diff --git a/config/config.yml b/config/config.yml index f5315703375..9623f8a48b7 100644 --- a/config/config.yml +++ b/config/config.yml @@ -118,10 +118,10 @@ ICON_COMMENT_MAX: 50 ICON_SIZE_KB_MAX: 500 LOGIN_LENGTH_MIN: 3 LOGIN_LENGTH_MAX: 40 -PASSWORD_LENGTH_MIN: 6 -PASSWORD_LENGTH_MAX: 40 +PASSWORD_LENGTH_MIN: 8 +PASSWORD_LENGTH_MAX: 72 ADMIN_PASSWORD_LENGTH_MIN: 10 -ADMIN_PASSWORD_LENGTH_MAX: 40 +ADMIN_PASSWORD_LENGTH_MAX: 72 ADMIN_TOTP_BACKUP_CODE_LENGTH: 16 ADMIN_TOTP_BACKUP_CODE_COUNT: 10 diff --git a/config/locales/views/en.yml b/config/locales/views/en.yml index fb9336cc707..3bc29aaee61 100644 --- a/config/locales/views/en.yml +++ b/config/locales/views/en.yml @@ -2766,7 +2766,7 @@ en: confirm_password_validation: Please enter the same password in both fields. password: Password password_requirements: "%{minimum} to %{maximum} characters" - password_validation: Please enter a password! (At least %{minimum} letters long, please.) + password_validation: Please enter a password! (At least %{minimum} characters long, please.) username: Username username_requirements: "%{minimum} to %{maximum} characters (A-Z, a-z, _, 0-9 only), no spaces, cannot begin or end with underscore (_)" username_validation: You need a username! (At least %{minimum} letters long, please.) diff --git a/features/users/authenticate_users.feature b/features/users/authenticate_users.feature index ba6c09d1346..a6239a4e156 100644 --- a/features/users/authenticate_users.feature +++ b/features/users/authenticate_users.feature @@ -6,7 +6,7 @@ Feature: User Authentication Given I have no users And the following activated user exists | email | login | password | - | sam@example.com | sam | secret | + | sam@example.com | sam | secret12 | And all emails have been delivered When I am on the home page And I fill in "Username or email:" with "sam" @@ -28,7 +28,7 @@ Feature: User Authentication # existing password should still work When I am on the homepage And I fill in "Username or email:" with "sam" - And I fill in "Password:" with "secret" + And I fill in "Password:" with "secret12" And I press "Log In" Then I should see "Hi, sam" @@ -44,7 +44,7 @@ Feature: User Authentication # entering mismatched passwords should produce an error message When I fill in "New password" with "secret" - And I fill in "Confirm new password" with "newpass" + And I fill in "Confirm new password" with "newpass12" And I press "Change Password" Then I should see "We couldn't save this user because:" And I should see "The passwords you entered do not match. Please try again." @@ -88,7 +88,7 @@ Feature: User Authentication Given I have no users And the following activated user exists | email | login | password | - | sam@example.com | sam | secret | + | sam@example.com | sam | secret12 | And all emails have been delivered When I request a password reset for "sam" Then I should see "You must enter your email address." @@ -99,7 +99,7 @@ Feature: User Authentication Given I have no users And the following activated user exists | email | login | password | - | sam@example.com | sam | secret | + | sam@example.com | sam | secret12 | And all emails have been delivered When I request a password reset for "1@example.com" Then I should see "If the email address you entered is currently associated with an AO3 account, you should receive an email with instructions to reset your password." @@ -127,8 +127,8 @@ Feature: User Authentication And 1 email should be delivered to "sam@example.com" When I follow "use this link to choose a new password" in the email And all emails have been delivered - And I fill in "New password" with "newpass" - And I fill in "Confirm new password" with "newpass" + And I fill in "New password" with "newpass12" + And I fill in "Confirm new password" with "newpass12" And I press "Change Password" Then I should see "Your password has been changed." And 1 email should be delivered to "sam" @@ -146,8 +146,8 @@ Feature: User Authentication And 1 email should be delivered When I start a new session And I follow "use this link to choose a new password" in the email - And I fill in "New password" with "newpass" - And I fill in "Confirm new password" with "newpass" + And I fill in "New password" with "newpass12" + And I fill in "Confirm new password" with "newpass12" And I press "Change Password" Then I should see "Your password has been changed." And I should see "Hi, sam" @@ -164,8 +164,8 @@ Feature: User Authentication When it is currently 2 weeks from now And I start a new session And I follow "use this link to choose a new password" in the email - And I fill in "New password" with "newpass" - And I fill in "Confirm new password" with "newpass" + And I fill in "New password" with "newpass12" + And I fill in "Confirm new password" with "newpass12" And I press "Change Password" Then I should see "We couldn't save this user because:" And I should see "Reset password token has expired, please request a new one" @@ -208,8 +208,8 @@ Feature: User Authentication Then I should not see "Password Reset" within "#user_history" When I start a new session And I follow "use this link to choose a new password" in the email - And I fill in "New password" with "newpass" - And I fill in "Confirm new password" with "newpass" + And I fill in "New password" with "newpass12" + And I fill in "Confirm new password" with "newpass12" And I press "Change Password" Then I should see "Your password has been changed." When I am logged in as a super admin @@ -252,7 +252,7 @@ Feature: User Authentication Given I have no users And the following activated user exists | login | password | - | sam | secret | + | sam | secret12 | And all emails have been delivered When I am on the home page And I fill in "Username or email:" with "sammy" @@ -264,7 +264,7 @@ Feature: User Authentication Given I have no users And the following