#-- encoding: UTF-8 #-- copyright # OpenProject is an open source project management software. # Copyright (C) 2012-2020 the OpenProject GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License version 3. # # OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: # Copyright (C) 2006-2017 Jean-Philippe Lang # Copyright (C) 2010-2013 the ChiliProject Team # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # # See docs/COPYRIGHT.rdoc for more details. #++ def parse_password_rules(str) str.sub(', and ', ', ').split(', ') end Given /^passwords must contain ([0-9]+) of ([a-z, ]+) characters$/ do |minimum_rules, rules| rules = parse_password_rules(rules) Setting.password_active_rules = rules Setting.password_min_adhered_rules = minimum_rules.to_i end Given /^passwords have a minimum length of ([0-9]+) characters$/ do |minimum_length| Setting.password_min_length = minimum_length end Given /^users are not allowed to reuse the last ([0-9]+) passwords$/ do |count| Setting.password_count_former_banned = count end def fill_change_password(old_password, new_password, confirmation = new_password) # use find and set with id to prevent ambiguous match I get with fill_in find('#password').set(old_password) fill_in('new_password', with: new_password) fill_in('new_password_confirmation', with: confirmation) click_link_or_button 'Save' @new_password = new_password end def change_password(old_password, new_password) visit '/my/password' fill_change_password(old_password, new_password) end Given /^I try to change my password from "([^\"]+)" to "([^\"]+)"$/ do |old, new| change_password(old, new) end When /^I try to set my new password to "(.+)"$/ do |password| visit '/my/password' change_password('adminADMIN!', password) end When /^I fill out the change password form$/ do fill_change_password('adminADMIN!', 'adminADMIN!New') end When /^I fill out the change password form with a wrong old password$/ do fill_change_password('wrong', 'adminADMIN!New') end When /^I fill out the change password form with a wrong password confirmation$/ do fill_change_password('adminADMIN!', 'adminADMIN!New', 'wrong') end Then /^the password change should succeed$/ do find('.notice').should have_content('success') end Then /^I should be able to login using the new password$/ do visit('/logout') login(@user.login, @new_password) end Then /^the password and confirmation fields should be empty$/ do find('#user_password').value.should be_empty find('#user_password_confirmation').value.should be_empty end Then /^the password and confirmation fields should be disabled$/ do find('#user_password').should be_disabled find('#user_password_confirmation').should be_disabled end Then /^the force password change field should be checked$/ do find('#user_force_password_change').should be_checked end Then /^the force password change field should be disabled$/ do find('#user_force_password_change').should be_disabled end Given /^I try to log in with user "([^"]*)"$/ do |login| step 'I go to the logout page' login(login, @new_password || 'adminADMIN!') end Given /^I try to log in with user "([^"]*)" and a wrong password$/ do |login| step 'I go to the logout page' login(login, 'Wrong password') end Given /^I try to log in with user "([^"]*)" and the password sent via email$/ do |login| step 'I go to the logout page' login(login, assigned_password_from_last_email) end When /^I activate the ([a-z, ]+) password rules$/ do |rules| rules = parse_password_rules(rules) # ensure checkboxes are loaded, 'all' doesn't wait should have_selector(:xpath, "//input[@id='settings_password_active_rules_' and @value='#{rules.first}']") all(:xpath, "//input[@id='settings_password_active_rules_']").each do |checkbox| checkbox.set(false) end rules.each do |rule| find(:xpath, "//input[@id='settings_password_active_rules_' and @value='#{rule}']").set(true) end end def set_user_attribute(login, attribute, value) user = User.find_by login: login user.send((attribute.to_s + '=').to_sym, value) user.save end Given /^the user "(.+)" is(not |) forced to change his password$/ do |login, disable| set_user_attribute(login, :force_password_change, disable != 'not ') end Given /^I use the first existing token to request a password reset$/ do token = Token::Recovery.first visit account_lost_password_path(token: token.value) end