TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36255 Commits
139 Branches
203 Tags
1.2 GiB
Tag: Branch: Tree: 48f73b1e53
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '48f73b1e53'
${ noResults }
openproject/features/step_definitions/password_steps.rb

153 lines
5.1 KiB
Raw Normal View History Unescape

updates copyright headers updates more copyright more copyright headers
11 years ago
#-- encoding: UTF-8
Improve password complexity cukes, add copyright
12 years ago
#-- copyright
# OpenProject is a project management system.
Bump copyright to 2018 (#6171) [ci skip]
7 years ago
# Copyright (C) 2012-2018 the OpenProject Foundation (OPF)
Improve password complexity cukes, add copyright
12 years ago
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
new copyright header #1903
11 years ago
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
Update copyright notice
8 years ago
# Copyright (C) 2006-2017 Jean-Philippe Lang
new copyright header #1903
11 years ago
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
Bump copyright to 2018 (#6171) [ci skip]
7 years ago
# See docs/COPYRIGHT.rdoc for more details.
Improve password complexity cukes, add copyright
12 years ago
#++
Improve password complexity requirements Add a new Passwords module, which evaluates and generates passwords. Adapt User to use this module. In addition to checking the length, the module verifies that a password contains a certain number of character classes like uppercase/lowercase. These classes can be configured in the authentication settings. Also increase the default minimum password length from 4 to 10.
12 years ago
def parse_password_rules(str)
str.sub(', and ', ', ').split(', ')
end
Given /^passwords must contain ([0-9]+) of ([a-z, ]+) characters$/ do |minimum_rules, rules|
rules = parse_password_rules(rules)
Setting.password_active_rules = rules
Setting.password_min_adhered_rules = minimum_rules.to_i
end
Given /^passwords have a minimum length of ([0-9]+) characters$/ do |minimum_length|
Setting.password_min_length = minimum_length
end
Add option to prevent former passwords from being reused Squashed from single commits: * Add checks to prevent former passwords from being reused * Make number of banned former passwords configurable Also group settings into fieldsets on the authentication settings page. * Update TestUnit fixtures with UserPasswords * Add migration for creating user passwords * Fix new user password not being immediately used * Add cuke for ban of former passwords * Fix admin info showing whether admin password was changed * Fix password check for user without password and fix tests * Fix password complexity feature after translation changes * Adapt my_controller_spec to UserPasswords * Order UserPasswords by id created_at is not unique within one second, this breaks MySQL tests. id is guaranteed to be unique and monotonically increasing on MySQL and on Postgres(at least as long cache is not set for the sequence). * Rename secure_compare to secure_equals? * Immediately use reduced number of banned former passwords Only check number of former passwords as defined in settings. The number of stored passwords per user is only reduced when a user updates the password. * Add missing copyright notices * Update changelog
12 years ago
Given /^users are not allowed to reuse the last ([0-9]+) passwords$/ do |count|
Setting.password_count_former_banned = count
end
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
Fix syntax (w/Rubocop) in cuke steps, support Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
def fill_change_password(old_password, new_password, confirmation = new_password)
Fix typos, spelling in cukes Signed-off-by: Alex Coles <alex@alexbcoles.com>
11 years ago
# use find and set with id to prevent ambiguous match I get with fill_in
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
find('#password').set(old_password)
Improve password complexity requirements Add a new Passwords module, which evaluates and generates passwords. Adapt User to use this module. In addition to checking the length, the module verifies that a password contains a certain number of character classes like uppercase/lowercase. These classes can be configured in the authentication settings. Also increase the default minimum password length from 4 to 10.
