3 class PasswordsControllerTest < ActionDispatch::IntegrationTest
5 # test all routes which lead to this controller
8 { :path => "/user/forgot-password", :method => :get },
9 { :controller => "passwords", :action => "new" }
12 { :path => "/user/forgot-password", :method => :post },
13 { :controller => "passwords", :action => "create" }
16 { :path => "/user/reset-password", :method => :get },
17 { :controller => "passwords", :action => "edit" }
20 { :path => "/user/reset-password", :method => :post },
21 { :controller => "passwords", :action => "update" }
25 def test_lost_password
26 # Test fetching the lost password page
27 get user_forgot_password_path
28 assert_response :success
30 assert_select "div#notice", false
32 # Test resetting using the address as recorded for a user that has an
33 # address which is duplicated in a different case by another user
35 uppercase_user = build(:user, :email => user.email.upcase).tap { |u| u.save(:validate => false) }
37 # Resetting with GET should fail
38 assert_no_difference "ActionMailer::Base.deliveries.size" do
39 perform_enqueued_jobs do
40 get user_forgot_password_path, :params => { :email => user.email }
43 assert_response :success
46 # Resetting with POST should work
47 assert_difference "ActionMailer::Base.deliveries.size", 1 do
48 perform_enqueued_jobs do
49 post user_forgot_password_path, :params => { :email => user.email }
52 assert_redirected_to login_path
53 assert_match(/^If your email address exists/, flash[:notice])
54 email = ActionMailer::Base.deliveries.first
55 assert_equal 1, email.to.count
56 assert_equal user.email, email.to.first
57 ActionMailer::Base.deliveries.clear
59 # Test resetting using an address that does not exist
60 assert_no_difference "ActionMailer::Base.deliveries.size" do
61 perform_enqueued_jobs do
62 post user_forgot_password_path, :params => { :email => "nobody@example.com" }
65 # Be paranoid about revealing there was no match
66 assert_redirected_to login_path
67 assert_match(/^If your email address exists/, flash[:notice])
69 # Test resetting using an address that matches a different user
70 # that has the same address in a different case
71 assert_difference "ActionMailer::Base.deliveries.size", 1 do
72 perform_enqueued_jobs do
73 post user_forgot_password_path, :params => { :email => user.email.upcase }
76 assert_redirected_to login_path
77 assert_match(/^If your email address exists/, flash[:notice])
78 email = ActionMailer::Base.deliveries.first
79 assert_equal 1, email.to.count
80 assert_equal uppercase_user.email, email.to.first
81 ActionMailer::Base.deliveries.clear
83 # Test resetting using an address that is a case insensitive match
84 # for more than one user but not an exact match for either
85 assert_no_difference "ActionMailer::Base.deliveries.size" do
86 perform_enqueued_jobs do
87 post user_forgot_password_path, :params => { :email => user.email.titlecase }
90 # Be paranoid about revealing there was no match
91 assert_redirected_to login_path
92 assert_match(/^If your email address exists/, flash[:notice])
94 # Test resetting using the address as recorded for a user that has an
95 # address which is case insensitively unique
96 third_user = create(:user)
97 assert_difference "ActionMailer::Base.deliveries.size", 1 do
98 perform_enqueued_jobs do
99 post user_forgot_password_path, :params => { :email => third_user.email }
102 assert_redirected_to login_path
103 assert_match(/^If your email address exists/, flash[:notice])
104 email = ActionMailer::Base.deliveries.first
105 assert_equal 1, email.to.count
106 assert_equal third_user.email, email.to.first
107 ActionMailer::Base.deliveries.clear
109 # Test resetting using an address that matches a user that has the
110 # same (case insensitively unique) address in a different case
111 assert_difference "ActionMailer::Base.deliveries.size", 1 do
112 perform_enqueued_jobs do
113 post user_forgot_password_path, :params => { :email => third_user.email.upcase }
116 assert_redirected_to login_path
117 assert_match(/^If your email address exists/, flash[:notice])
118 email = ActionMailer::Base.deliveries.first
119 assert_equal 1, email.to.count
120 assert_equal third_user.email, email.to.first
123 def test_reset_password
124 user = create(:user, :pending)
125 # Test a request with no token
126 get user_reset_password_path
127 assert_response :bad_request
129 # Test a request with a bogus token
130 get user_reset_password_path, :params => { :token => "made_up_token" }
131 assert_redirected_to :action => :new
133 # Create a valid token for a user
134 token = user.generate_token_for(:password_reset)
136 # Test a request with a valid token
137 get user_reset_password_path, :params => { :token => token }
138 assert_response :success
139 assert_template :edit
141 # Test that errors are reported for erroneous submissions
142 post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "different_password" } }
143 assert_response :success
144 assert_template :edit
145 assert_select "div.invalid-feedback"
147 # Test setting a new password
148 post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } }
149 assert_redirected_to root_path
150 assert_equal user.id, session[:user]
152 assert_equal "active", user.status
153 assert user.email_valid
154 assert_equal user, User.authenticate(:username => user.email, :password => "new_password")
projects / rails.git / blob