cartodb-4.42/spec/requests/password_resets_controller_spec.rb
2024-04-06 05:25:13 +00:00

158 lines
4.8 KiB
Ruby

require_relative '../spec_helper_min'
describe PasswordResetsController do
before(:all) do
User.any_instance.stubs(:update_in_central).returns(true)
@user = FactoryGirl.create(:user)
end
after(:each) do
@user.password_reset_token = nil
@user.password_reset_sent_at = nil
@user.save
end
after(:all) do
@user.destroy
end
describe('#create') do
it 'shows an error if the email is blank' do
payload = { email: '' }
post create_password_reset_path, payload, @headers
response.status.should == 200
response.body.should include "Email cannot be blank"
request.path.should eq create_password_reset_path
end
it 'redirects to the right page if the email does not exist' do
payload = { email: 'notfound@example.com' }
post create_password_reset_path, payload, @headers
response.status.should == 302
follow_redirect!
request.path.should eq sent_password_reset_path
end
it 'updates the user password_reset_token and password_reset_sent_at' do
payload = { email: @user.email }
post create_password_reset_path, payload, @headers
@user.reload
@user.password_reset_token.should_not be_nil
@user.password_reset_sent_at.should_not be_nil
end
it 'redirects to the right page' do
payload = { email: @user.email }
post create_password_reset_path, payload, @headers
response.status.should == 302
follow_redirect!
request.path.should eq sent_password_reset_path
end
end
describe('#update') do
before(:each) do
@user.password_reset_token = 'token'
@user.password_reset_sent_at = Time.zone.now
@user.save
end
it 'shows an error if the passwords do not match' do
payload = { carto_user: { password: 'newpass', password_confirmation: 'other' } }
put update_password_reset_path(id: @user.password_reset_token), payload, @headers
response.status.should == 200
response.body.should include "Please ensure your passwords match"
end
it 'shows an error if the password is the username' do
payload = { carto_user: { password: @user.username, password_confirmation: @user.username } }
put update_password_reset_path(id: @user.password_reset_token), payload, @headers
response.status.should == 200
response.body.should include "must be different than the user name"
end
it 'shows an error if the password is a common one' do
payload = { carto_user: { password: 'galina', password_confirmation: 'galina' } }
put update_password_reset_path(id: @user.password_reset_token), payload, @headers
response.status.should == 200
response.body.should include "be a common password"
end
it 'shows an error if the password is not strong' do
organization = mock
organization.stubs(:strong_passwords_enabled).returns(true)
organization.stubs(:color)
organization.stubs(:avatar_url)
Carto::User.any_instance.stubs(:organization).returns(organization)
payload = { carto_user: { password: 'galinaa', password_confirmation: 'galinaa' } }
put update_password_reset_path(id: @user.password_reset_token), payload, @headers
response.status.should == 200
response.body.should include "must be at least 8 characters long"
Carto::User.any_instance.unstub(:organization)
end
it 'redirects to the initial password reset view if the token has expired' do
payload = { carto_user: { password: 'newpass', password_confirmation: 'other' } }
Delorean.jump(49.hours) do
put update_password_reset_path(id: @user.password_reset_token), payload, @headers
end
response.status.should == 302
follow_redirect!
request.path.should eq new_password_reset_path
end
it 'updates the user password' do
original_password = @user.crypted_password
payload = { carto_user: { password: 'newpass', password_confirmation: 'newpass' } }
put update_password_reset_path(id: @user.password_reset_token), payload, @headers
@user.reload
@user.crypted_password.should_not == original_password
end
it 'resets the password_reset_token' do
@user.password_reset_token.should_not be_nil
payload = { carto_user: { password: 'newpass2', password_confirmation: 'newpass2' } }
put update_password_reset_path(id: @user.password_reset_token), payload, @headers
@user.reload
@user.password_reset_token.should be_nil
end
it 'redirects to the right page' do
payload = { carto_user: { password: 'newpass3', password_confirmation: 'newpass3' } }
put update_password_reset_path(id: @user.password_reset_token), payload, @headers
response.status.should == 302
follow_redirect!
request.path.should eq changed_password_reset_path
end
end
end