songtianlun
32ec61fe00
- Implement password reset request and form - Add user validation and expiration checks - Create integration tests for password reset process This commit introduces a complete password reset feature, allowing users to reset their passwords securely. It includes necessary validations to ensure the user is valid and the reset token has not expired. Additionally, integration tests have been added to verify the functionality and edge cases, enhancing overall application security and user experience.
80 lines
2.9 KiB
Ruby
80 lines
2.9 KiB
Ruby
require "test_helper"
|
|
|
|
class PasswordResetsTest < ActionDispatch::IntegrationTest
|
|
def setup
|
|
ActionMailer::Base.deliveries.clear
|
|
@user = users(:michael)
|
|
end
|
|
|
|
test "password reset" do
|
|
get new_password_reset_path
|
|
assert_template "password_resets/new"
|
|
assert_select "input[name=?]", "password_reset[email]"
|
|
# email is invalid
|
|
post password_resets_path, params: { password_reset: { email: "" } }
|
|
assert_not flash.empty?
|
|
assert_template "password_resets/new"
|
|
# email is valid
|
|
post password_resets_path,
|
|
params: { password_reset: { email: @user.email } }
|
|
assert_not_equal @user.reset_digest, @user.reload.reset_digest
|
|
assert_equal 1, ActionMailer::Base.deliveries.size
|
|
assert_not flash.empty?
|
|
assert_redirected_to root_url
|
|
# password reset form
|
|
user = assigns(:user)
|
|
# email is error
|
|
get edit_password_reset_path(user.reset_token, email: "")
|
|
assert_redirected_to root_url
|
|
# user is inactivated
|
|
user.toggle!(:activated)
|
|
get edit_password_reset_path(user.reset_token, email: user.email)
|
|
assert_redirected_to root_url
|
|
user.toggle!(:activated)
|
|
# email is right, token is wrong
|
|
get edit_password_reset_path("wrong token", email: user.email)
|
|
assert_redirected_to root_url
|
|
# email is right, token is right
|
|
get edit_password_reset_path(user.reset_token, email: user.email)
|
|
assert_template "password_resets/edit"
|
|
assert_select "input[name=email][type=hidden][value=?]", user.email
|
|
# password is not patch
|
|
patch password_reset_path(user.reset_token),
|
|
params: { email: user.email,
|
|
user: { password: "foobaz",
|
|
password_confirmation: "barquux" } }
|
|
assert_select "div#error_explanation"
|
|
# password is empty
|
|
patch password_reset_path(user.reset_token),
|
|
params: { email: user.email,
|
|
user: { password: "",
|
|
password_confirmation: "" } }
|
|
assert_select "div#error_explanation"
|
|
# password and password_confirmation is valid
|
|
patch password_reset_path(user.reset_token),
|
|
params: { email: user.email,
|
|
user: { password: "foobaz",
|
|
password_confirmation: "foobaz" } }
|
|
assert is_logged_in?
|
|
assert_not flash.empty?
|
|
assert_redirected_to user
|
|
assert_nil user.reload.reset_digest
|
|
end
|
|
|
|
test "expired token" do
|
|
get new_password_reset_path
|
|
post password_resets_path,
|
|
params: { password_reset: { email: @user.email } }
|
|
|
|
@user = assigns(:user)
|
|
@user.update_attribute(:reset_send_at, 3.hour.ago)
|
|
patch password_reset_path(@user.reset_token),
|
|
params: { email: @user.email,
|
|
user: { password: "foobar",
|
|
password_confirmation: "foobar" } }
|
|
assert_response :redirect
|
|
follow_redirect!
|
|
assert_match "expired", response.body
|
|
end
|
|
end
|