X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/38bcc001e307a4ed32ce4623f2992d1c8c7c3738..5a0e0b2407823f501977d362ddc09664d9fa2f3f:/test/controllers/passwords_controller_test.rb diff --git a/test/controllers/passwords_controller_test.rb b/test/controllers/passwords_controller_test.rb index c39e8465b..9ceadfefb 100644 --- a/test/controllers/passwords_controller_test.rb +++ b/test/controllers/passwords_controller_test.rb @@ -49,14 +49,23 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest post user_forgot_password_path, :params => { :email => user.email } end end - assert_response :redirect assert_redirected_to login_path - assert_match(/^Sorry you lost it/, flash[:notice]) + assert_match(/^If your email address exists/, flash[:notice]) email = ActionMailer::Base.deliveries.first assert_equal 1, email.to.count assert_equal user.email, email.to.first ActionMailer::Base.deliveries.clear + # Test resetting using an address that does not exist + assert_no_difference "ActionMailer::Base.deliveries.size" do + perform_enqueued_jobs do + post user_forgot_password_path, :params => { :email => "nobody@example.com" } + end + end + # Be paranoid about revealing there was no match + assert_redirected_to login_path + assert_match(/^If your email address exists/, flash[:notice]) + # Test resetting using an address that matches a different user # that has the same address in a different case assert_difference "ActionMailer::Base.deliveries.size", 1 do @@ -64,9 +73,8 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest post user_forgot_password_path, :params => { :email => user.email.upcase } end end - assert_response :redirect assert_redirected_to login_path - assert_match(/^Sorry you lost it/, flash[:notice]) + assert_match(/^If your email address exists/, flash[:notice]) email = ActionMailer::Base.deliveries.first assert_equal 1, email.to.count assert_equal uppercase_user.email, email.to.first @@ -79,9 +87,9 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest post user_forgot_password_path, :params => { :email => user.email.titlecase } end end - assert_response :success - assert_template :new - assert_select ".alert.alert-danger", /^Could not find that email address/ + # Be paranoid about revealing there was no match + assert_redirected_to login_path + assert_match(/^If your email address exists/, flash[:notice]) # Test resetting using the address as recorded for a user that has an # address which is case insensitively unique @@ -91,9 +99,8 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest post user_forgot_password_path, :params => { :email => third_user.email } end end - assert_response :redirect assert_redirected_to login_path - assert_match(/^Sorry you lost it/, flash[:notice]) + assert_match(/^If your email address exists/, flash[:notice]) email = ActionMailer::Base.deliveries.first assert_equal 1, email.to.count assert_equal third_user.email, email.to.first @@ -106,9 +113,8 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest post user_forgot_password_path, :params => { :email => third_user.email.upcase } end end - assert_response :redirect assert_redirected_to login_path - assert_match(/^Sorry you lost it/, flash[:notice]) + assert_match(/^If your email address exists/, flash[:notice]) email = ActionMailer::Base.deliveries.first assert_equal 1, email.to.count assert_equal third_user.email, email.to.first @@ -123,26 +129,24 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest # Test a request with a bogus token get user_reset_password_path, :params => { :token => "made_up_token" } - assert_response :redirect assert_redirected_to :action => :new # Create a valid token for a user - token = user.tokens.create + token = user.generate_token_for(:password_reset) # Test a request with a valid token - get user_reset_password_path, :params => { :token => token.token } + get user_reset_password_path, :params => { :token => token } assert_response :success assert_template :edit # Test that errors are reported for erroneous submissions - post user_reset_password_path, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "different_password" } } + post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "different_password" } } assert_response :success assert_template :edit assert_select "div.invalid-feedback" # Test setting a new password - post user_reset_password_path, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } } - assert_response :redirect + post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } } assert_redirected_to root_path assert_equal user.id, session[:user] user.reload