1 files changed, 33 insertions, 0 deletions

diff --git a/spec/controllers/registrations_controller_spec.rb b/spec/controllers/registrations_controller_spec.rb
index 70d4559edc1..637c774c38b 100644
--- a/spec/controllers/registrations_controller_spec.rb
+++ b/spec/controllers/registrations_controller_spec.rb
@@ -7,6 +7,7 @@ RSpec.describe RegistrationsController do
 
   before do
     stub_application_setting(require_admin_approval_after_user_signup: false)
+    stub_feature_flags(arkose_labs_signup_challenge: false)
   end
 
   describe '#new' do
@@ -121,6 +122,7 @@ RSpec.describe RegistrationsController do
           context 'when `send_user_confirmation_email` is true' do
             before do
               stub_application_setting(send_user_confirmation_email: true)
+              stub_feature_flags(identity_verification: false)
             end
 
             it 'sends a confirmation email' do
@@ -133,6 +135,10 @@ RSpec.describe RegistrationsController do
     end
 
     context 'email confirmation' do
+      before do
+        stub_feature_flags(identity_verification: false)
+      end
+
       context 'when send_user_confirmation_email is false' do
         it 'signs the user in' do
           stub_application_setting(send_user_confirmation_email: false)
@@ -492,6 +498,33 @@ RSpec.describe RegistrationsController do
         end
       end
     end
+
+    context 'when the password is weak' do
+      render_views
+      let_it_be(:new_user_params) { { new_user: base_user_params.merge({ password: "password" }) } }
+
+      subject { post(:create, params: new_user_params) }
+
+      context 'when block_weak_passwords is enabled (default)' do
+        it 'renders the form with errors' do
+          expect { subject }.not_to change(User, :count)
+
+          expect(controller.current_user).to be_nil
+          expect(response).to render_template(:new)
+          expect(response.body).to include(_('Password must not contain commonly used combinations of words and letters'))
+        end
+      end
+
+      context 'when block_weak_passwords is disabled' do
+        before do
+          stub_feature_flags(block_weak_passwords: false)
+        end
+
+        it 'permits weak passwords' do
+          expect { subject }.to change(User, :count).by(1)
+        end
+      end
+    end
   end
 
   describe '#destroy' do