X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/0e78061cdba5cfb3f299f57b7643d2b396ee235b..dbb462ca0ff432c94c00911340ab4c7619504844:/test/controllers/passwords_controller_test.rb

diff --git a/test/controllers/passwords_controller_test.rb b/test/controllers/passwords_controller_test.rb
index 8a6e0b901..9ceadfefb 100644
--- a/test/controllers/passwords_controller_test.rb
+++ b/test/controllers/passwords_controller_test.rb
@@ -6,19 +6,19 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
   def test_routes
     assert_routing(
       { :path => "/user/forgot-password", :method => :get },
-      { :controller => "passwords", :action => "lost_password" }
+      { :controller => "passwords", :action => "new" }
     )
     assert_routing(
       { :path => "/user/forgot-password", :method => :post },
-      { :controller => "passwords", :action => "lost_password" }
+      { :controller => "passwords", :action => "create" }
     )
     assert_routing(
       { :path => "/user/reset-password", :method => :get },
-      { :controller => "passwords", :action => "reset_password" }
+      { :controller => "passwords", :action => "edit" }
     )
     assert_routing(
       { :path => "/user/reset-password", :method => :post },
-      { :controller => "passwords", :action => "reset_password" }
+      { :controller => "passwords", :action => "update" }
     )
   end
 
@@ -26,7 +26,7 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
     # Test fetching the lost password page
     get user_forgot_password_path
     assert_response :success
-    assert_template :lost_password
+    assert_template :new
     assert_select "div#notice", false
 
     # Test resetting using the address as recorded for a user that has an
@@ -41,7 +41,7 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
       end
     end
     assert_response :success
-    assert_template :lost_password
+    assert_template :new
 
     # Resetting with POST should work
     assert_difference "ActionMailer::Base.deliveries.size", 1 do
@@ -49,14 +49,23 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
         post user_forgot_password_path, :params => { :email => user.email }
       end
     end
-    assert_response :redirect
     assert_redirected_to login_path
-    assert_match(/^Sorry you lost it/, flash[:notice])
+    assert_match(/^If your email address exists/, flash[:notice])
     email = ActionMailer::Base.deliveries.first
     assert_equal 1, email.to.count
     assert_equal user.email, email.to.first
     ActionMailer::Base.deliveries.clear
 
+    # Test resetting using an address that does not exist
+    assert_no_difference "ActionMailer::Base.deliveries.size" do
+      perform_enqueued_jobs do
+        post user_forgot_password_path, :params => { :email => "nobody@example.com" }
+      end
+    end
+    # Be paranoid about revealing there was no match
+    assert_redirected_to login_path
+    assert_match(/^If your email address exists/, flash[:notice])
+
     # Test resetting using an address that matches a different user
     # that has the same address in a different case
     assert_difference "ActionMailer::Base.deliveries.size", 1 do
@@ -64,9 +73,8 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
         post user_forgot_password_path, :params => { :email => user.email.upcase }
       end
     end
-    assert_response :redirect
     assert_redirected_to login_path
-    assert_match(/^Sorry you lost it/, flash[:notice])
+    assert_match(/^If your email address exists/, flash[:notice])
     email = ActionMailer::Base.deliveries.first
     assert_equal 1, email.to.count
     assert_equal uppercase_user.email, email.to.first
@@ -79,9 +87,9 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
         post user_forgot_password_path, :params => { :email => user.email.titlecase }
       end
     end
-    assert_response :success
-    assert_template :lost_password
-    assert_select ".error", /^Could not find that email address/
+    # Be paranoid about revealing there was no match
+    assert_redirected_to login_path
+    assert_match(/^If your email address exists/, flash[:notice])
 
     # Test resetting using the address as recorded for a user that has an
     # address which is case insensitively unique
@@ -91,9 +99,8 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
         post user_forgot_password_path, :params => { :email => third_user.email }
       end
     end
-    assert_response :redirect
     assert_redirected_to login_path
-    assert_match(/^Sorry you lost it/, flash[:notice])
+    assert_match(/^If your email address exists/, flash[:notice])
     email = ActionMailer::Base.deliveries.first
     assert_equal 1, email.to.count
     assert_equal third_user.email, email.to.first
@@ -106,9 +113,8 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
         post user_forgot_password_path, :params => { :email => third_user.email.upcase }
       end
     end
-    assert_response :redirect
     assert_redirected_to login_path
-    assert_match(/^Sorry you lost it/, flash[:notice])
+    assert_match(/^If your email address exists/, flash[:notice])
     email = ActionMailer::Base.deliveries.first
     assert_equal 1, email.to.count
     assert_equal third_user.email, email.to.first
@@ -123,26 +129,24 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
 
     # Test a request with a bogus token
     get user_reset_password_path, :params => { :token => "made_up_token" }
-    assert_response :redirect
-    assert_redirected_to :action => :lost_password
+    assert_redirected_to :action => :new
 
     # Create a valid token for a user
-    token = user.tokens.create
+    token = user.generate_token_for(:password_reset)
 
     # Test a request with a valid token
-    get user_reset_password_path, :params => { :token => token.token }
+    get user_reset_password_path, :params => { :token => token }
     assert_response :success
-    assert_template :reset_password
+    assert_template :edit
 
     # Test that errors are reported for erroneous submissions
-    post user_reset_password_path, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "different_password" } }
+    post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "different_password" } }
     assert_response :success
-    assert_template :reset_password
+    assert_template :edit
     assert_select "div.invalid-feedback"
 
     # Test setting a new password
-    post user_reset_password_path, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } }
-    assert_response :redirect
+    post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } }
     assert_redirected_to root_path
     assert_equal user.id, session[:user]
     user.reload