From 8588e8b9316538f27f45a6e380bd0663bb509d66 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Thu, 27 Oct 2022 09:10:57 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 spec/features/profiles/password_spec.rb | 44 +++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

(limited to 'spec/features')

diff --git a/spec/features/profiles/password_spec.rb b/spec/features/profiles/password_spec.rb
index 6c860740354..8887ff1746d 100644
--- a/spec/features/profiles/password_spec.rb
+++ b/spec/features/profiles/password_spec.rb
@@ -152,6 +152,33 @@ RSpec.describe 'Profile > Password' do
       it_behaves_like 'user enters an incorrect current password'
     end
 
+    context 'when the password is too weak' do
+      let(:new_password) { 'password' }
+
+      subject do
+        page.within '.update-password' do
+          fill_in "user_password", with: user.password
+          fill_passwords(new_password, new_password)
+        end
+      end
+
+      it 'tracks the error and does not change the password', :aggregate_failures do
+        expect { subject }.not_to change { user.reload.valid_password?(new_password) }
+        expect(user.failed_attempts).to eq(0)
+
+        page.within '.gl-alert-danger' do
+          expect(page).to have_content('must not contain commonly used combinations of words and letters')
+        end
+
+        expect_snowplow_event(
+          category: 'Gitlab::Tracking::Helpers::WeakPasswordErrorEvent',
+          action: 'track_weak_password_error',
+          controller: 'Profiles::PasswordsController',
+          method: 'update'
+        )
+      end
+    end
+
     context 'when the password reset is successful' do
       subject do
         page.within '.update-password' do
@@ -195,6 +222,23 @@ RSpec.describe 'Profile > Password' do
       expect(page).to have_current_path new_user_session_path, ignore_query: true
     end
 
+    it 'tracks weak password error' do
+      visit edit_profile_password_path
+
+      expect(page).to have_current_path new_profile_password_path, ignore_query: true
+
+      fill_in :user_password,      with: user.password
+      fill_in :user_new_password,  with: "password"
+      fill_in :user_password_confirmation, with: "password"
+      click_button 'Set new password'
+      expect_snowplow_event(
+        category: 'Gitlab::Tracking::Helpers::WeakPasswordErrorEvent',
+        action: 'track_weak_password_error',
+        controller: 'Profiles::PasswordsController',
+        method: 'create'
+      )
+    end
+
     context 'when global require_two_factor_authentication is enabled' do
       it 'needs change user password' do
         stub_application_setting(require_two_factor_authentication: true)
-- 
cgit v1.2.3