KumiSystems/Chatwoot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

chore: Support for special characters in password

Browse source 
Fixes: #2919
This commit is contained in:
Tejaswini Chile 2021-09-13 13:15:05 +05:30 committed by GitHub
parent f79c52b8c3
commit b74261205d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Gemfile
View file

@ -63,7 +63,7 @@ gem 'barnes'
##--- gems for authentication & authorization ---##
gem 'devise'
gem 'devise-secure_password', '~> 2.0'
gem 'devise-secure_password', '~> 2.0', git: 'https://github.com/chatwoot/devise-secure_password'
gem 'devise_token_auth'
# authorization
gem 'jwt'

14
Gemfile.lock
View file

@ -1,3 +1,11 @@
GIT
remote: https://github.com/chatwoot/devise-secure_password
revision: de11e8765654b8242d42101ee9c8ffc8126f7975
specs:
devise-secure_password (2.0.1)
devise (>= 4.0.0, < 5.0.0)
railties (>= 5.0.0, < 7.0.0)
GEM
remote: https://rubygems.org/
specs:
@ -152,9 +160,6 @@ GEM
railties (>= 4.1.0)
responders
warden (~> 1.2.3)
devise-secure_password (2.0.1)
devise (>= 4.0.0, < 5.0.0)
railties (>= 5.0.0, < 7.0.0)
devise_token_auth (1.2.0)
bcrypt (~> 3.0)
devise (> 3.5.2, < 5)
@ -612,6 +617,7 @@ GEM
PLATFORMS
arm64-darwin-20
x86_64-darwin-18
x86_64-darwin-20
x86_64-darwin-21
x86_64-linux
@ -637,7 +643,7 @@ DEPENDENCIES
database_cleaner
ddtrace
devise
devise-secure_password (~> 2.0)
devise-secure_password (~> 2.0)!
devise_token_auth
dotenv-rails
down (~> 5.0)

12
spec/controllers/devise/session_controller_spec.rb
View file

@ -18,6 +18,7 @@ RSpec.describe 'Session', type: :request do
context 'when it is valid credentials' do
let!(:user) { create(:user, password: 'Password1!', account: account) }
let!(:user_with_new_pwd) { create(:user, password: 'Password1!.><?', account: account) }
it 'returns successful auth response' do
params = { email: user.email, password: 'Password1!' }
@ -29,6 +30,17 @@ RSpec.describe 'Session', type: :request do
expect(response).to have_http_status(:success)
expect(response.body).to include(user.email)
end
it 'returns successful auth response with new password special characters' do
params = { email: user_with_new_pwd.email, password: 'Password1!.><?' }
post new_user_session_url,
params: params,
as: :json
expect(response).to have_http_status(:success)
expect(response.body).to include(user_with_new_pwd.email)
end
end
context 'when it is invalid sso auth token' do