Rename Decidim.password_blacklist to Decidim.denied_passwords

RELEASE_NOTES.md

@@ -23,6 +23,13 @@ bin/rails db:migrate
 
 ### 1.3. Follow the steps and commands detailed in these notes
 
+#### 1.3.1 Config Parameter change
+
+Prior to 0.28, Decidim offered the possibility of configuring the a list of disallowed domains used to restrict user access using either `Decidim.password_blacklist` or environment variable `DECIDIM_PASSWORD_BLACKLIST`. While upgrading to 0.28, those methods have been renamed as follows:
+
+`Decidim.password_blacklist` becomes `Decidim.denied_passwords`
+`DECIDIM_PASSWORD_BLACKLIST` becomes `DECIDIM_DENIED_PASSWORDS`
+
 ## 2. General notes
 
 ## 3. One time actions

decidim-core/app/validators/password_validator.rb

@@ -17,7 +17,7 @@ class PasswordValidator < ActiveModel::EachValidator
     :email_included_in_password?,
     :domain_included_in_password?,
     :password_too_common?,
-    :blacklisted?,
+    :denied?,
     :password_repeated?
   ].freeze
 
@@ -130,8 +130,8 @@ def domain_included_in_password?
     false
   end
 
-  def blacklisted?
-    Array(Decidim.password_blacklist).each do |expression|
+  def denied?
+    Array(Decidim.denied_passwords).each do |expression|
       return true if expression.is_a?(Regexp) && value.match?(expression)
       return true if expression.to_s == value
     end

decidim-core/config/locales/en.yml

@@ -1893,7 +1893,7 @@ en:
     name: English
     name_with_error: English (error!)
   password_validator:
-    blacklisted: is blacklisted
+    denied: is denied
     domain_included_in_password: is too similar to this domain name
     email_included_in_password: is too similar to your email
     fallback: is not valid

decidim-core/lib/decidim/core.rb

@@ -476,8 +476,8 @@ def self.reset_all_column_information
     ]
   end
 
-  # Blacklisted passwords. Array may contain strings and regex entries.
-  config_accessor :password_blacklist do
+  # Denied passwords. Array may contain strings and regex entries.
+  config_accessor :denied_passwords do
     []
   end
 

decidim-core/spec/validators/password_validator_spec.rb

@@ -50,11 +50,11 @@
       end
     end
 
-    context "when there is blacklisted passwords" do
+    context "when there is a list of denied passwords" do
       let(:example_password) { "examplepassword123456" }
 
       before do
-        allow(Decidim).to receive(:password_blacklist).and_return(
+        allow(Decidim).to receive(:denied_passwords).and_return(
           [
             example_password,
             /[a-z]*foobar\w*/
@@ -65,18 +65,18 @@
       describe "example password" do
         let(:value) { example_password }
 
-        it "is blacklisted" do
+        it "is denied" do
           expect(validator).to be(false)
-          expect(record.errors[attribute]).to eq(["is blacklisted"])
+          expect(record.errors[attribute]).to eq(["is denied"])
         end
       end
 
-      describe "regex blacklist" do
+      describe "regex denied" do
         let(:value) { "bazfoobar123456" }
 
         it "does not validate" do
           expect(validator).to be(false)
-          expect(record.errors[attribute]).to eq(["is blacklisted"])
+          expect(record.errors[attribute]).to eq(["is denied"])
         end
       end
 

decidim-generators/lib/decidim/generators/app_templates/initializer.rb

@@ -395,8 +395,8 @@
   end
   config.follow_http_x_forwarded_host = Rails.application.secrets.decidim[:follow_http_x_forwarded_host].present?
   config.maximum_conversation_message_length = Rails.application.secrets.decidim[:maximum_conversation_message_length].to_i
-  config.password_blacklist = Rails.application.secrets.decidim[:password_blacklist] if Rails.application.secrets.decidim[:password_blacklist].present?
   config.password_similarity_length = Rails.application.secrets.decidim[:password_similarity_length] if Rails.application.secrets.decidim[:password_similarity_length].present?
+  config.denied_passwords = Rails.application.secrets.decidim[:denied_passwords] if Rails.application.secrets.decidim[:denied_passwords].present?
   config.allow_open_redirects = Rails.application.secrets.decidim[:allow_open_redirects] if Rails.application.secrets.decidim[:allow_open_redirects].present?
 end
 