12 years ago
Use 1.9+ Hash syntax in cuke steps, support files Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
fill_in('new_password', with: new_password)
fill_in('new_password_confirmation', with: confirmation)
Accommodate tests for new button label
9 years ago
click_link_or_button 'Save'
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
@new_password = new_password
end
Add option to prevent former passwords from being reused Squashed from single commits: * Add checks to prevent former passwords from being reused * Make number of banned former passwords configurable Also group settings into fieldsets on the authentication settings page. * Update TestUnit fixtures with UserPasswords * Add migration for creating user passwords * Fix new user password not being immediately used * Add cuke for ban of former passwords * Fix admin info showing whether admin password was changed * Fix password check for user without password and fix tests * Fix password complexity feature after translation changes * Adapt my_controller_spec to UserPasswords * Order UserPasswords by id created_at is not unique within one second, this breaks MySQL tests. id is guaranteed to be unique and monotonically increasing on MySQL and on Postgres(at least as long cache is not set for the sequence). * Rename secure_compare to secure_equals? * Immediately use reduced number of banned former passwords Only check number of former passwords as defined in settings. The number of stored passwords per user is only reduced when a user updates the password. * Add missing copyright notices * Update changelog
12 years ago
def change_password(old_password, new_password)
Fix syntax (w/Rubocop) in cuke steps, support Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
visit '/my/password'
Add option to prevent former passwords from being reused Squashed from single commits: * Add checks to prevent former passwords from being reused * Make number of banned former passwords configurable Also group settings into fieldsets on the authentication settings page. * Update TestUnit fixtures with UserPasswords * Add migration for creating user passwords * Fix new user password not being immediately used * Add cuke for ban of former passwords * Fix admin info showing whether admin password was changed * Fix password check for user without password and fix tests * Fix password complexity feature after translation changes * Adapt my_controller_spec to UserPasswords * Order UserPasswords by id created_at is not unique within one second, this breaks MySQL tests. id is guaranteed to be unique and monotonically increasing on MySQL and on Postgres(at least as long cache is not set for the sequence). * Rename secure_compare to secure_equals? * Immediately use reduced number of banned former passwords Only check number of former passwords as defined in settings. The number of stored passwords per user is only reduced when a user updates the password. * Add missing copyright notices * Update changelog
12 years ago
fill_change_password(old_password, new_password)
end
Given /^I try to change my password from "([^\"]+)" to "([^\"]+)"$/ do |old, new|
change_password(old, new)
end
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
When /^I try to set my new password to "(.+)"$/ do |password|
Fix syntax (w/Rubocop) in cuke steps, support Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
visit '/my/password'
Add option to prevent former passwords from being reused Squashed from single commits: * Add checks to prevent former passwords from being reused * Make number of banned former passwords configurable Also group settings into fieldsets on the authentication settings page. * Update TestUnit fixtures with UserPasswords * Add migration for creating user passwords * Fix new user password not being immediately used * Add cuke for ban of former passwords * Fix admin info showing whether admin password was changed * Fix password check for user without password and fix tests * Fix password complexity feature after translation changes * Adapt my_controller_spec to UserPasswords * Order UserPasswords by id created_at is not unique within one second, this breaks MySQL tests. id is guaranteed to be unique and monotonically increasing on MySQL and on Postgres(at least as long cache is not set for the sequence). * Rename secure_compare to secure_equals? * Immediately use reduced number of banned former passwords Only check number of former passwords as defined in settings. The number of stored passwords per user is only reduced when a user updates the password. * Add missing copyright notices * Update changelog
12 years ago
change_password('adminADMIN!', password)
Improve password complexity requirements Add a new Passwords module, which evaluates and generates passwords. Adapt User to use this module. In addition to checking the length, the module verifies that a password contains a certain number of character classes like uppercase/lowercase. These classes can be configured in the authentication settings. Also increase the default minimum password length from 4 to 10.
12 years ago
end
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
When /^I fill out the change password form$/ do
fill_change_password('adminADMIN!', 'adminADMIN!New')
end
When /^I fill out the change password form with a wrong old password$/ do
fill_change_password('wrong', 'adminADMIN!New')
end
When /^I fill out the change password form with a wrong password confirmation$/ do
fill_change_password('adminADMIN!', 'adminADMIN!New', 'wrong')
end
Improve password complexity cukes, add copyright
12 years ago
Then /^the password change should succeed$/ do
Improve password complexity requirements Add a new Passwords module, which evaluates and generates passwords. Adapt User to use this module. In addition to checking the length, the module verifies that a password contains a certain number of character classes like uppercase/lowercase. These classes can be configured in the authentication settings. Also increase the default minimum password length from 4 to 10.
