def test_routes
assert_routing(
{ :path => "/user/forgot-password", :method => :get },
- { :controller => "passwords", :action => "lost_password" }
+ { :controller => "passwords", :action => "new" }
)
assert_routing(
{ :path => "/user/forgot-password", :method => :post },
- { :controller => "passwords", :action => "lost_password" }
+ { :controller => "passwords", :action => "create" }
)
assert_routing(
{ :path => "/user/reset-password", :method => :get },
- { :controller => "passwords", :action => "reset_password" }
+ { :controller => "passwords", :action => "edit" }
)
assert_routing(
{ :path => "/user/reset-password", :method => :post },
- { :controller => "passwords", :action => "reset_password" }
+ { :controller => "passwords", :action => "update" }
)
end
# Test fetching the lost password page
get user_forgot_password_path
assert_response :success
- assert_template :lost_password
+ assert_template :new
assert_select "div#notice", false
# Test resetting using the address as recorded for a user that has an
end
end
assert_response :success
- assert_template :lost_password
+ assert_template :new
# Resetting with POST should work
assert_difference "ActionMailer::Base.deliveries.size", 1 do
post user_forgot_password_path, :params => { :email => user.email }
end
end
- assert_response :redirect
assert_redirected_to login_path
- assert_match(/^Sorry you lost it/, flash[:notice])
+ assert_match(/^If your email address exists/, flash[:notice])
email = ActionMailer::Base.deliveries.first
assert_equal 1, email.to.count
assert_equal user.email, email.to.first
ActionMailer::Base.deliveries.clear
+ # Test resetting using an address that does not exist
+ assert_no_difference "ActionMailer::Base.deliveries.size" do
+ perform_enqueued_jobs do
+ post user_forgot_password_path, :params => { :email => "nobody@example.com" }
+ end
+ end
+ # Be paranoid about revealing there was no match
+ assert_redirected_to login_path
+ assert_match(/^If your email address exists/, flash[:notice])
+
# Test resetting using an address that matches a different user
# that has the same address in a different case
assert_difference "ActionMailer::Base.deliveries.size", 1 do
post user_forgot_password_path, :params => { :email => user.email.upcase }
end
end
- assert_response :redirect
assert_redirected_to login_path
- assert_match(/^Sorry you lost it/, flash[:notice])
+ assert_match(/^If your email address exists/, flash[:notice])
email = ActionMailer::Base.deliveries.first
assert_equal 1, email.to.count
assert_equal uppercase_user.email, email.to.first
post user_forgot_password_path, :params => { :email => user.email.titlecase }
end
end
- assert_response :success
- assert_template :lost_password
- assert_select ".alert.alert-danger", /^Could not find that email address/
+ # Be paranoid about revealing there was no match
+ assert_redirected_to login_path
+ assert_match(/^If your email address exists/, flash[:notice])
# Test resetting using the address as recorded for a user that has an
# address which is case insensitively unique
post user_forgot_password_path, :params => { :email => third_user.email }
end
end
- assert_response :redirect
assert_redirected_to login_path
- assert_match(/^Sorry you lost it/, flash[:notice])
+ assert_match(/^If your email address exists/, flash[:notice])
email = ActionMailer::Base.deliveries.first
assert_equal 1, email.to.count
assert_equal third_user.email, email.to.first
post user_forgot_password_path, :params => { :email => third_user.email.upcase }
end
end
- assert_response :redirect
assert_redirected_to login_path
- assert_match(/^Sorry you lost it/, flash[:notice])
+ assert_match(/^If your email address exists/, flash[:notice])
email = ActionMailer::Base.deliveries.first
assert_equal 1, email.to.count
assert_equal third_user.email, email.to.first
# Test a request with a bogus token
get user_reset_password_path, :params => { :token => "made_up_token" }
- assert_response :redirect
- assert_redirected_to :action => :lost_password
+ assert_redirected_to :action => :new
# Create a valid token for a user
- token = user.tokens.create
+ token = user.generate_token_for(:password_reset)
# Test a request with a valid token
- get user_reset_password_path, :params => { :token => token.token }
+ get user_reset_password_path, :params => { :token => token }
assert_response :success
- assert_template :reset_password
+ assert_template :edit
# Test that errors are reported for erroneous submissions
- post user_reset_password_path, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "different_password" } }
+ post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "different_password" } }
assert_response :success
- assert_template :reset_password
+ assert_template :edit
assert_select "div.invalid-feedback"
# Test setting a new password
- post user_reset_password_path, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } }
- assert_response :redirect
+ post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } }
assert_redirected_to root_path
assert_equal user.id, session[:user]
user.reload