assign_user_id and UserFixture password fixes.

When the database is empty, which can happen in the test database and in
the dev database if the seeds.rb aren't applied, the assign_user_id
method would not assign an id and the newer before_filter block to
generate_token would fail.

UserFixture had a password on it that wouldn't pass the new validation
rules once that vulnerability is patched.

app/models/user.rb

@@ -77,7 +77,11 @@ class User < ActiveRecord::Base
   def assign_user_id
     unless @skip_user_id_assign.present? || self.user_id.present?
       user = User.order("user_id").last
-      uid = user.user_id.to_i + 1 if user && user.user_id && !(User.exists?(:user_id => "#{user.user_id.to_i + 1}"))
+      uid = if user && user.user_id && !(User.exists?(:user_id => "#{user.user_id.to_i + 1}"))
+              user.user_id.to_i + 1
+            else
+              1
+            end
       self.user_id = uid.to_s if uid
     end
   end

spec/support/user_fixture.rb

@@ -5,14 +5,14 @@ class UserFixture
   end
 
   def self.normal_user
-    password = 'aoeuaoeu'
+    password = 'thi$ 1s cOmplExEr'
     user = User.new(:first_name => 'Joe', :last_name => 'Schmoe',
                     :email => 'joe@schmoe.com', :password => password, :password_confirmation => password)
     def user.clear_password
-      'aoeuaoeu'
+      'thi$ 1s cOmplExEr'
     end
     user.build_benefits_data
     user.save!
     user
   end
-end
+end