wrong_user: "You are logged in as `%{user}' but the message you have asked to read was not sent by or to that user. Please login as the correct user in order to read it."
sent_message_summary:
destroy_button: "Delete"
- heading:
+ heading:
my_inbox: "My Inbox"
my_outbox: "My Outbox"
muted_messages: "Muted messages"
new password button: "Reset password"
help_text: "Enter the email address you used to sign up, we will send a link to it that you can use to reset your password."
create:
- notice email on way: "Sorry you lost it :-( but an email is on its way so you can reset it soon."
- notice email cannot find: "Could not find that email address, sorry."
+ send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
edit:
title: "Reset password"
heading: "Reset Password for %{user}"
end
assert_response :redirect
assert_redirected_to login_path
- assert_match(/^Sorry you lost it/, flash[:notice])
+ assert_match(/^If your email address exists/, flash[:notice])
email = ActionMailer::Base.deliveries.first
assert_equal 1, email.to.count
assert_equal user.email, email.to.first
ActionMailer::Base.deliveries.clear
+ # Test resetting using an address that does not exist
+ assert_no_difference "ActionMailer::Base.deliveries.size" do
+ perform_enqueued_jobs do
+ post user_forgot_password_path, :params => { :email => "nobody@example.com" }
+ end
+ end
+ # Be paranoid about revealing there was no match
+ assert_response :redirect
+ assert_redirected_to login_path
+ assert_match(/^If your email address exists/, flash[:notice])
+
# Test resetting using an address that matches a different user
# that has the same address in a different case
assert_difference "ActionMailer::Base.deliveries.size", 1 do
end
assert_response :redirect
assert_redirected_to login_path
- assert_match(/^Sorry you lost it/, flash[:notice])
+ assert_match(/^If your email address exists/, flash[:notice])
email = ActionMailer::Base.deliveries.first
assert_equal 1, email.to.count
assert_equal uppercase_user.email, email.to.first
post user_forgot_password_path, :params => { :email => user.email.titlecase }
end
end
- assert_response :success
- assert_template :new
- assert_select ".alert.alert-danger", /^Could not find that email address/
+ # Be paranoid about revealing there was no match
+ assert_response :redirect
+ assert_redirected_to login_path
+ assert_match(/^If your email address exists/, flash[:notice])
# Test resetting using the address as recorded for a user that has an
# address which is case insensitively unique
end
assert_response :redirect
assert_redirected_to login_path
- assert_match(/^Sorry you lost it/, flash[:notice])
+ assert_match(/^If your email address exists/, flash[:notice])
email = ActionMailer::Base.deliveries.first
assert_equal 1, email.to.count
assert_equal third_user.email, email.to.first
end
assert_response :redirect
assert_redirected_to login_path
- assert_match(/^Sorry you lost it/, flash[:notice])
+ assert_match(/^If your email address exists/, flash[:notice])
email = ActionMailer::Base.deliveries.first
assert_equal 1, email.to.count
assert_equal third_user.email, email.to.first
projects / rails.git / commitdiff