1 # frozen_string_literal: true
5 class PasswordsControllerTest < ActionDispatch::IntegrationTest
7 # test all routes which lead to this controller
10 { :path => "/user/forgot-password", :method => :get },
11 { :controller => "passwords", :action => "new" }
14 { :path => "/user/forgot-password", :method => :post },
15 { :controller => "passwords", :action => "create" }
18 { :path => "/user/reset-password", :method => :get },
19 { :controller => "passwords", :action => "edit" }
22 { :path => "/user/reset-password", :method => :post },
23 { :controller => "passwords", :action => "update" }
27 def test_lost_password
28 # Test fetching the lost password page
29 get user_forgot_password_path
30 assert_response :success
32 assert_select "div#notice", false
34 # Test resetting using the address as recorded for a user that has an
35 # address which is duplicated in a different case by another user
37 uppercase_user = build(:user, :email => user.email.upcase).tap { |u| u.save(:validate => false) }
39 # Resetting with GET should fail
40 assert_no_difference "ActionMailer::Base.deliveries.size" do
41 perform_enqueued_jobs do
42 get user_forgot_password_path, :params => { :email => user.email }
45 assert_response :success
48 # Resetting with POST should work
49 assert_difference "ActionMailer::Base.deliveries.size", 1 do
50 perform_enqueued_jobs do
51 post user_forgot_password_path, :params => { :email => user.email }
54 assert_redirected_to login_path
55 assert_match(/^If your email address exists/, flash[:notice])
56 email = ActionMailer::Base.deliveries.first
57 assert_equal 1, email.to.count
58 assert_equal user.email, email.to.first
59 ActionMailer::Base.deliveries.clear
61 # Test resetting using an address that does not exist
62 assert_no_difference "ActionMailer::Base.deliveries.size" do
63 perform_enqueued_jobs do
64 post user_forgot_password_path, :params => { :email => "nobody@example.com" }
67 # Be paranoid about revealing there was no match
68 assert_redirected_to login_path
69 assert_match(/^If your email address exists/, flash[:notice])
71 # Test resetting using an address that matches a different user
72 # that has the same address in a different case
73 assert_difference "ActionMailer::Base.deliveries.size", 1 do
74 perform_enqueued_jobs do
75 post user_forgot_password_path, :params => { :email => user.email.upcase }
78 assert_redirected_to login_path
79 assert_match(/^If your email address exists/, flash[:notice])
80 email = ActionMailer::Base.deliveries.first
81 assert_equal 1, email.to.count
82 assert_equal uppercase_user.email, email.to.first
83 ActionMailer::Base.deliveries.clear
85 # Test resetting using an address that is a case insensitive match
86 # for more than one user but not an exact match for either
87 assert_no_difference "ActionMailer::Base.deliveries.size" do
88 perform_enqueued_jobs do
89 post user_forgot_password_path, :params => { :email => user.email.titlecase }
92 # Be paranoid about revealing there was no match
93 assert_redirected_to login_path
94 assert_match(/^If your email address exists/, flash[:notice])
96 # Test resetting using the address as recorded for a user that has an
97 # address which is case insensitively unique
98 third_user = create(:user)
99 assert_difference "ActionMailer::Base.deliveries.size", 1 do
100 perform_enqueued_jobs do
101 post user_forgot_password_path, :params => { :email => third_user.email }
104 assert_redirected_to login_path
105 assert_match(/^If your email address exists/, flash[:notice])
106 email = ActionMailer::Base.deliveries.first
107 assert_equal 1, email.to.count
108 assert_equal third_user.email, email.to.first
109 ActionMailer::Base.deliveries.clear
111 # Test resetting using an address that matches a user that has the
112 # same (case insensitively unique) address in a different case
113 assert_difference "ActionMailer::Base.deliveries.size", 1 do
114 perform_enqueued_jobs do
115 post user_forgot_password_path, :params => { :email => third_user.email.upcase }
118 assert_redirected_to login_path
119 assert_match(/^If your email address exists/, flash[:notice])
120 email = ActionMailer::Base.deliveries.first
121 assert_equal 1, email.to.count
122 assert_equal third_user.email, email.to.first
125 def test_reset_password
126 user = create(:user, :pending)
127 # Test a request with no token
128 get user_reset_password_path
129 assert_response :bad_request
131 # Test a request with a bogus token
132 get user_reset_password_path, :params => { :token => "made_up_token" }
133 assert_redirected_to :action => :new
135 # Create a valid token for a user
136 token = user.generate_token_for(:password_reset)
138 # Test a request with a valid token
139 get user_reset_password_path, :params => { :token => token }
140 assert_response :success
141 assert_template :edit
143 # Test that errors are reported for erroneous submissions
144 post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "different_password" } }
145 assert_response :success
146 assert_template :edit
147 assert_select "div.invalid-feedback"
149 # Test setting a new password
150 post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } }
151 assert_redirected_to root_path
152 assert_equal user.id, session[:user]
154 assert_equal "active", user.status
155 assert user.email_valid
156 assert_equal user, User.authenticate(:username => user.email, :password => "new_password")
projects / rails.git / blob