discourse/spec/fabricators/user_password_fabricator.rb

# frozen_string_literal: true

Fabricator(:user_password) do
  transient password: "myawesomefakepassword"

  user { Fabricate(:user, password: nil) }
  password_salt { SecureRandom.hex(UserPassword::PASSWORD_SALT_LENGTH) }
  password_algorithm { UserPassword::TARGET_PASSWORD_ALGORITHM }

  after_build do |user_password, transients|
    if transients[:password].present?
      user_password.password_hash =
        PasswordHasher.hash_password(
          password: transients[:password],
          salt: user_password.password_salt,
          algorithm: user_password.password_algorithm,
        )
    end
  end
end

Fabricator(:expired_user_password, from: :user_password) { password_expired_at { 1.day.ago } }
FEATURE: Allow site admin to mark a user's password as expired (#27314) This commit adds the ability for site administrators to mark users' passwords as expired. Note that this commit does not add any client side interface to mark a user's password as expired. The following changes are introduced in this commit: 1. Adds a `user_passwords` table and `UserPassword` model. While the `user_passwords` table is currently used to only store expired passwords, it will be used in the future to store a user's current password as well. 2. Adds a `UserPasswordExpirer.expire_user_password` method which can be used from the Rails console to mark a user's password as expired. 3. Updates `SessionsController#create` to check that the user's current password has not been marked as expired after confirming the password. If the password is determined to be expired based on the existence of a `UserPassword` record with the `password_expired_at` column set, we will not log the user in and will display a password expired notice. A forgot password email is automatically send out to the user as well. 2024-06-04 15:42:53 +08:00			`# frozen_string_literal: true`

			`Fabricator(:user_password) do`
			`transient password: "myawesomefakepassword"`

DEV: Migrate user passwords data to UserPassword table (#28746) * Add migrations to ensure password hash is synced across users & user_passwords * Persist password-related data in user_passwords instead of users * Merge User#expire_old_email_tokens with User#expire_tokens_if_password_changed * Add post deploy migration to mark password-related columns from users table as read-only * Refactored UserPassword#confirm_password? and changes required to accommodate hashing the password after validations 2024-10-10 09:23:06 +08:00			`user { Fabricate(:user, password: nil) }`
			`password_salt { SecureRandom.hex(UserPassword::PASSWORD_SALT_LENGTH) }`
			`password_algorithm { UserPassword::TARGET_PASSWORD_ALGORITHM }`
FEATURE: Allow site admin to mark a user's password as expired (#27314) This commit adds the ability for site administrators to mark users' passwords as expired. Note that this commit does not add any client side interface to mark a user's password as expired. The following changes are introduced in this commit: 1. Adds a `user_passwords` table and `UserPassword` model. While the `user_passwords` table is currently used to only store expired passwords, it will be used in the future to store a user's current password as well. 2. Adds a `UserPasswordExpirer.expire_user_password` method which can be used from the Rails console to mark a user's password as expired. 3. Updates `SessionsController#create` to check that the user's current password has not been marked as expired after confirming the password. If the password is determined to be expired based on the existence of a `UserPassword` record with the `password_expired_at` column set, we will not log the user in and will display a password expired notice. A forgot password email is automatically send out to the user as well. 2024-06-04 15:42:53 +08:00
			`after_build do \|user_password, transients\|`
DEV: Migrate user passwords data to UserPassword table (#28746) * Add migrations to ensure password hash is synced across users & user_passwords * Persist password-related data in user_passwords instead of users * Merge User#expire_old_email_tokens with User#expire_tokens_if_password_changed * Add post deploy migration to mark password-related columns from users table as read-only * Refactored UserPassword#confirm_password? and changes required to accommodate hashing the password after validations 2024-10-10 09:23:06 +08:00			`if transients[:password].present?`
			`user_password.password_hash =`
			`PasswordHasher.hash_password(`
			`password: transients[:password],`
			`salt: user_password.password_salt,`
			`algorithm: user_password.password_algorithm,`
			`)`
			`end`
FEATURE: Allow site admin to mark a user's password as expired (#27314) This commit adds the ability for site administrators to mark users' passwords as expired. Note that this commit does not add any client side interface to mark a user's password as expired. The following changes are introduced in this commit: 1. Adds a `user_passwords` table and `UserPassword` model. While the `user_passwords` table is currently used to only store expired passwords, it will be used in the future to store a user's current password as well. 2. Adds a `UserPasswordExpirer.expire_user_password` method which can be used from the Rails console to mark a user's password as expired. 3. Updates `SessionsController#create` to check that the user's current password has not been marked as expired after confirming the password. If the password is determined to be expired based on the existence of a `UserPassword` record with the `password_expired_at` column set, we will not log the user in and will display a password expired notice. A forgot password email is automatically send out to the user as well. 2024-06-04 15:42:53 +08:00			`end`
			`end`

			`Fabricator(:expired_user_password, from: :user_password) { password_expired_at { 1.day.ago } }`