JH need more complex passwords

db/fixtures/development/18_abuse_reports.rb

@@ -11,7 +11,7 @@ module Db
                   name: FFaker::Name.name,
                   email: FFaker::Internet.email,
                   confirmed_at: DateTime.now,
-                  password: '12345678'
+                  password: Gitlab::Password.test_default
                 )
 
               ::AbuseReport.create(reporter: ::User.take, user: reported_user, message: 'User sends spam')

ee/spec/features/merge_request/user_approves_with_password_spec.rb

@@ -16,7 +16,7 @@ RSpec.describe 'Merge request > User approves with password', :js do
   end
 
   it 'works, when user approves and enters correct password' do
-    approve_with_password '12345678'
+    approve_with_password Gitlab::Password.test_default
 
     page.within('.js-mr-approvals') do
       expect(page).not_to have_button('Approve')
@@ -25,7 +25,7 @@ RSpec.describe 'Merge request > User approves with password', :js do
   end
 
   it 'does not need password to unapprove' do
-    approve_with_password '12345678'
+    approve_with_password Gitlab::Password.test_default
     unapprove
 
     expect(page).to have_button('Approve')

ee/spec/features/trial_registrations/signin_spec.rb

@@ -18,7 +18,7 @@ RSpec.describe 'Trial Sign In' do
 
       within('div#login-pane') do
         fill_in 'user_login', with: user.email
-        fill_in 'user_password', with: '12345678'
+        fill_in 'user_password', with: Gitlab::Password.test_default
 
         click_button 'Sign in'
       end

ee/spec/features/users/login_spec.rb

@@ -12,7 +12,7 @@ RSpec.describe 'Login' do
   end
 
   it 'creates a security event for an invalid password login' do
-    user = create(:user, password: 'not-the-default')
+    user = create(:user, password: "not" + Gitlab::Password.test_default)
 
     expect { gitlab_sign_in(user) }
       .to change { AuditEvent.where(entity_id: -1).count }.from(0).to(1)

ee/spec/lib/ee/gitlab/scim/provisioning_service_spec.rb

@@ -128,7 +128,8 @@ RSpec.describe ::EE::Gitlab::Scim::ProvisioningService do
         email: 'work@example.com',
         name: 'Test Name',
         extern_uid: 'test_uid',
-        username: 'username'
+        username: 'username',
+        password: Gitlab::Password.test_default
       }
     end
 

ee/spec/lib/gitlab/auth/smartcard/certificate_spec.rb

@@ -142,7 +142,7 @@ RSpec.describe Gitlab::Auth::Smartcard::Certificate do
 
         context 'avoids conflicting namespaces' do
           let(:subject_dn) { '/CN=Gitlab User/emailAddress=gitlab-user@random-corp.org' }
-          let!(:existing_user) { create(:user, username: 'GitlabUser') }
+          let!(:existing_user) { create(:user, username: 'GitlabUser', password: Gitlab::Password.test_default) }
 
           it 'creates user with correct usnername' do
             expect { subject }.to change { User.count }.from(1).to(2)

ee/spec/lib/gitlab/auth_spec.rb

@@ -12,7 +12,7 @@ RSpec.describe Gitlab::Auth do
   end
 
   let(:username) { 'John' } # username isn't lowercase, test this
-  let(:password) { 'my-secret' }
+  let(:password) { Gitlab::Password.test_default }
 
   context 'with kerberos' do
     before do

ee/spec/requests/api/merge_request_approvals_spec.rb

@@ -405,7 +405,7 @@ RSpec.describe API::MergeRequestApprovals do
       context 'when project requires force auth for approval' do
         before do
           project.update!(require_password_to_approve: true)
-          approver.update!(password: 'password')
+          approver.update!(password: Gitlab::Password.test_default)
         end
 
         it 'does not approve the merge request with no password' do
@@ -416,14 +416,14 @@ RSpec.describe API::MergeRequestApprovals do
         end
 
         it 'does not approve the merge request with incorrect password' do
-          approve(approval_password: 'incorrect')
+          approve(approval_password: "not" + Gitlab::Password.test_default)
 
           expect(response).to have_gitlab_http_status(:unauthorized)
           expect(merge_request.reload.approvals_left).to eq(2)
         end
 
         it 'approves the merge request with correct password' do
-          approve(approval_password: 'password')
+          approve(approval_password: Gitlab::Password.test_default)
 
           expect(response).to have_gitlab_http_status(:created)
           expect(merge_request.reload.approvals_left).to eq(1)

ee/spec/requests/api/scim_spec.rb

@@ -7,7 +7,7 @@ RSpec.describe API::Scim do
   let(:scim_token) { create(:scim_oauth_access_token, group: group) }
   let(:group) { identity.group }
 
