Feat/password complexity (#1133)

This pull request introduces password strength validation using the
`devise_zxcvbn` gem and improves internationalization for
password-related messages. The most significant changes include adding
the new dependency, integrating the module into the user model, and
updating translations for password strength feedback in English,
Spanish, and French. Minor localization improvements and code comments
addressing registration issues are also included.

**Password Strength Validation Integration**
* Added `devise_zxcvbn` as a dependency in `better_together.gemspec` and
required it in `lib/better_together/engine.rb` to enable password
strength checking.
[[1]](diffhunk://#diff-24601cecbf8b67ba22917d400c4fc5c238e320bb1d4080343f1e83c323e1ad49R40)
[[2]](diffhunk://#diff-4d654c2606392ee71bcc9f10c2846596452c072e8412ccca13c49971ee48dd57R17)
* Integrated the `:zxcvbnable` module into the `User` model via Devise
to enforce strong password requirements.

**Internationalization and Localization**
* Added new `weak_password` validation messages in English
(`config/locales/en.yml`), Spanish (`config/locales/es.yml`), and French
(`config/locales/fr.yml`) to provide clear feedback when a password is
too weak.
[[1]](diffhunk://#diff-44438ce218f5287c58d0017f965d888715635d94280669896f75841fbd7b4cd7R1850-R1852)
[[2]](diffhunk://#diff-4bbf4ee302c9607c80408361708b8b9fde3ee7afc5b505bfd69d429dd433f915R1873-R1875)
[[3]](diffhunk://#diff-2c5ab6165f7efe573a84107e0e51102ad47cefb0c65629759d7458eee14326e7R1881-R1883)
* Added translations for "password" and corrected locale names in
Spanish and French files; also added Ukrainian as a supported locale.
[[1]](diffhunk://#diff-4bbf4ee302c9607c80408361708b8b9fde3ee7afc5b505bfd69d429dd433f915R412)
[[2]](diffhunk://#diff-2c5ab6165f7efe573a84107e0e51102ad47cefb0c65629759d7458eee14326e7R412)
[[3]](diffhunk://#diff-4bbf4ee302c9607c80408361708b8b9fde3ee7afc5b505bfd69d429dd433f915R2074)
[[4]](diffhunk://#diff-2c5ab6165f7efe573a84107e0e51102ad47cefb0c65629759d7458eee14326e7L2075-R2081)

**Code Comments and Registration Flow**
* Added a comment in the `User#person` method and a TODO block for
`weak_words` to highlight potential save issues during registration due
to automatic association building.
[[1]](diffhunk://#diff-f998d6bc00cf682534504b180b280e4f4d33f62aac154bffe2d05c4ea72eb0eeL44-R45)
[[2]](diffhunk://#diff-f998d6bc00cf682534504b180b280e4f4d33f62aac154bffe2d05c4ea72eb0eeR70-R76)

Author: rsmithlal

.rubocop.yml

@@ -1,3 +1,5 @@
+inherit_from: .rubocop_todo.yml
+
 AllCops:
   Exclude:
     - 'bin/*'

.rubocop_todo.yml

@@ -0,0 +1,43 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2025-11-04 02:06:37 UTC using RuboCop version 1.81.6.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 52
+# This cop supports safe autocorrection (--autocorrect).
+Lint/RedundantCopDisableDirective:
+  Enabled: false
+
+# Offense count: 2
+# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
+Metrics/MethodLength:
+  Max: 14
+
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, SingleLineConditionsOnly, IncludeTernaryExpressions.
+# SupportedStyles: assign_to_condition, assign_inside_condition
+Style/ConditionalAssignment:
+  Exclude:
+    - 'app/controllers/better_together/joatu/hub_controller.rb'
+
+# Offense count: 29
+# This cop supports safe autocorrection (--autocorrect).
+Style/IfUnlessModifier:
+  Enabled: false
+
+# Offense count: 1
+# Configuration parameters: Max.
+Style/SafeNavigationChainLength:
+  Exclude:
+    - 'spec/features/devise/registration_spec.rb'
+
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowHeredoc, AllowURI, AllowQualifiedName, URISchemes, IgnoreCopDirectives, AllowedPatterns, SplitStrings.
+# URISchemes: http, https
+Layout/LineLength:
+  Max: 145

