-
-
Notifications
You must be signed in to change notification settings - Fork 392
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enforce password validation rules on 'Forgot your password?' form #9090
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Few small things I noticed. Otherwise this is great and works fine!
Failing related specs, I need to check them |
This is ready to be reviewed again. Just a comment, the only place that I know for sure that we're not enforcing the password validator is in system. My idea is to handle that in other PR after this is merged. |
) * Enforce password validation rules on 'Forgot your password?' form * Improve guard clause for organization * Use a not common password for user factory * Remove unecessary Devise password_length setting * Change default common password in seeds * Change default common password in specs * Change default common password in specs * Change domain in specs to example.org * Change default common password in specs * Fix organization guard clause as suggested in code review
) (#9245) * Enforce password validation rules on 'Forgot your password?' form * Improve guard clause for organization * Use a not common password for user factory * Remove unecessary Devise password_length setting * Change default common password in seeds * Change default common password in specs * Change default common password in specs * Change domain in specs to example.org * Change default common password in specs * Fix organization guard clause as suggested in code review
馃帺 What? Why?
Password validation rules didn't get enforced when a registered user reset their password through the "Forgot your password?" form (from Devise).
This PR fixes that.
I guess we could remove the validation from the forms:decidim/decidim-core/app/forms/decidim/registration_form.rb
Line 21 in 05b9883
decidim/decidim-core/app/forms/decidim/account_form.rb
Line 28 in 05b9883
But before changing that, I want to see the specs if it fails some flows that don't need passwords (like Invitations)(Never mind, we need that so the Forms validations work correctly. If not it gives an error without any detail on what exactly is the error)
馃搶 Related Issues
Testing