.i18n.translateInline( details.error[0], details.error[1] ) )
msg: App.i18n.translateContent(details.error_human || 'Can\'t create user!') else
timeout: 2500 @form.showAlert(details.error_human || details.error || 'Unable to create user!')
}
) )
relogin: (data, status, xhr) => relogin: (data, status, xhr) =>

10
app/assets/javascripts/app/controllers/signup.coffee
View file

@ -53,11 +53,19 @@ class Index extends App.ControllerContent
errors = user.validate( errors = user.validate(
screen: 'signup' screen: 'signup'
) )
if errors if errors
@log 'error new', errors @log 'error new', errors
# Only highlight, but don't add message. Error text breaks layout.
Object.keys(errors).forEach (key) ->
errors[key] = null
@formValidate(form: e.target, errors: errors) @formValidate(form: e.target, errors: errors)
@formEnable(e) @formEnable(e)
return false return false
else
@formValidate(form: e.target, errors: errors)
# save user # save user
user.save( user.save(
@ -70,7 +78,7 @@ class Index extends App.ControllerContent
if _.isArray(details.error) if _.isArray(details.error)
@form.showAlert( App.i18n.translateInline( details.error[0], details.error[1] ) ) @form.showAlert( App.i18n.translateInline( details.error[0], details.error[1] ) )
else else
@form.showAlert(details.error_human || details.error || 'Unable to update object!') @form.showAlert(details.error_human || details.error || 'Unable to create user!')
) )
resend: (e) => resend: (e) =>

5
app/controllers/users_controller.rb
View file

@ -143,10 +143,7 @@ class UsersController < ApplicationController
# check password policy # check password policy
if clean_params[:password].present? if clean_params[:password].present?
result = password_policy(clean_params[:password]) result = password_policy(clean_params[:password])
if result != true raise Exceptions::UnprocessableEntity, result if result != true
render json: { error: result }, status: :unprocessable_entity
return
end
end end
user = User.new(clean_params) user = User.new(clean_params)

23
spec/system/setup/system_spec.rb
View file

@ -1,6 +1,6 @@
require 'rails_helper' require 'rails_helper'
RSpec.describe 'System setup process', type: :system, set_up: false do RSpec.describe 'System setup process', type: :system, set_up: false, authenticated_as: false do
def fqdn def fqdn
match_data = %r{://(.+?)(:.+?|/.+?|)$}.match(app_host) match_data = %r{://(.+?)(:.+?|/.+?|)$}.match(app_host)
@ -9,7 +9,7 @@ RSpec.describe 'System setup process', type: :system, set_up: false do
raise "Unable to get fqdn based on #{app_host}" raise "Unable to get fqdn based on #{app_host}"
end end
it 'Setting up a new system', authenticated_as: false do it 'Setting up a new system' do
if !ENV['MAILBOX_INIT'] if !ENV['MAILBOX_INIT']
skip("NOTICE: Need MAILBOX_INIT as ENV variable like export MAILBOX_INIT='unittest01@znuny.com:somepass'") skip("NOTICE: Need MAILBOX_INIT as ENV variable like export MAILBOX_INIT='unittest01@znuny.com:somepass'")
@ -110,4 +110,23 @@ RSpec.describe 'System setup process', type: :system, set_up: false do
expect(page).to have_field('fqdn', with: fqdn) expect(page).to have_field('fqdn', with: fqdn)
end end
end end
# https://github.com/zammad/zammad/issues/3106
it 'Shows an error message if too weak password is filled in' do
visit '/'
click_on('Setup new System')
within('.js-admin') do
fill_in 'firstname', with: 'Test Master'
fill_in 'lastname', with: 'Agent'
fill_in 'email', with: 'master@example.com'
fill_in 'password', with: 'asd'
fill_in 'password_confirm', with: 'asd'
click_on('Create')
expect(page).to have_text 'Invalid password,'
end
end
end end