post user_forgot_password_path, :params => { :email => user.email }
end
end
- assert_response :redirect
assert_redirected_to login_path
- assert_match(/^Sorry you lost it/, flash[:notice])
+ assert_match(/^If your email address exists/, flash[:notice])
email = ActionMailer::Base.deliveries.first
assert_equal 1, email.to.count
assert_equal user.email, email.to.first
ActionMailer::Base.deliveries.clear
+ # Test resetting using an address that does not exist
+ assert_no_difference "ActionMailer::Base.deliveries.size" do
+ perform_enqueued_jobs do
+ post user_forgot_password_path, :params => { :email => "nobody@example.com" }
+ end
+ end
+ # Be paranoid about revealing there was no match
+ assert_redirected_to login_path
+ assert_match(/^If your email address exists/, flash[:notice])
+
# Test resetting using an address that matches a different user
# that has the same address in a different case
assert_difference "ActionMailer::Base.deliveries.size", 1 do
post user_forgot_password_path, :params => { :email => user.email.upcase }
end
end
- assert_response :redirect
assert_redirected_to login_path
- assert_match(/^Sorry you lost it/, flash[:notice])
+ assert_match(/^If your email address exists/, flash[:notice])
email = ActionMailer::Base.deliveries.first
assert_equal 1, email.to.count
assert_equal uppercase_user.email, email.to.first
post user_forgot_password_path, :params => { :email => user.email.titlecase }
end
end
- assert_response :success
- assert_template :new
- assert_select ".alert.alert-danger", /^Could not find that email address/
+ # Be paranoid about revealing there was no match
+ assert_redirected_to login_path
+ assert_match(/^If your email address exists/, flash[:notice])
# Test resetting using the address as recorded for a user that has an
# address which is case insensitively unique
post user_forgot_password_path, :params => { :email => third_user.email }
end
end
- assert_response :redirect
assert_redirected_to login_path
- assert_match(/^Sorry you lost it/, flash[:notice])
+ assert_match(/^If your email address exists/, flash[:notice])
email = ActionMailer::Base.deliveries.first
assert_equal 1, email.to.count
assert_equal third_user.email, email.to.first
post user_forgot_password_path, :params => { :email => third_user.email.upcase }
end
end
- assert_response :redirect
assert_redirected_to login_path
- assert_match(/^Sorry you lost it/, flash[:notice])
+ assert_match(/^If your email address exists/, flash[:notice])
email = ActionMailer::Base.deliveries.first
assert_equal 1, email.to.count
assert_equal third_user.email, email.to.first
# Test a request with a bogus token
get user_reset_password_path, :params => { :token => "made_up_token" }
- assert_response :redirect
assert_redirected_to :action => :new
# Create a valid token for a user
# Test setting a new password
post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } }
- assert_response :redirect
assert_redirected_to root_path
assert_equal user.id, session[:user]
user.reload
projects / rails.git / blobdiff