12 years ago
find('.notice').should have_content('success')
end
Improve password complexity cukes, add copyright
12 years ago
Then /^I should be able to login using the new password$/ do
Improve password complexity requirements Add a new Passwords module, which evaluates and generates passwords. Adapt User to use this module. In addition to checking the length, the module verifies that a password contains a certain number of character classes like uppercase/lowercase. These classes can be configured in the authentication settings. Also increase the default minimum password length from 4 to 10.
12 years ago
visit('/logout')
login(@user.login, @new_password)
end
Add cuke for testing random password assignment
11 years ago
Then /^the password and confirmation fields should be empty$/ do
find('#user_password').value.should be_empty
find('#user_password_confirmation').value.should be_empty
end
Then /^the password and confirmation fields should be disabled$/ do
find('#user_password').should be_disabled
find('#user_password_confirmation').should be_disabled
end
Then /^the force password change field should be checked$/ do
find('#user_force_password_change').should be_checked
end
Then /^the force password change field should be disabled$/ do
find('#user_force_password_change').should be_disabled
end
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
Given /^I try to log in with user "([^"]*)"$/ do |login|
step 'I go to the logout page'
Fix forced password change cuke
11 years ago
login(login, @new_password || 'adminADMIN!')
Add cuke for brute force prevention; also add timecop
12 years ago
end
Given /^I try to log in with user "([^"]*)" and a wrong password$/ do |login|
step 'I go to the logout page'
login(login, 'Wrong password')
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end
Add cuke for testing random password assignment
11 years ago
Given /^I try to log in with user "([^"]*)" and the password sent via email$/ do |login|
step 'I go to the logout page'
login(login, assigned_password_from_last_email)
end
Improve password complexity cukes, add copyright
12 years ago
When /^I activate the ([a-z, ]+) password rules$/ do |rules|
Improve password complexity requirements Add a new Passwords module, which evaluates and generates passwords. Adapt User to use this module. In addition to checking the length, the module verifies that a password contains a certain number of character classes like uppercase/lowercase. These classes can be configured in the authentication settings. Also increase the default minimum password length from 4 to 10.
12 years ago
rules = parse_password_rules(rules)
Improve password complexity cukes, add copyright
12 years ago
# ensure checkboxes are loaded, 'all' doesn't wait
Improve password complexity requirements Add a new Passwords module, which evaluates and generates passwords. Adapt User to use this module. In addition to checking the length, the module verifies that a password contains a certain number of character classes like uppercase/lowercase. These classes can be configured in the authentication settings. Also increase the default minimum password length from 4 to 10.
12 years ago
should have_selector(:xpath, "//input[@id='settings_password_active_rules_' and @value='#{rules.first}']")
Improve password complexity cukes, add copyright
12 years ago
Improve password complexity requirements Add a new Passwords module, which evaluates and generates passwords. Adapt User to use this module. In addition to checking the length, the module verifies that a password contains a certain number of character classes like uppercase/lowercase. These classes can be configured in the authentication settings. Also increase the default minimum password length from 4 to 10.
12 years ago
all(:xpath, "//input[@id='settings_password_active_rules_']").each do |checkbox|
checkbox.set(false)
end
rules.each do |rule|
find(:xpath, "//input[@id='settings_password_active_rules_' and @value='#{rule}']").set(true)
end
end
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
def set_user_attribute(login, attribute, value)
Replace dynamic finder syntax in cuke steps Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
user = User.find_by login: login
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
user.send((attribute.to_s + '=').to_sym, value)
user.save
end
Given /^the user "(.+)" is(not |) forced to change his password$/ do |login, disable|
replace ternaries returning booleans - foo ? true : false was replaced where foo already was bool - foo ? true : false was kept, when the ternary did a bool conversion - foo ? false : true was replaced by either negation or replacing == with != Note: I intentionally left one occurence that is fixed in another running PR and would cause a conflict
10 years ago
set_user_attribute(login, :force_password_change, disable != 'not ')
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end
Rewrote lost password integration test into cuke and added route for lost password action
11 years ago
Given /^I use the first existing token to request a password reset$/ do
Implement HashedToken (ExtendedToken from MOTP) in Core
7 years ago
token = Token::Recovery.first
Fix syntax (w/Rubocop) in cuke steps, support Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
visit account_lost_password_path(token: token.value)
Rewrote lost password integration test into cuke and added route for lost password action
11 years ago
end