Gemfile.lock

@@ -29,6 +29,7 @@ PATH
       devise
       devise-i18n
       devise-jwt
+      devise_zxcvbn
       elasticsearch-model (~> 7)
       elasticsearch-rails (~> 7)
       font-awesome-sass (~> 6.5)
@@ -266,6 +267,9 @@ GEM
     devise-jwt (0.12.1)
       devise (~> 4.0)
       warden-jwt_auth (~> 0.10)
+    devise_zxcvbn (6.0.0)
+      devise
+      zxcvbn (~> 0.1.7)
     diff-lcs (1.6.2)
     disposable (0.6.3)
       declarative (>= 0.0.9, < 1.0.0)
@@ -833,6 +837,7 @@ GEM
     xpath (3.2.0)
       nokogiri (~> 1.8)
     zeitwerk (2.7.3)
+    zxcvbn (0.1.13)
 
 PLATFORMS
   aarch64-linux

app/controllers/better_together/users/registrations_controller.rb

@@ -7,6 +7,7 @@ class RegistrationsController < ::Devise::RegistrationsController # rubocop:todo
       include DeviseLocales
 
       skip_before_action :check_platform_privacy
+      before_action :configure_permitted_parameters
       before_action :set_required_agreements, only: %i[new create]
       before_action :set_event_invitation_from_session, only: %i[new create]
       before_action :configure_account_update_params, only: [:update]
@@ -63,18 +64,12 @@ def update # rubocop:todo Metrics/AbcSize, Metrics/MethodLength
 
       def new
         super do |user|
-          # Pre-fill email from platform invitation
-          user.email = @platform_invitation.invitee_email if @platform_invitation && user.email.empty?
-
-          if @event_invitation
-            # Pre-fill email from event invitation
-            user.email = @event_invitation.invitee_email if @event_invitation && user.email.empty?
-            user.person = @event_invitation.invitee if @event_invitation.invitee.present?
-          end
+          setup_user_from_invitations(user)
+          user.build_person unless user.person
         end
       end
 
-      def create # rubocop:todo Metrics/MethodLength
+      def create # rubocop:todo Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
         unless agreements_accepted?
           handle_agreements_not_accepted
           return
@@ -87,11 +82,25 @@ def create # rubocop:todo Metrics/MethodLength
           return
         end
 
+        # Use transaction for all user creation and associated records
         ActiveRecord::Base.transaction do
-          super do |user|
-            handle_user_creation(user) if user.persisted?
+          # Call Devise's default create behavior
+          super
+
+          # Handle post-registration setup if user was created successfully
+          if resource.persisted? && resource.errors.empty?
+            handle_user_creation(resource)
+          elsif resource.persisted?
+            # User was created but has errors - rollback to maintain consistency
+            raise ActiveRecord::Rollback
           end
         end
+      rescue ActiveRecord::RecordInvalid, ActiveRecord::InvalidForeignKey => e
+        # Clean up and show user-friendly error
+        Rails.logger.error "Registration failed: #{e.message}"
+        build_resource(sign_up_params) if resource.nil?
+        resource&.errors&.add(:base, 'Registration could not be completed. Please try again.')
+        respond_with resource
       end
 
       protected
@@ -105,6 +114,10 @@ def configure_account_update_params
                                           keys: %i[email password password_confirmation current_password])
       end
 
+      def configure_permitted_parameters
+        devise_parameter_sanitizer.permit(:sign_up, keys: [person_attributes: %i[identifier name description]])
+      end
+
       def set_required_agreements
         @privacy_policy_agreement = BetterTogether::Agreement.find_by(identifier: 'privacy_policy')
         @terms_of_service_agreement = BetterTogether::Agreement.find_by(identifier: 'terms_of_service')
@@ -170,32 +183,116 @@ def handle_agreements_not_accepted
         respond_with resource
       end
 
+      def setup_user_from_invitations(user)
+        # Pre-fill email from platform invitation
+        user.email = @platform_invitation.invitee_email if @platform_invitation && user.email.empty?
+
+        return unless @event_invitation
+
+        # Pre-fill email from event invitation
+        user.email = @event_invitation.invitee_email if @event_invitation && user.email.empty?
+        user.person = @event_invitation.invitee if @event_invitation.invitee.present?
+      end
+
       def handle_user_creation(user)
-        setup_person_for_user(user)
-        return unless user.save!
+        return unless event_invitation_person_updated?(user)
 
