From 1c893d1725e64f850c6b903a709379207d081c4f Mon Sep 17 00:00:00 2001 From: Jan Cernik <66427541+jancernik@users.noreply.github.com> Date: Fri, 3 Jan 2025 09:23:14 -0300 Subject: [PATCH] FIX: Show error message when password is too common (#30507) --- .../app/components/modal/create-account.js | 6 +----- .../discourse/app/controllers/invites-show.js | 8 ++------ .../discourse/app/controllers/password-reset.js | 2 +- .../discourse/app/controllers/signup.js | 6 +----- .../tests/acceptance/password-reset-test.js | 2 +- spec/system/signup_spec.rb | 14 ++++++++++++++ 6 files changed, 20 insertions(+), 18 deletions(-) diff --git a/app/assets/javascripts/discourse/app/components/modal/create-account.js b/app/assets/javascripts/discourse/app/components/modal/create-account.js index ef4da10fef5..475d47514d7 100644 --- a/app/assets/javascripts/discourse/app/components/modal/create-account.js +++ b/app/assets/javascripts/discourse/app/components/modal/create-account.js @@ -461,11 +461,7 @@ export default class CreateAccount extends Component.extend( ) { this.rejectedEmails.pushObject(result.values.email); } - if ( - result.errors && - result.errors.password && - result.errors.password.length > 0 - ) { + if (result.errors?.["user_password.password"]?.length > 0) { this.rejectedPasswords.pushObject(attrs.accountPassword); } this.set("formSubmitted", false); diff --git a/app/assets/javascripts/discourse/app/controllers/invites-show.js b/app/assets/javascripts/discourse/app/controllers/invites-show.js index 117e2d6f0a8..d4f919a9131 100644 --- a/app/assets/javascripts/discourse/app/controllers/invites-show.js +++ b/app/assets/javascripts/discourse/app/controllers/invites-show.js @@ -338,15 +338,11 @@ export default class InvitesShowController extends Controller.extend( ) { this.rejectedEmails.pushObject(result.values.email); } - if ( - result.errors && - result.errors.password && - result.errors.password.length > 0 - ) { + if (result.errors?.["user_password.password"]?.length > 0) { this.rejectedPasswords.pushObject(this.accountPassword); this.rejectedPasswordsMessages.set( this.accountPassword, - result.errors.password[0] + result.errors["user_password.password"][0] ); } if (result.message) { diff --git a/app/assets/javascripts/discourse/app/controllers/password-reset.js b/app/assets/javascripts/discourse/app/controllers/password-reset.js index 5d5a18509ed..d8962bea0fc 100644 --- a/app/assets/javascripts/discourse/app/controllers/password-reset.js +++ b/app/assets/javascripts/discourse/app/controllers/password-reset.js @@ -145,7 +145,7 @@ export default class PasswordResetController extends Controller.extend( securityKeyRequired: false, errorMessage: null, }); - } else if (result.errors?.password?.length > 0) { + } else if (result.errors?.["user_password.password"]?.length > 0) { this.rejectedPasswords.pushObject(this.accountPassword); this.rejectedPasswordsMessages.set( this.accountPassword, diff --git a/app/assets/javascripts/discourse/app/controllers/signup.js b/app/assets/javascripts/discourse/app/controllers/signup.js index 64f9b338c28..4c2a0f18482 100644 --- a/app/assets/javascripts/discourse/app/controllers/signup.js +++ b/app/assets/javascripts/discourse/app/controllers/signup.js @@ -456,11 +456,7 @@ export default class SignupPageController extends Controller.extend( ) { this.rejectedEmails.pushObject(result.values.email); } - if ( - result.errors && - result.errors.password && - result.errors.password.length > 0 - ) { + if (result.errors?.["user_password.password"]?.length > 0) { this.rejectedPasswords.pushObject(attrs.accountPassword); } this.set("formSubmitted", false); diff --git a/app/assets/javascripts/discourse/tests/acceptance/password-reset-test.js b/app/assets/javascripts/discourse/tests/acceptance/password-reset-test.js index 54e5e6c0cd9..c957eaea0c7 100644 --- a/app/assets/javascripts/discourse/tests/acceptance/password-reset-test.js +++ b/app/assets/javascripts/discourse/tests/acceptance/password-reset-test.js @@ -22,7 +22,7 @@ acceptance("Password Reset", function (needs) { if (body.password === "jonesyAlienSlayer") { return helper.response({ success: false, - errors: { password: ["is the name of your cat"] }, + errors: { "user_password.password": ["is the name of your cat"] }, friendly_messages: ["Password is the name of your cat"], }); } else { diff --git a/spec/system/signup_spec.rb b/spec/system/signup_spec.rb index a3ea97b30b8..389a1a6967f 100644 --- a/spec/system/signup_spec.rb +++ b/spec/system/signup_spec.rb @@ -71,6 +71,20 @@ shared_examples "signup scenarios" do |signup_page_object, login_page_object| expect(page).to have_current_path("/t/#{topic.slug}/#{topic.id}") end + it "cannot signup with a common password" do + signup_form + .open + .fill_email("johndoe@example.com") + .fill_username("john") + .fill_password("0123456789") + expect(signup_form).to have_valid_fields + + signup_form.click_create_account + expect(signup_form).to have_content( + I18n.t("activerecord.errors.models.user_password.attributes.password.common"), + ) + end + context "with invite code" do before { SiteSetting.invite_code = "cupcake" }