-  let_it_be(:password) { 'secret_pass' }
+  let_it_be(:password) { Gitlab::Password.test_default }
   let_it_be(:access_token) { 'secret_token' }
 
   before do

ee/spec/requests/api/users_spec.rb

@@ -71,7 +71,7 @@ RSpec.describe API::Users do
 
     describe "PUT /users/:id" do
       it "creates audit event when updating user with new password" do
-        put api("/users/#{user.id}", admin), params: { password: '12345678' }
+        put api("/users/#{user.id}", admin), params: { password: Gitlab::Password.test_default }
 
         expect(AuditEvent.count).to eq(1)
       end

ee/spec/services/ee/users/create_service_spec.rb

@@ -10,7 +10,7 @@ RSpec.describe Users::CreateService do
       name: 'John Doe',
       username: 'jduser',
       email: 'jd@example.com',
-      password: 'mydummypass'
+      password: Gitlab::Password.test_default
     }
   end
 

ee/spec/services/ee/users/update_service_spec.rb

@@ -177,7 +177,7 @@ RSpec.describe Users::UpdateService do
 
       let(:service) { described_class.new(admin_user, ActionController::Parameters.new(params).permit!) }
       let(:params) do
-        { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: 'mydummypass' }
+        { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: Gitlab::Password.test_default }
       end
 
       context 'allowed params' do

ee/spec/services/merge_requests/approval_service_spec.rb

@@ -134,7 +134,7 @@ RSpec.describe MergeRequests::ApprovalService do
     context 'when project requires force auth for approval' do
       before do
         project.update!(require_password_to_approve: true)
-        user.update!(password: 'password')
+        user.update!(password: Gitlab::Password.test_default)
       end
       context 'when password not specified' do
         it 'does not update the approvals' do
@@ -144,7 +144,7 @@ RSpec.describe MergeRequests::ApprovalService do
 
       context 'when incorrect password is specified' do
         let(:params) do
-          { approval_password: 'incorrect' }
+          { approval_password: "not" + Gitlab::Password.test_default }
         end
 
         it 'does not update the approvals' do
@@ -156,7 +156,7 @@ RSpec.describe MergeRequests::ApprovalService do
 
       context 'when correct password is specified' do
         let(:params) do
-          { approval_password: 'password' }
+          { approval_password: Gitlab::Password.test_default }
         end
 
         it 'approves the merge request' do

lib/gitlab/auth/o_auth/user.rb

@@ -230,8 +230,8 @@ module Gitlab
             name:                       name.strip.presence || valid_username,
             username:                   valid_username,
             email:                      email,
-            password:                   auth_hash.password,
-            password_confirmation:      auth_hash.password,
+            password:                   Gitlab::Password.test_default(21),
+            password_confirmation:      Gitlab::Password.test_default(21),
             password_automatically_set: true
           }
         end

lib/gitlab/password.rb

+# frozen_string_literal: true
+
+# This module is used to return fake strong password for tests
+
+module Gitlab
+  module Password
+    DEFAULT_LENGTH = 12
+    TEST_DEFAULT = "123qweQWE!@#" + "0" * (User.password_length.max - DEFAULT_LENGTH)
+    def self.test_default(length = 12)
+      password_length = [[User.password_length.min, length].max, User.password_length.max].min
+      TEST_DEFAULT[...password_length]
+    end
+  end
+end

lib/tasks/gitlab/seed/group_seed.rake

@@ -125,7 +125,7 @@ class GroupSeeder
       name: FFaker::Name.name,
       email: FFaker::Internet.email,
       confirmed_at: DateTime.now,
-      password: Devise.friendly_token
+      password: Gitlab::Password.test_default
     )
   end
 

spec/controllers/admin/users_controller_spec.rb

@@ -612,8 +612,8 @@ RSpec.describe Admin::UsersController do
       end
 
       context 'when the new password does not match the password confirmation' do
-        let(:password) { 'some_password' }
-        let(:password_confirmation) { 'not_same_as_password' }
+        let(:password) { Gitlab::Password.test_default }
+        let(:password_confirmation) { "not" + Gitlab::Password.test_default }
 
