X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/53817fa9e8d955df0891d156f21b7269b4ed08fc..3c504a1a64a5d7c3811a0068721f89aa959f48f9:/test/controllers/passwords_controller_test.rb?ds=sidebyside diff --git a/test/controllers/passwords_controller_test.rb b/test/controllers/passwords_controller_test.rb index 25cfdd4e5..9ceadfefb 100644 --- a/test/controllers/passwords_controller_test.rb +++ b/test/controllers/passwords_controller_test.rb @@ -49,14 +49,23 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest post user_forgot_password_path, :params => { :email => user.email } end end - assert_response :redirect assert_redirected_to login_path - assert_match(/^Sorry you lost it/, flash[:notice]) + assert_match(/^If your email address exists/, flash[:notice]) email = ActionMailer::Base.deliveries.first assert_equal 1, email.to.count assert_equal user.email, email.to.first ActionMailer::Base.deliveries.clear + # Test resetting using an address that does not exist + assert_no_difference "ActionMailer::Base.deliveries.size" do + perform_enqueued_jobs do + post user_forgot_password_path, :params => { :email => "nobody@example.com" } + end + end + # Be paranoid about revealing there was no match + assert_redirected_to login_path + assert_match(/^If your email address exists/, flash[:notice]) + # Test resetting using an address that matches a different user # that has the same address in a different case assert_difference "ActionMailer::Base.deliveries.size", 1 do @@ -64,9 +73,8 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest post user_forgot_password_path, :params => { :email => user.email.upcase } end end - assert_response :redirect assert_redirected_to login_path - assert_match(/^Sorry you lost it/, flash[:notice]) + assert_match(/^If your email address exists/, flash[:notice]) email = ActionMailer::Base.deliveries.first assert_equal 1, email.to.count assert_equal uppercase_user.email, email.to.first @@ -79,9 +87,9 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest post user_forgot_password_path, :params => { :email => user.email.titlecase } end end - assert_response :success - assert_template :new - assert_select ".alert.alert-danger", /^Could not find that email address/ + # Be paranoid about revealing there was no match + assert_redirected_to login_path + assert_match(/^If your email address exists/, flash[:notice]) # Test resetting using the address as recorded for a user that has an # address which is case insensitively unique @@ -91,9 +99,8 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest post user_forgot_password_path, :params => { :email => third_user.email } end end - assert_response :redirect assert_redirected_to login_path - assert_match(/^Sorry you lost it/, flash[:notice]) + assert_match(/^If your email address exists/, flash[:notice]) email = ActionMailer::Base.deliveries.first assert_equal 1, email.to.count assert_equal third_user.email, email.to.first @@ -106,9 +113,8 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest post user_forgot_password_path, :params => { :email => third_user.email.upcase } end end - assert_response :redirect assert_redirected_to login_path - assert_match(/^Sorry you lost it/, flash[:notice]) + assert_match(/^If your email address exists/, flash[:notice]) email = ActionMailer::Base.deliveries.first assert_equal 1, email.to.count assert_equal third_user.email, email.to.first @@ -123,7 +129,6 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest # Test a request with a bogus token get user_reset_password_path, :params => { :token => "made_up_token" } - assert_response :redirect assert_redirected_to :action => :new # Create a valid token for a user @@ -142,7 +147,6 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest # Test setting a new password post user_reset_password_path, :params => { :token => token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } } - assert_response :redirect assert_redirected_to root_path assert_equal user.id, session[:user] user.reload