From cef160aa9c0042effcf77270a881e79b9ed52b78 Mon Sep 17 00:00:00 2001 From: SimonLab Date: Fri, 15 May 2020 16:10:10 +0100 Subject: [PATCH 1/2] run changeset to validate password, #67 --- lib/auth/person.ex | 3 ++- lib/auth_web/controllers/auth_controller.ex | 16 ++++++++++++++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/lib/auth/person.ex b/lib/auth/person.ex index 3f667345..ec433b7f 100644 --- a/lib/auth/person.ex +++ b/lib/auth/person.ex @@ -74,6 +74,8 @@ defmodule Auth.Person do def password_new_changeset(attrs) do %Person{} |> cast(attrs, [:email, :password]) + |> validate_required([:password]) + |> validate_length(:password, min: 8) end @doc """ @@ -247,7 +249,6 @@ defmodule Auth.Person do cyphertext |> Base58.decode() |> Fields.AES.decrypt() rescue ArgumentError -> - # IO.puts("AES.decrypt() unable to decrypt client_id") 0 end end diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex index 820765ff..291ce0f0 100644 --- a/lib/auth_web/controllers/auth_controller.ex +++ b/lib/auth_web/controllers/auth_controller.ex @@ -301,8 +301,20 @@ defmodule AuthWeb.AuthController do def password_create(conn, params) do p = params["person"] email = Auth.Person.decrypt_email(p["email"]) - person = Auth.Person.upsert_person(%{email: email, password: p["password"]}) - redirect_or_render(conn, person, p["state"]) + changeset = Auth.Person.password_new_changeset(%{email: email, password: p["password"]}) + + if changeset.valid? do + person = Auth.Person.upsert_person(%{email: email, password: p["password"]}) + redirect_or_render(conn, person, p["state"]) + else + conn + |> assign(:action, Routes.auth_path(conn, :password_create)) + |> render("password_create.html", + changeset: changeset, + state: p["state"], + email: p["email"] + ) + end end @doc """ From fb99b83659a3ea37a8c3c0a60344e3ada64a2c96 Mon Sep 17 00:00:00 2001 From: SimonLab Date: Fri, 15 May 2020 16:19:42 +0100 Subject: [PATCH 2/2] test redirect to password form when invalid, #16 --- test/auth_web/controllers/auth_controller_test.exs | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs index 33f57972..24f0f37b 100644 --- a/test/auth_web/controllers/auth_controller_test.exs +++ b/test/auth_web/controllers/auth_controller_test.exs @@ -285,6 +285,18 @@ defmodule AuthWeb.AuthControllerTest do assert html_response(conn, 200) =~ "Welcome" end + test "password_create/2 display form when password not valid", %{conn: conn} do + params = %{ + "person" => %{ + "email" => AuthWeb.ApikeyController.encrypt_encode("anabela@mail.com"), + "password" => "short" + } + } + + conn = post(conn, "/auth/password/create", params) + assert html_response(conn, 200) =~ "Password" + end + test "verify_email/2 verify an email address", %{conn: conn} do person = %{email: "anabela@mail.com", auth_provider: "email"}