         it 'shows the edit page again' do
           update_password(user, password, password_confirmation)

spec/controllers/ldap/omniauth_callbacks_controller_spec.rb

@@ -58,7 +58,7 @@ RSpec.describe Ldap::OmniauthCallbacksController do
   end
 
   context 'sign up' do
-    let(:user) { double(email: +'new@example.com') }
+    let(:user) { create(:user) }
 
     before do
       stub_omniauth_setting(block_auto_created_users: false)

spec/controllers/registrations_controller_spec.rb

@@ -483,7 +483,7 @@ RSpec.describe RegistrationsController do
       end
 
       it 'succeeds if password is confirmed' do
-        post :destroy, params: { password: '12345678' }
+        post :destroy, params: { password: Gitlab::Password.test_default }
 
         expect_success
       end
@@ -524,7 +524,7 @@ RSpec.describe RegistrationsController do
           end
 
           it 'fails' do
-            delete :destroy, params: { password: '12345678' }
+            delete :destroy, params: { password: Gitlab::Password.test_default }
 
             expect_failure(s_('Profiles|You must transfer ownership or delete groups you are an owner of before you can delete your account'))
           end

spec/factories/users.rb

@@ -5,7 +5,7 @@ FactoryBot.define do
     email { generate(:email) }
     name { generate(:name) }
     username { generate(:username) }
-    password { "12345678" }
+    password { Gitlab::Password.test_default }
     role { 'software_developer' }
     confirmed_at { Time.now }
     confirmation_token { nil }

spec/features/password_reset_spec.rb

@@ -44,8 +44,8 @@ RSpec.describe 'Password reset' do
 
       visit(edit_user_password_path(reset_password_token: token))
 
-      fill_in 'New password', with: 'hello1234'
-      fill_in 'Confirm new password', with: 'hello1234'
+      fill_in 'New password', with: "new" + Gitlab::Password.test_default
+      fill_in 'Confirm new password', with: "new" + Gitlab::Password.test_default
 
       click_button 'Change your password'
 

spec/features/profile_spec.rb

@@ -29,7 +29,7 @@ RSpec.describe 'Profile account page', :js do
     it 'deletes user', :js, :sidekiq_might_not_need_inline do
       click_button 'Delete account'
 
-      fill_in 'password', with: '12345678'
+      fill_in 'password', with: Gitlab::Password.test_default
 
       page.within '.modal' do
         click_button 'Delete account'

spec/features/profiles/password_spec.rb

@@ -39,7 +39,7 @@ RSpec.describe 'Profile > Password' do
 
       describe 'User puts the same passwords in the field and in the confirmation' do
         it 'shows a success message' do
-          fill_passwords('mypassword', 'mypassword')
+          fill_passwords(Gitlab::Password.test_default, Gitlab::Password.test_default)
 
           page.within('.flash-notice') do
             expect(page).to have_content('Password was successfully updated. Please sign in again.')
@@ -79,7 +79,7 @@ RSpec.describe 'Profile > Password' do
   end
 
   context 'Change password' do
-    let(:new_password) { '22233344' }
+    let(:new_password) { "new" + Gitlab::Password.test_default }
 
     before do
       sign_in(user)
@@ -170,8 +170,8 @@ RSpec.describe 'Profile > Password' do
       expect(current_path).to eq new_profile_password_path
 
       fill_in :user_password,      with: user.password
-      fill_in :user_new_password,  with: '12345678'
-      fill_in :user_password_confirmation, with: '12345678'
+      fill_in :user_new_password,  with: Gitlab::Password.test_default
+      fill_in :user_password_confirmation, with: Gitlab::Password.test_default
       click_button 'Set new password'
 
       expect(current_path).to eq new_user_session_path

spec/features/users/anonymous_sessions_spec.rb

@@ -9,7 +9,7 @@ RSpec.describe 'Session TTLs', :clean_gitlab_redis_shared_state do
     visit new_user_session_path
     # The session key only gets created after a post
     fill_in 'user_login', with: 'non-existant@gitlab.org'
-    fill_in 'user_password', with: '12345678'
+    fill_in 'user_password', with: Gitlab::Password.test_default
     click_button 'Sign in'
 
     expect(page).to have_content('Invalid login or password')

spec/features/users/login_spec.rb

@@ -49,15 +49,15 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
       expect(current_path).to eq edit_user_password_path
       expect(page).to have_content('Please create a password for your new account.')
 
