Generate random passphrases for Signon users

Store the passphrase in the clear, as the intent here is to show it to
the user.

2 files changed, 8 insertions, 3 deletions

diff --git a/app/controllers/mini_environments_controller.rb b/app/controllers/mini_environments_controller.rb
index 6f31e70..94aa18c 100644
--- a/app/controllers/mini_environments_controller.rb
+++ b/app/controllers/mini_environments_controller.rb
@@ -40,6 +40,7 @@ class MiniEnvironmentsController < ApplicationController
     ).permit(
       :name,
       :govuk_guix_revision_id,
+      :backend,
       signon_users_attributes: [
         :name,
         :email,
@@ -47,10 +48,14 @@ class MiniEnvironmentsController < ApplicationController
       ]
     )
 
-    @mini_environment = MiniEnvironment.new(parameters)
+    @mini_environment = MiniEnvironment.new(
+      parameters
+        .except(:backend)
+    )
     @mini_environment.backend = Backends.find_by_type_and_id(
-      params.require(:mini_environment).fetch(:backend)
+      parameters[:backend]
     )
+    @mini_environment.signon_users[0]['passphrase'] = SecureRandom.hex
     @mini_environment.save!
 
     @mini_environment.backend.build(@mini_environment)
diff --git a/app/jobs/govuk_guix/build_job.rb b/app/jobs/govuk_guix/build_job.rb
index 04d1a34..a74b928 100644
--- a/app/jobs/govuk_guix/build_job.rb
+++ b/app/jobs/govuk_guix/build_job.rb
@@ -56,7 +56,7 @@ class GovukGuix::BuildJob < GovukGuix::Job
   end
 
   def signon_user_to_sexp(signon_user)
-    keys = %w(name email role)
+    keys = %w(name email role passphrase)
 
     sexp_contents = keys.zip(
       signon_user.values_at(*keys)