X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/30a01fb7f9dedc757a27f9bf97e3d720f4530508..06d03c8acccfadfe7e2bf441c9fbd0044e7a2fcf:/test/controllers/passwords_controller_test.rb diff --git a/test/controllers/passwords_controller_test.rb b/test/controllers/passwords_controller_test.rb index 0a3a32c52..9ceadfefb 100644 --- a/test/controllers/passwords_controller_test.rb +++ b/test/controllers/passwords_controller_test.rb @@ -6,19 +6,19 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest def test_routes assert_routing( { :path => "/user/forgot-password", :method => :get }, - { :controller => "passwords", :action => "lost_password" } + { :controller => "passwords", :action => "new" } ) assert_routing( { :path => "/user/forgot-password", :method => :post }, - { :controller => "passwords", :action => "lost_password" } + { :controller => "passwords", :action => "create" } ) assert_routing( { :path => "/user/reset-password", :method => :get }, - { :controller => "passwords", :action => "reset_password" } + { :controller => "passwords", :action => "edit" } ) assert_routing( { :path => "/user/reset-password", :method => :post }, - { :controller => "passwords", :action => "reset_password" } + { :controller => "passwords", :action => "update" } ) end @@ -26,7 +26,7 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest # Test fetching the lost password page get user_forgot_password_path assert_response :success - assert_template :lost_password + assert_template :new assert_select "div#notice", false # Test resetting using the address as recorded for a user that has an @@ -41,7 +41,7 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest end end assert_response :success - assert_template :lost_password + assert_template :new # Resetting with POST should work assert_difference "ActionMailer::Base.deliveries.size", 1 do @@ -49,14 +49,23 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest post user_forgot_password_path, :params => { :email => user.email } end end - assert_response :redirect assert_redirected_to login_path - assert_match(/^Sorry you lost it/, flash[:notice]) + assert_match(/^If your email address exists/, flash[:notice]) email = ActionMailer::Base.deliveries.first assert_equal 1, email.to.count assert_equal user.email, email.to.first ActionMailer::Base.deliveries.clear + # Test resetting using an address that does not exist + assert_no_difference "ActionMailer::Base.deliveries.size" do + perform_enqueued_jobs do + post user_forgot_password_path, :params => { :email => "nobody@example.com" } + end + end + # Be paranoid about revealing there was no match + assert_redirected_to login_path + assert_match(/^If your email address exists/, flash[:notice]) + # Test resetting using an address that matches a different user # that has the same address in a different case assert_difference "ActionMailer::Base.deliveries.size", 1 do @@ -64,9 +73,8 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest post user_forgot_password_path, :params => { :email => user.email.upcase } end end - assert_response :redirect assert_redirected_to login_path - assert_match(/^Sorry you lost it/, flash[:notice]) + assert_match(/^If your email address exists/, flash[:notice]) email = ActionMailer::Base.deliveries.first assert_equal 1, email.to.count assert_equal uppercase_user.email, email.to.first @@ -79,9 +87,9 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest post user_forgot_password_path, :params => { :email => user.email.titlecase } end end - assert_response :success - assert_template :lost_password - assert_select ".alert.alert-danger", /^Could not find that email address/ + # Be paranoid about revealing there was no match + assert_redirected_to login_path + assert_match(/^If your email address exists/, flash[:notice]) # Test resetting using the address as recorded for a user that has an # address which is case insensitively unique @@ -91,9 +99,8 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest post user_forgot_password_path, :params => { :email => third_user.email } end end - assert_response :redirect assert_redirected_to login_path - assert_match(/^Sorry you lost it/, flash[:notice]) + assert_match(/^If your email address exists/, flash[:notice]) email = ActionMailer::Base.deliveries.first assert_equal 1, email.to.count assert_equal third_user.email, email.to.first @@ -106,9 +113,8 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest post user_forgot_password_path, :params => { :email => third_user.email.upcase } end end - assert_response :redirect assert_redirected_to login_path - assert_match(/^Sorry you lost it/, flash[:notice]) + assert_match(/^If your email address exists/, flash[:notice]) email = ActionMailer::Base.deliveries.first assert_equal 1, email.to.count assert_equal third_user.email, email.to.first @@ -123,26 +129,24 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest # Test a request with a bogus token get user_reset_password_path, :params => { :token => "made_up_token" } - assert_response :redirect - assert_redirected_to :action => :lost_password + assert_redirected_to :action => :new # Create a valid token for a user - token = user.tokens.create + token = user.generate_token_for(:password_reset) # Test a request with a valid token - get user_reset_password_path, :params => { :token => token.token } + get user_reset_password_path, :params => { :token => token } assert_response :success - assert_template :reset_password + assert_template :edit # Test that errors are reported for erroneous submissions - post user_reset_password_path, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "different_password" } } + post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "different_password" } } assert_response :success - assert_template :reset_password + assert_template :edit assert_select "div.invalid-feedback" # Test setting a new password - post user_reset_password_path, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } } - assert_response :redirect + post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } } assert_redirected_to root_path assert_equal user.id, session[:user] user.reload