-      fill_in 'user_password',              with: 'password'
-      fill_in 'user_password_confirmation', with: 'password'
+      fill_in 'user_password',              with: Gitlab::Password.test_default
+      fill_in 'user_password_confirmation', with: Gitlab::Password.test_default
       click_button 'Change your password'
 
       expect(current_path).to eq new_user_session_path
       expect(page).to have_content(I18n.t('devise.passwords.updated_not_active'))
 
       fill_in 'user_login',    with: user.username
-      fill_in 'user_password', with: 'password'
+      fill_in 'user_password', with: Gitlab::Password.test_default
       click_button 'Sign in'
 
       expect_single_session_with_authenticated_ttl
@@ -210,7 +210,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
       end
 
       it 'does not allow sign-in if the user password is updated before entering a one-time code' do
-        user.update!(password: 'new_password')
+        user.update!(password: "new" + Gitlab::Password.test_default)
 
         enter_code(user.current_otp)
 
@@ -447,7 +447,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
           visit new_user_session_path
 
           fill_in 'user_login', with: user.email
-          fill_in 'user_password', with: '12345678'
+          fill_in 'user_password', with: Gitlab::Password.test_default
           click_button 'Sign in'
 
           expect(current_path).to eq(new_profile_password_path)
@@ -456,7 +456,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
     end
 
     context 'with invalid username and password' do
-      let(:user) { create(:user, password: 'not-the-default') }
+      let(:user) { create(:user, password: "not" + Gitlab::Password.test_default) }
 
       it 'blocks invalid login' do
         expect(authentication_metrics)
@@ -767,7 +767,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
       visit new_user_session_path
 
       fill_in 'user_login', with: user.email
-      fill_in 'user_password', with: '12345678'
+      fill_in 'user_password', with: Gitlab::Password.test_default
 
       click_button 'Sign in'
 
@@ -788,7 +788,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
       visit new_user_session_path
 
       fill_in 'user_login', with: user.email
-      fill_in 'user_password', with: '12345678'
+      fill_in 'user_password', with: Gitlab::Password.test_default
 
       click_button 'Sign in'
 
@@ -809,7 +809,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
           visit new_user_session_path
 
           fill_in 'user_login', with: user.email
-          fill_in 'user_password', with: '12345678'
+          fill_in 'user_password', with: Gitlab::Password.test_default
 
           click_button 'Sign in'
 
@@ -844,7 +844,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
           visit new_user_session_path
 
           fill_in 'user_login', with: user.email
-          fill_in 'user_password', with: '12345678'
+          fill_in 'user_password', with: Gitlab::Password.test_default
           click_button 'Sign in'
 
           fill_in 'user_otp_attempt', with: user.reload.current_otp
@@ -870,7 +870,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
         visit new_user_session_path
 
         fill_in 'user_login', with: user.email
-        fill_in 'user_password', with: '12345678'
+        fill_in 'user_password', with: Gitlab::Password.test_default
         click_button 'Sign in'
 
         expect_to_be_on_terms_page
@@ -878,7 +878,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
 
         expect(current_path).to eq(new_profile_password_path)
 
-        fill_in 'user_password', with: '12345678'
+        fill_in 'user_password', with: Gitlab::Password.test_default
         fill_in 'user_new_password', with: 'new password'
         fill_in 'user_password_confirmation', with: 'new password'
         click_button 'Set new password'

spec/lib/gitlab/auth_spec.rb

@@ -87,7 +87,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
       end
 
       context 'when IP is already banned' do
-        subject { gl_auth.find_for_git_client('username', 'password', project: nil, ip: 'ip') }
+        subject { gl_auth.find_for_git_client('username', Gitlab::Password.test_default, project: nil, ip: 'ip') }
 
         before do
           expect_next_instance_of(Gitlab::Auth::IpRateLimiter) do |rate_limiter|
@@ -204,16 +204,16 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
     end
 
     it 'recognizes master passwords' do
-      user = create(:user, password: 'password')
+      user = create(:user, password: Gitlab::Password.test_default)
 
