3 class PasswordsControllerTest < ActionDispatch::IntegrationTest
5 # test all routes which lead to this controller
8 { :path => "/user/forgot-password", :method => :get },
9 { :controller => "passwords", :action => "lost_password" }
12 { :path => "/user/forgot-password", :method => :post },
13 { :controller => "passwords", :action => "lost_password" }
16 { :path => "/user/reset-password", :method => :get },
17 { :controller => "passwords", :action => "reset_password" }
20 { :path => "/user/reset-password", :method => :post },
21 { :controller => "passwords", :action => "reset_password" }
25 def test_lost_password
26 # Test fetching the lost password page
27 get user_forgot_password_path
28 assert_response :success
29 assert_template :lost_password
30 assert_select "div#notice", false
32 # Test resetting using the address as recorded for a user that has an
33 # address which is duplicated in a different case by another user
35 uppercase_user = build(:user, :email => user.email.upcase).tap { |u| u.save(:validate => false) }
37 # Resetting with GET should fail
38 assert_no_difference "ActionMailer::Base.deliveries.size" do
39 perform_enqueued_jobs do
40 get user_forgot_password_path, :params => { :email => user.email }
43 assert_response :success
44 assert_template :lost_password
46 # Resetting with POST should work
47 assert_difference "ActionMailer::Base.deliveries.size", 1 do
48 perform_enqueued_jobs do
49 post user_forgot_password_path, :params => { :email => user.email }
52 assert_response :redirect
53 assert_redirected_to login_path
54 assert_match(/^Sorry you lost it/, flash[:notice])
55 email = ActionMailer::Base.deliveries.first
56 assert_equal 1, email.to.count
57 assert_equal user.email, email.to.first
58 ActionMailer::Base.deliveries.clear
60 # Test resetting using an address that matches a different user
61 # that has the same address in a different case
62 assert_difference "ActionMailer::Base.deliveries.size", 1 do
63 perform_enqueued_jobs do
64 post user_forgot_password_path, :params => { :email => user.email.upcase }
67 assert_response :redirect
68 assert_redirected_to login_path
69 assert_match(/^Sorry you lost it/, flash[:notice])
70 email = ActionMailer::Base.deliveries.first
71 assert_equal 1, email.to.count
72 assert_equal uppercase_user.email, email.to.first
73 ActionMailer::Base.deliveries.clear
75 # Test resetting using an address that is a case insensitive match
76 # for more than one user but not an exact match for either
77 assert_no_difference "ActionMailer::Base.deliveries.size" do
78 perform_enqueued_jobs do
79 post user_forgot_password_path, :params => { :email => user.email.titlecase }
82 assert_response :success
83 assert_template :lost_password
84 assert_select ".alert.alert-danger", /^Could not find that email address/
86 # Test resetting using the address as recorded for a user that has an
87 # address which is case insensitively unique
88 third_user = create(:user)
89 assert_difference "ActionMailer::Base.deliveries.size", 1 do
90 perform_enqueued_jobs do
91 post user_forgot_password_path, :params => { :email => third_user.email }
94 assert_response :redirect
95 assert_redirected_to login_path
96 assert_match(/^Sorry you lost it/, flash[:notice])
97 email = ActionMailer::Base.deliveries.first
98 assert_equal 1, email.to.count
99 assert_equal third_user.email, email.to.first
100 ActionMailer::Base.deliveries.clear
102 # Test resetting using an address that matches a user that has the
103 # same (case insensitively unique) address in a different case
104 assert_difference "ActionMailer::Base.deliveries.size", 1 do
105 perform_enqueued_jobs do
106 post user_forgot_password_path, :params => { :email => third_user.email.upcase }
109 assert_response :redirect
110 assert_redirected_to login_path
111 assert_match(/^Sorry you lost it/, flash[:notice])
112 email = ActionMailer::Base.deliveries.first
113 assert_equal 1, email.to.count
114 assert_equal third_user.email, email.to.first
115 ActionMailer::Base.deliveries.clear
118 def test_reset_password
119 user = create(:user, :pending)
120 # Test a request with no token
121 get user_reset_password_path
122 assert_response :bad_request
124 # Test a request with a bogus token
125 get user_reset_password_path, :params => { :token => "made_up_token" }
126 assert_response :redirect
127 assert_redirected_to :action => :lost_password
129 # Create a valid token for a user
130 token = user.tokens.create
132 # Test a request with a valid token
133 get user_reset_password_path, :params => { :token => token.token }
134 assert_response :success
135 assert_template :reset_password
137 # Test that errors are reported for erroneous submissions
138 post user_reset_password_path, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "different_password" } }
139 assert_response :success
140 assert_template :reset_password
141 assert_select "div.invalid-feedback"
143 # Test setting a new password
144 post user_reset_password_path, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } }
145 assert_response :redirect
146 assert_redirected_to root_path
147 assert_equal user.id, session[:user]
149 assert_equal "active", user.status
150 assert user.email_valid
151 assert_equal user, User.authenticate(:username => user.email, :password => "new_password")