+        # Reload user to ensure all nested attributes and associations are properly loaded
         user.reload
-        setup_community_membership(user)
+        person = user.person
+
+        return unless person_persisted?(user, person)
+
+        setup_community_membership(user, person)
         handle_platform_invitation(user)
         handle_event_invitation(user)
-        create_agreement_participants(user.person)
+        create_agreement_participants(person)
+      end
+
+      def event_invitation_person_updated?(user)
+        return true unless @event_invitation&.invitee.present?
+
+        return true if user.person.update(person_params)
+
+        Rails.logger.error "Failed to update person for event invitation: #{user.person.errors.full_messages}"
+        false
+      end
+
+      def person_persisted?(user, person)
+        return true if person&.persisted?
+
+        Rails.logger.error "Person not found or not persisted for user #{user.id}"
+        false
       end
 
       def setup_person_for_user(user)
-        if @event_invitation && @event_invitation.invitee.present?
-          user.person = @event_invitation.invitee
-          user.person.update(person_params)
-        else
-          user.build_person(person_params)
-        end
+        return update_existing_person_for_event(user) if @event_invitation&.invitee.present?
+
+        create_new_person_for_user(user)
+      end
+
+      def update_existing_person_for_event(user)
+        user.person = @event_invitation.invitee
+        return if user.person.update(person_params)
+
+        Rails.logger.error "Failed to update person for event invitation: #{user.person.errors.full_messages}"
+        user.errors.add(:person, 'Could not update person information')
       end
 
-      def setup_community_membership(user)
+      def create_new_person_for_user(user)
+        return handle_empty_person_params(user) if person_params.empty?
+
+        user.build_person(person_params)
+        return unless person_validated_and_saved?(user)
+
+        save_person_identification(user)
+      end
+
+      def handle_empty_person_params(user)
+        Rails.logger.error 'Person params are empty, cannot build person'
+        user.errors.add(:person, 'Person information is required')
+      end
+
+      def person_validated_and_saved?(user)
+        return save_person?(user) if user.person.valid?
+
+        Rails.logger.error "Person validation failed: #{user.person.errors.full_messages}"
+        user.errors.add(:person, 'Person information is invalid')
+        false
+      end
+
+      def save_person?(user)
+        return true if user.person.save
+
+        Rails.logger.error "Failed to save person: #{user.person.errors.full_messages}"
+        user.errors.add(:person, 'Could not save person information')
+        false
+      end
+
+      def save_person_identification(user)
+        person_identification = user.person_identification
+        return if person_identification&.save
+
+        Rails.logger.error "Failed to save person identification: #{person_identification&.errors&.full_messages}"
+        user.errors.add(:person, 'Could not link person to user')
+      end
+
+      def setup_community_membership(user, person_param = nil)
+        person = person_param || user.person
         community_role = determine_community_role
-        helpers.host_community.person_community_memberships.find_or_create_by!(
-          member: user.person,
-          role: community_role
-        )
+
+        begin
+          helpers.host_community.person_community_memberships.find_or_create_by!(
+            member: person,
+            role: community_role
+          )
+        rescue ActiveRecord::InvalidForeignKey => e
+          Rails.logger.error "Foreign key violation creating community membership: #{e.message}"
+          raise e
+        rescue StandardError => e
+          Rails.logger.error "Unexpected error creating community membership: #{e.message}"
+          raise e
+        end
       end
 
       def handle_platform_invitation(user)
@@ -235,10 +332,18 @@ def after_update_path_for(_resource)
       end
 
       def person_params
+        return {} unless params[:user] && params[:user][:person_attributes]
+
         params.require(:user).require(:person_attributes).permit(%i[identifier name description])
+      rescue ActionController::ParameterMissing => e
+        Rails.logger.error "Missing person parameters: #{e.message}"
+        {}
       end
 
       def agreements_accepted?
+        # Ensure required agreements are set
+        set_required_agreements if @privacy_policy_agreement.nil?
+
         required = [params[:privacy_policy_agreement], params[:terms_of_service_agreement]]
         # If a code of conduct agreement exists, require it as well
         required << params[:code_of_conduct_agreement] if @code_of_conduct_agreement.present?
@@ -247,11 +352,21 @@ def agreements_accepted?
       end
 
       def create_agreement_participants(person)
+        unless person&.persisted?
+          Rails.logger.error 'Cannot create agreement participants - person not persisted'
+          return
+        end
+
         identifiers = %w[privacy_policy terms_of_service]
         identifiers << 'code_of_conduct' if BetterTogether::Agreement.exists?(identifier: 'code_of_conduct')
         agreements = BetterTogether::Agreement.where(identifier: identifiers)
+
         agreements.find_each do |agreement|
-          BetterTogether::AgreementParticipant.create!(agreement: agreement, person: person, accepted_at: Time.current)
+          BetterTogether::AgreementParticipant.create!(
+            agreement: agreement,
+            person: person,
+            accepted_at: Time.current
+          )
         end
       end
     end

app/models/better_together/identification.rb

@@ -10,6 +10,8 @@ class Identification < ApplicationRecord
                polymorphic: true,
                autosave: true
 
+    accepts_nested_attributes_for :identity
+
     validates :identity,
               presence: true
     validates :agent,