-      expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to have_attributes(actor: user, project: nil, type: :gitlab_or_ldap, authentication_abilities: described_class.full_authentication_abilities)
+      expect(gl_auth.find_for_git_client(user.username, Gitlab::Password.test_default, project: nil, ip: 'ip')).to have_attributes(actor: user, project: nil, type: :gitlab_or_ldap, authentication_abilities: described_class.full_authentication_abilities)
     end
 
     include_examples 'user login operation with unique ip limit' do
-      let(:user) { create(:user, password: 'password') }
+      let(:user) { create(:user, password: Gitlab::Password.test_default) }
 
       def operation
-        expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to have_attributes(actor: user, project: nil, type: :gitlab_or_ldap, authentication_abilities: described_class.full_authentication_abilities)
+        expect(gl_auth.find_for_git_client(user.username, Gitlab::Password.test_default, project: nil, ip: 'ip')).to have_attributes(actor: user, project: nil, type: :gitlab_or_ldap, authentication_abilities: described_class.full_authentication_abilities)
       end
     end
 
@@ -477,7 +477,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
           :user,
           :blocked,
           username: 'normal_user',
-          password: 'my-secret'
+          password: Gitlab::Password.test_default
         )
 
         expect(gl_auth.find_for_git_client(user.username, user.password, project: nil, ip: 'ip'))
@@ -486,7 +486,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
 
       context 'when 2fa is enabled globally' do
         let_it_be(:user) do
-          create(:user, username: 'normal_user', password: 'my-secret', otp_grace_period_started_at: 1.day.ago)
+          create(:user, username: 'normal_user', password: Gitlab::Password.test_default, otp_grace_period_started_at: 1.day.ago)
         end
 
         before do
@@ -510,7 +510,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
 
       context 'when 2fa is enabled personally' do
         let(:user) do
-          create(:user, :two_factor, username: 'normal_user', password: 'my-secret', otp_grace_period_started_at: 1.day.ago)
+          create(:user, :two_factor, username: 'normal_user', password: Gitlab::Password.test_default, otp_grace_period_started_at: 1.day.ago)
         end
 
         it 'fails' do
@@ -523,7 +523,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
         user = create(
           :user,
           username: 'normal_user',
-          password: 'my-secret'
+          password: Gitlab::Password.test_default
         )
 
         expect(gl_auth.find_for_git_client(user.username, user.password, project: nil, ip: 'ip'))
@@ -534,7 +534,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
         user = create(
           :user,
           username: 'oauth2',
-          password: 'my-secret'
+          password: Gitlab::Password.test_default
         )
 
         expect(gl_auth.find_for_git_client(user.username, user.password, project: nil, ip: 'ip'))
@@ -609,7 +609,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
 
       context 'when deploy token and user have the same username' do
         let(:username) { 'normal_user' }
-        let(:user) { create(:user, username: username, password: 'my-secret') }
+        let(:user) { create(:user, username: username, password: Gitlab::Password.test_default) }
         let(:deploy_token) { create(:deploy_token, username: username, read_registry: false, projects: [project]) }
 
         it 'succeeds for the token' do
@@ -622,7 +622,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
         it 'succeeds for the user' do
           auth_success = { actor: user, project: nil, type: :gitlab_or_ldap, authentication_abilities: described_class.full_authentication_abilities }
 
-          expect(gl_auth.find_for_git_client(username, 'my-secret', project: project, ip: 'ip'))
+          expect(gl_auth.find_for_git_client(username, Gitlab::Password.test_default, project: project, ip: 'ip'))
             .to have_attributes(auth_success)
         end
       end
@@ -816,7 +816,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
     end
 
     let(:username) { 'John' } # username isn't lowercase, test this
-    let(:password) { 'my-secret' }
+    let(:password) { Gitlab::Password.test_default }
 
     it "finds user by valid login/password" do
       expect(gl_auth.find_with_user_password(username, password)).to eql user
@@ -941,13 +941,13 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
       it "does not find user by using ldap as fallback to for authentication" do
         expect(Gitlab::Auth::Ldap::Authentication).to receive(:login).and_return(nil)
 
-        expect(gl_auth.find_with_user_password('ldap_user', 'password')).to be_nil
+        expect(gl_auth.find_with_user_password('ldap_user', Gitlab::Password.test_default)).to be_nil
       end
 
       it "find new user by using ldap as fallback to for authentication" do
         expect(Gitlab::Auth::Ldap::Authentication).to receive(:login).and_return(user)
 
