From a100872a39855f54f4f0af843f8c5a504f81ca33 Mon Sep 17 00:00:00 2001
From: Jason Hill <jhill@macmini.tail999711.ts.net>
Date: Thu, 19 Feb 2026 20:47:44 -0500
Subject: [PATCH] Fix DataFile password randomization tests to be deterministic

---
 core/test/models/workarea/data_file/csv_test.rb | 17 ++++++++++++-----
 .../test/models/workarea/data_file/json_test.rb |  4 ++++
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/core/test/models/workarea/data_file/csv_test.rb b/core/test/models/workarea/data_file/csv_test.rb
index e86ed6dc03..2eb17927d7 100644
--- a/core/test/models/workarea/data_file/csv_test.rb
+++ b/core/test/models/workarea/data_file/csv_test.rb
@@ -369,14 +369,21 @@ def test_randomize_password_when_missing_and_new_record
           file_type: 'csv'
         )
 
+        # Deterministic: ensure we always assign a randomized password
+        # when the password column is missing for a new user.
+        SecureRandom.stubs(:hex).returns('0123456789abcdef0123')
+
         assert_difference -> { User.count } do
           Csv.new(import).import!
-          user = User.find_by_email('missing@example.com')
-
-          assert user.present?, 'user not imported'
-          refute user.authenticate('password1'),
-            "password authenticated when it shouldn't have"
         end
+
+        user = User.find_by_email('missing@example.com')
+
+        assert user.present?, 'user not imported'
+        assert user.authenticate('0123456789abcdef0123_aA1'),
+          'random password not assigned as expected'
+        refute user.authenticate('password1'),
+          "password authenticated when it shouldn't have"
       end
 
       def test_ignore_password_column_when_user_exists
diff --git a/core/test/models/workarea/data_file/json_test.rb b/core/test/models/workarea/data_file/json_test.rb
index 1d795dd1cb..df425f6770 100644
--- a/core/test/models/workarea/data_file/json_test.rb
+++ b/core/test/models/workarea/data_file/json_test.rb
@@ -60,6 +60,8 @@ def test_randomize_password_when_missing_and_new_record
           file_type: 'json'
         )
 
+        SecureRandom.stubs(:hex).returns('0123456789abcdef0123')
+
         assert_difference -> { User.count } do
           Json.new(data).import!
         end
@@ -67,6 +69,8 @@ def test_randomize_password_when_missing_and_new_record
         user = User.find_by_email('test@example.com')
 
         assert user.present?, 'user not imported'
+        assert user.authenticate('0123456789abcdef0123_aA1'),
+          'random password not assigned as expected'
         refute user.authenticate(password), "password authenticated when it shouldn't have"
       end