3 class PasswordsControllerTest < ActionDispatch::IntegrationTest
5 # test all routes which lead to this controller
8 { :path => "/user/forgot-password", :method => :get },
9 { :controller => "passwords", :action => "new" }
12 { :path => "/user/forgot-password", :method => :post },
13 { :controller => "passwords", :action => "create" }
16 { :path => "/user/reset-password", :method => :get },
17 { :controller => "passwords", :action => "edit" }
20 { :path => "/user/reset-password", :method => :post },
21 { :controller => "passwords", :action => "update" }
25 def test_lost_password
26 # Test fetching the lost password page
27 get user_forgot_password_path
28 assert_response :success
30 assert_select "div#notice", false
32 # Test resetting using the address as recorded for a user that has an
33 # address which is duplicated in a different case by another user
35 uppercase_user = build(:user, :email => user.email.upcase).tap { |u| u.save(:validate => false) }
37 # Resetting with GET should fail
38 assert_no_difference "ActionMailer::Base.deliveries.size" do
39 perform_enqueued_jobs do
40 get user_forgot_password_path, :params => { :email => user.email }
43 assert_response :success
46 # Resetting with POST should work
47 assert_difference "ActionMailer::Base.deliveries.size", 1 do
48 perform_enqueued_jobs do
49 post user_forgot_password_path, :params => { :email => user.email }
52 assert_response :redirect
53 assert_redirected_to login_path
54 assert_match(/^If your email address exists/, flash[:notice])
55 email = ActionMailer::Base.deliveries.first
56 assert_equal 1, email.to.count
57 assert_equal user.email, email.to.first
58 ActionMailer::Base.deliveries.clear
60 # Test resetting using an address that does not exist
61 assert_no_difference "ActionMailer::Base.deliveries.size" do
62 perform_enqueued_jobs do
63 post user_forgot_password_path, :params => { :email => "nobody@example.com" }
66 # Be paranoid about revealing there was no match
67 assert_response :redirect
68 assert_redirected_to login_path
69 assert_match(/^If your email address exists/, flash[:notice])
71 # Test resetting using an address that matches a different user
72 # that has the same address in a different case
73 assert_difference "ActionMailer::Base.deliveries.size", 1 do
74 perform_enqueued_jobs do
75 post user_forgot_password_path, :params => { :email => user.email.upcase }
78 assert_response :redirect
79 assert_redirected_to login_path
80 assert_match(/^If your email address exists/, flash[:notice])
81 email = ActionMailer::Base.deliveries.first
82 assert_equal 1, email.to.count
83 assert_equal uppercase_user.email, email.to.first
84 ActionMailer::Base.deliveries.clear
86 # Test resetting using an address that is a case insensitive match
87 # for more than one user but not an exact match for either
88 assert_no_difference "ActionMailer::Base.deliveries.size" do
89 perform_enqueued_jobs do
90 post user_forgot_password_path, :params => { :email => user.email.titlecase }
93 # Be paranoid about revealing there was no match
94 assert_response :redirect
95 assert_redirected_to login_path
96 assert_match(/^If your email address exists/, flash[:notice])
98 # Test resetting using the address as recorded for a user that has an
99 # address which is case insensitively unique
100 third_user = create(:user)
101 assert_difference "ActionMailer::Base.deliveries.size", 1 do
102 perform_enqueued_jobs do
103 post user_forgot_password_path, :params => { :email => third_user.email }
106 assert_response :redirect
107 assert_redirected_to login_path
108 assert_match(/^If your email address exists/, flash[:notice])
109 email = ActionMailer::Base.deliveries.first
110 assert_equal 1, email.to.count
111 assert_equal third_user.email, email.to.first
112 ActionMailer::Base.deliveries.clear
114 # Test resetting using an address that matches a user that has the
115 # same (case insensitively unique) address in a different case
116 assert_difference "ActionMailer::Base.deliveries.size", 1 do
117 perform_enqueued_jobs do
118 post user_forgot_password_path, :params => { :email => third_user.email.upcase }
121 assert_response :redirect
122 assert_redirected_to login_path
123 assert_match(/^If your email address exists/, flash[:notice])
124 email = ActionMailer::Base.deliveries.first
125 assert_equal 1, email.to.count
126 assert_equal third_user.email, email.to.first
127 ActionMailer::Base.deliveries.clear
130 def test_reset_password
131 user = create(:user, :pending)
132 # Test a request with no token
133 get user_reset_password_path
134 assert_response :bad_request
136 # Test a request with a bogus token
137 get user_reset_password_path, :params => { :token => "made_up_token" }
138 assert_response :redirect
139 assert_redirected_to :action => :new
141 # Create a valid token for a user
142 token = user.generate_token_for(:password_reset)
144 # Test a request with a valid token
145 get user_reset_password_path, :params => { :token => token }
146 assert_response :success
147 assert_template :edit
149 # Test that errors are reported for erroneous submissions
150 post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "different_password" } }
151 assert_response :success
152 assert_template :edit
153 assert_select "div.invalid-feedback"
155 # Test setting a new password
156 post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } }
157 assert_response :redirect
158 assert_redirected_to root_path
159 assert_equal user.id, session[:user]
161 assert_equal "active", user.status
162 assert user.email_valid
163 assert_equal user, User.authenticate(:username => user.email, :password => "new_password")
projects / rails.git / blob