-        expect(gl_auth.find_with_user_password('ldap_user', 'password')).to eq(user)
+        expect(gl_auth.find_with_user_password('ldap_user', Gitlab::Password.test_default)).to eq(user)
       end
     end
 

spec/mailers/emails/profile_spec.rb

@@ -49,7 +49,7 @@ RSpec.describe Emails::Profile do
 
   describe 'for users that signed up, the email' do
     let(:example_site_path) { root_path }
-    let(:new_user) { create(:user, email: new_user_address, password: "securePassword") }
+    let(:new_user) { create(:user, email: new_user_address, password: Gitlab::Password.test_default) }
 
     subject { Notify.new_user_email(new_user.id) }
 

spec/models/hooks/system_hook_spec.rb

@@ -37,7 +37,7 @@ RSpec.describe SystemHook do
     let(:project)     { create(:project, namespace: user.namespace) }
     let(:group)       { create(:group) }
     let(:params) do
-      { name: 'John Doe', username: 'jduser', email: 'jg@example.com', password: 'mydummypass' }
+      { name: 'John Doe', username: 'jduser', email: 'jg@example.com', password: Gitlab::Password.test_default }
     end
 
     before do

spec/models/user_spec.rb

@@ -1672,9 +1672,9 @@ RSpec.describe User do
 
   describe '#generate_password' do
     it 'does not generate password by default' do
-      user = create(:user, password: 'abcdefghe')
+      user = create(:user, password: Gitlab::Password.test_default)
 
-      expect(user.password).to eq('abcdefghe')
+      expect(user.password).to eq(Gitlab::Password.test_default)
     end
   end
 

spec/requests/api/users_spec.rb

@@ -1027,7 +1027,7 @@ RSpec.describe API::Users do
       post api('/users', admin),
         params: {
           email: 'invalid email',
-          password: 'password',
+          password: Gitlab::Password.test_default,
           name: 'test'
         }
       expect(response).to have_gitlab_http_status(:bad_request)
@@ -1093,7 +1093,7 @@ RSpec.describe API::Users do
         post api('/users', admin),
           params: {
             email: 'test@example.com',
-            password: 'password',
+            password: Gitlab::Password.test_default,
             username: 'test',
             name: 'foo'
           }
@@ -1105,7 +1105,7 @@ RSpec.describe API::Users do
             params: {
               name: 'foo',
               email: 'test@example.com',
-              password: 'password',
+              password: Gitlab::Password.test_default,
               username: 'foo'
             }
         end.to change { User.count }.by(0)
@@ -1119,7 +1119,7 @@ RSpec.describe API::Users do
             params: {
               name: 'foo',
               email: 'foo@example.com',
-              password: 'password',
+              password: Gitlab::Password.test_default,
               username: 'test'
             }
         end.to change { User.count }.by(0)
@@ -1133,7 +1133,7 @@ RSpec.describe API::Users do
             params: {
               name: 'foo',
               email: 'foo@example.com',
-              password: 'password',
+              password: Gitlab::Password.test_default,
               username: 'TEST'
             }
         end.to change { User.count }.by(0)
@@ -1478,8 +1478,8 @@ RSpec.describe API::Users do
 
     context "with existing user" do
       before do
-        post api("/users", admin), params: { email: 'test@example.com', password: 'password', username: 'test', name: 'test' }
-        post api("/users", admin), params: { email: 'foo@bar.com', password: 'password', username: 'john', name: 'john' }
+        post api("/users", admin), params: { email: 'test@example.com', password: Gitlab::Password.test_default, username: 'test', name: 'test' }
+        post api("/users", admin), params: { email: 'foo@bar.com', password: Gitlab::Password.test_default, username: 'john', name: 'john' }
         @user = User.all.last
       end
 

spec/requests/git_http_spec.rb

@@ -319,7 +319,7 @@ RSpec.describe 'Git HTTP requests' do
             context 'when user is using credentials with special characters' do
               context 'with password with special characters' do
                 before do
-                  user.update!(password: 'RKszEwéC5kFnû∆f243fycGu§Gh9ftDj!U')
+                  user.update!(password: Gitlab::Password.test_default)
                 end
 
                 it 'allows clones' do
@@ -1670,7 +1670,7 @@ RSpec.describe 'Git HTTP requests' do
             context 'when user is using credentials with special characters' do
               context 'with password with special characters' do
                 before do
-                  user.update!(password: 'RKszEwéC5kFnû∆f243fycGu§Gh9ftDj!U')
+                  user.update!(password: Gitlab::Password.test_default)
                 end
 