decidim-generators/lib/decidim/generators/app_templates/secrets.yml.erb

@@ -38,8 +38,8 @@ decidim_default: &decidim_default
   enable_remember_me: <%%= Decidim::Env.new("DECIDIM_ENABLE_REMEMBER_ME", "auto").default_or_present_if_exists.to_s %>
   follow_http_x_forwarded_host: <%%= Decidim::Env.new("DECIDIM_FOLLOW_HTTP_X_FORWARDED_HOST").to_boolean_string %>
   maximum_conversation_message_length: <%%= Decidim::Env.new("DECIDIM_MAXIMUM_CONVERSATION_MESSAGE_LENGTH", "1000").to_i %>
-  password_blacklist: <%%= Decidim::Env.new("DECIDIM_PASSWORD_BLACKLIST").to_array(separator: ", ").to_json %>
   password_similarity_length: <%%= Decidim::Env.new("DECIDIM_PASSWORD_SIMILARITY_LENGTH", 4).to_i %>
+  denied_passwords: <%%= Decidim::Env.new("DECIDIM_DENIED_PASSWORDS").to_array(separator: ", ").to_json %>
   allow_open_redirects: <%%= Decidim::Env.new("DECIDIM_ALLOW_OPEN_REDIRECTS").to_boolean_string %>
   social_share_services: <%%= Decidim::Env.new("DECIDIM_SOCIAL_SHARE_SERVICES", "Twitter, Facebook, WhatsApp, Telegram").to_array.to_json %>
   service_worker_enabled: <%%= Decidim::Env.new("DECIDIM_SERVICE_WORKER_ENABLED", Rails.env.exclude?("development")).to_boolean_string %>

decidim-generators/lib/decidim/generators/test/generator_examples.rb

@@ -166,8 +166,8 @@
       "DECIDIM_SESSION_TIMEOUT_INTERVAL" => "33",
       "DECIDIM_FOLLOW_HTTP_X_FORWARDED_HOST" => "true",
       "DECIDIM_MAXIMUM_CONVERSATION_MESSAGE_LENGTH" => "1234",
-      "DECIDIM_PASSWORD_BLACKLIST" => "i-dont-like-this-password, i-dont,like,this,one,either, password123456",
       "DECIDIM_PASSWORD_SIMILARITY_LENGTH" => "4",
+      "DECIDIM_DENIED_PASSWORDS" => "i-dont-like-this-password, i-dont,like,this,one,either, password123456",
       "DECIDIM_ALLOW_OPEN_REDIRECTS" => "true",
       "DECIDIM_ADMIN_PASSWORD_EXPIRATION_DAYS" => "93",
       "DECIDIM_ADMIN_PASSWORD_MIN_LENGTH" => "18",
@@ -290,8 +290,8 @@
       %w(decidim session_timeout_interval) => 10,
       %w(decidim follow_http_x_forwarded_host) => false,
       %w(decidim maximum_conversation_message_length) => 1000,
-      %w(decidim password_blacklist) => [],
       %w(decidim password_similarity_length) => 4,
+      %w(decidim denied_passwords) => [],
       %w(decidim allow_open_redirects) => false,
       %w(decidim admin_password expiration_days) => 90,
       %w(decidim admin_password min_length) => 15,
@@ -395,8 +395,8 @@
       %w(decidim session_timeout_interval) => 33,
       %w(decidim follow_http_x_forwarded_host) => true,
       %w(decidim maximum_conversation_message_length) => 1234,
-      %w(decidim password_blacklist) => ["i-dont-like-this-password", "i-dont,like,this,one,either", "password123456"],
       %w(decidim password_similarity_length) => 4,
+      %w(decidim denied_passwords) => ["i-dont-like-this-password", "i-dont,like,this,one,either", "password123456"],
       %w(decidim allow_open_redirects) => true,
       %w(decidim admin_password expiration_days) => 93,
       %w(decidim admin_password min_length) => 18,
@@ -490,8 +490,8 @@
       "session_timeout_interval" => 10,
       "follow_http_x_forwarded_host" => false,
       "maximum_conversation_message_length" => 1000,
-      "password_blacklist" => [],
       "password_similarity_length" => 4,
+      "denied_passwords" => [],
       "allow_open_redirects" => false,
       "etherpad" => nil,
       "maps" => nil
@@ -527,8 +527,8 @@
       "session_timeout_interval" => 33,
       "follow_http_x_forwarded_host" => true,
       "maximum_conversation_message_length" => 1234,
-      "password_blacklist" => ["i-dont-like-this-password", "i-dont,like,this,one,either", "password123456"],
       "password_similarity_length" => 4,
+      "denied_passwords" => ["i-dont-like-this-password", "i-dont,like,this,one,either", "password123456"],
       "allow_open_redirects" => true,
       "etherpad" => {
         "server" => "http://a-etherpad-server.com",

docs/modules/configure/pages/environment_variables.adoc

@@ -631,8 +631,8 @@ This does not affect comments as its length can be configured by administrators
 |1000
 |No
 
-|DECIDIM_PASSWORD_BLACKLIST
-|Blacklisted passwords. Array may contain strings and regex entries.
+|DECIDIM_DENIED_PASSWORDS
+|List of Denied passwords. Array may contain strings and regex entries.
 
 Separate each item of the array with a comma AND a space, for instance:
 `i-dont-like-this-password, i-dont-like-this-one-either, password123456`