activated user exists | login | password | - | sam | secret | + | sam | secret12 | And all emails have been delivered When I am on the home page And I fill in "Username or email:" with "sam" diff --git a/features/users/user_create.feature b/features/users/user_create.feature index 881b8fbf974..64ca2c898eb 100644 --- a/features/users/user_create.feature +++ b/features/users/user_create.feature @@ -19,8 +19,8 @@ Feature: Sign Up for a new account | field | value | error | | user_registration_login | xx | Username is too short (minimum is 3 characters)| | user_registration_login | 87151d8ae964d55515cb986d40394f79ca5c8329c07a8e59f2f783cbfbe401f69a780f27277275b7b2 | Username is too long (maximum is 40 characters) | - | user_registration_password | pass | Password is too short (minimum is 6 characters) | - | user_registration_password | 87151d8ae964d55515cb986d40394f79ca5c8329c07a8e59f2f783cbfbe401f69a780f27277275b7b2 | Password is too long (maximum is 40 characters) | + | user_registration_password | pass | Password is too short (minimum is 8 characters) | + | user_registration_password | 87151d8ae964d55515cb986d40394f79ca5c8329c07a8e59f2f783cbfbe401f69a780f27277275b7b2eJKL9012 | Password is too long (maximum is 72 characters) | | user_registration_password_confirmation | password2 | The passwords you entered do not match. Please try again.| | user_registration_email | | Email should look like an email address | | user_registration_email | fake@fake@fake | Email should look like an email address | diff --git a/features/users/user_delete.feature b/features/users/user_delete.feature index f90e01d1ab3..1b40d046fca 100644 --- a/features/users/user_delete.feature +++ b/features/users/user_delete.feature @@ -19,7 +19,7 @@ Scenario: If I delete a user with no works, the user should be deleted without a And I should be logged out Scenario: If a user chooses "Delete Completely" when removing their account, delete the works associated with that user - Given I am logged in as "otheruser" with password "secret" + Given I am logged in as "otheruser" with password "secret12" And all emails have been delivered And I post the work "To be deleted" When I try to delete my account as otheruser @@ -36,7 +36,7 @@ Scenario: If a user chooses "Delete Completely" when removing their account, de Scenario: Allow a user to orphan their works when deleting their account Given I have an orphan account - When I am logged in as "orphaner" with password "secret" + When I am logged in as "orphaner" with password "secret12" And all emails have been delivered And I post the work "To be orphaned" And I go to the works page diff --git a/features/users/user_edit.feature b/features/users/user_edit.feature index 40c3a11138a..9d0e5035f7c 100644 --- a/features/users/user_edit.feature +++ b/features/users/user_edit.feature @@ -40,7 +40,7 @@ Feature: Given I have no users And the following activated user exists | login | password | - | otheruser | secret | + | otheruser | secret12 | And I am logged in as "downthemall" with password "password" When I visit the change username page for downthemall And I fill in "New username" with "otheruser" @@ -52,7 +52,7 @@ Feature: Given I have no users And the following activated user exists | login | password | - | otheruser | secret | + | otheruser | secret12 | And I am logged in as "downthemall" with password "password" When I visit the change username page for downthemall And I fill in "New username" with "OtherUser" @@ -124,12 +124,12 @@ Feature: Given I have no users And the following activated user exists | login | password | id | - | oldusername | secret | 1 | + | oldusername | secret12 | 1 | And a pseud exists with name: "newusername", user_id: 1 - And I am logged in as "oldusername" with password "secret" + And I am logged in as "oldusername" with password "secret12" When I visit the change username page for oldusername And I fill in "New username" with "newusername" - And I fill in "Password" with "secret" + And I fill in "Password" with "secret12" And I press "Change Username" Then I should get confirmation that I changed my username And I should see "Hi, newusername" @@ -247,12 +247,12 @@ Feature: Given I have no users And the following activated user exists | login | password | - | forbidden | secret | + | forbidden | secret12 | And the username "forbidden" is on the forbidden list - When I am logged in as "forbidden" with password "secret" + When I am logged in as "forbidden" with password "secret12" And I visit the change username page for forbidden And I fill in "New username" with "notforbidden" - And I fill in "Password" with "secret" + And I fill in "Password" with "secret12" And I press "Change Username" Then I should get confirmation that I changed my username And I should see "Hi, notforbidden" diff --git a/features/works/chapter_edit.feature b/features/works/chapter_edit.feature index 9b3b8ff2918..81ba56531b7 100755 --- a/features/works/chapter_edit.feature +++ b/features/works/chapter_edit.feature @@ -203,7 +203,7 @@ Feature: Edit chapters Scenario: Create a work and add a draft chapter, edit the draft chapter, and save changes to the draft chapter without previewing or posting Given basic tags - And I am logged in as "moose" with password "muffin" + And I am logged in as "moose" with password "muffin12" When I go to the new work page Then I should see "Post New Work" And I select "General Audiences" from "Rating" diff --git a/spec/requests/rack_attack_spec.rb b/spec/requests/rack_attack_spec.rb index ac3cca9df96..383743c4ff7 100644 --- a/spec/requests/rack_attack_spec.rb +++ b/spec/requests/rack_attack_spec.rb @@ -15,7 +15,7 @@ def unique_ip_env end def unique_user_params - { user: { login: generate(:login), password: "secret" } } + { user: { login: generate(:login), password: "secret12" } } end def unique_admin_params