                 it 'allows clones' do

spec/services/users/create_service_spec.rb

@@ -12,7 +12,7 @@ RSpec.describe Users::CreateService do
 
       context 'when required parameters are provided' do
         let(:params) do
-          { name: 'John Doe', username: 'jduser', email: email, password: 'mydummypass' }
+          { name: 'John Doe', username: 'jduser', email: email, password: Gitlab::Password.test_default }
         end
 
         it 'returns a persisted user' do
@@ -82,13 +82,13 @@ RSpec.describe Users::CreateService do
 
       context 'when force_random_password parameter is true' do
         let(:params) do
-          { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: 'mydummypass', force_random_password: true }
+          { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: Gitlab::Password.test_default, force_random_password: true }
         end
 
         it 'generates random password' do
           user = service.execute
 
-          expect(user.password).not_to eq 'mydummypass'
+          expect(user.password).not_to eq Gitlab::Password.test_default
           expect(user.password).to be_present
         end
       end
@@ -99,7 +99,7 @@ RSpec.describe Users::CreateService do
             name: 'John Doe',
             username: 'jduser',
             email: 'jd@example.com',
-            password: 'mydummypass',
+            password: Gitlab::Password.test_default,
             password_automatically_set: true
           }
         end
@@ -121,7 +121,7 @@ RSpec.describe Users::CreateService do
 
       context 'when skip_confirmation parameter is true' do
         let(:params) do
-          { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: 'mydummypass', skip_confirmation: true }
+          { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: Gitlab::Password.test_default, skip_confirmation: true }
         end
 
         it 'confirms the user' do
@@ -131,7 +131,7 @@ RSpec.describe Users::CreateService do
 
       context 'when reset_password parameter is true' do
         let(:params) do
-          { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: 'mydummypass', reset_password: true }
+          { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: Gitlab::Password.test_default, reset_password: true }
         end
 
         it 'resets password even if a password parameter is given' do
@@ -152,7 +152,7 @@ RSpec.describe Users::CreateService do
 
     context 'with nil user' do
       let(:params) do
-        { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: 'mydummypass', skip_confirmation: true }
+        { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: Gitlab::Password.test_default, skip_confirmation: true }
       end
 
       let(:service) { described_class.new(nil, params) }

spec/support/helpers/login_helpers.rb

@@ -95,7 +95,7 @@ module LoginHelpers
     visit new_user_session_path
 
     fill_in "user_login", with: user.email
-    fill_in "user_password", with: "12345678"
+    fill_in "user_password", with: Gitlab::Password.test_default
     check 'user_remember_me' if remember
 
     click_button "Sign in"

spec/tasks/gitlab/password_rake_spec.rb

@@ -3,7 +3,7 @@
 require 'rake_helper'
 
 RSpec.describe 'gitlab:password rake tasks', :silence_stdout do
-  let_it_be(:user_1) { create(:user, username: 'foobar', password: 'initial_password') }
+  let_it_be(:user_1) { create(:user, username: 'foobar', password: Gitlab::Password.test_default) }
 
   def stub_username(username)
     allow(Gitlab::TaskHelpers).to receive(:prompt).with('Enter username: ').and_return(username)
@@ -19,14 +19,14 @@ RSpec.describe 'gitlab:password rake tasks', :silence_stdout do
     Rake.application.rake_require 'tasks/gitlab/password'
 
     stub_username('foobar')
-    stub_password('secretpassword')
+    stub_password(Gitlab::Password.test_default)
   end
 
   describe ':reset' do
     context 'when all inputs are correct' do
       it 'updates the password properly' do
         run_rake_task('gitlab:password:reset', user_1.username)
-        expect(user_1.reload.valid_password?('secretpassword')).to eq(true)
+        expect(user_1.reload.valid_password?(Gitlab::Password.test_default)).to eq(true)
       end
     end
 
@@ -55,7 +55,7 @@ RSpec.describe 'gitlab:password rake tasks', :silence_stdout do
 
     context 'when passwords do not match' do
       before do
-        stub_password('randompassword', 'differentpassword')
+        stub_password(Gitlab::Password.test_default, "different" + Gitlab::Password.test_default)
       end
 
       it 'aborts with an error' do