158 lines
4.8 KiB
Ruby
158 lines
4.8 KiB
Ruby
require_relative '../spec_helper_min'
|
|
|
|
describe PasswordResetsController do
|
|
|
|
before(:all) do
|
|
User.any_instance.stubs(:update_in_central).returns(true)
|
|
@user = FactoryGirl.create(:user)
|
|
end
|
|
|
|
after(:each) do
|
|
@user.password_reset_token = nil
|
|
@user.password_reset_sent_at = nil
|
|
@user.save
|
|
end
|
|
|
|
after(:all) do
|
|
@user.destroy
|
|
end
|
|
|
|
describe('#create') do
|
|
it 'shows an error if the email is blank' do
|
|
payload = { email: '' }
|
|
|
|
post create_password_reset_path, payload, @headers
|
|
|
|
response.status.should == 200
|
|
response.body.should include "Email cannot be blank"
|
|
request.path.should eq create_password_reset_path
|
|
end
|
|
|
|
it 'redirects to the right page if the email does not exist' do
|
|
payload = { email: 'notfound@example.com' }
|
|
|
|
post create_password_reset_path, payload, @headers
|
|
|
|
response.status.should == 302
|
|
|
|
follow_redirect!
|
|
request.path.should eq sent_password_reset_path
|
|
end
|
|
|
|
it 'updates the user password_reset_token and password_reset_sent_at' do
|
|
payload = { email: @user.email }
|
|
|
|
post create_password_reset_path, payload, @headers
|
|
|
|
@user.reload
|
|
@user.password_reset_token.should_not be_nil
|
|
@user.password_reset_sent_at.should_not be_nil
|
|
end
|
|
|
|
it 'redirects to the right page' do
|
|
payload = { email: @user.email }
|
|
|
|
post create_password_reset_path, payload, @headers
|
|
|
|
response.status.should == 302
|
|
|
|
follow_redirect!
|
|
request.path.should eq sent_password_reset_path
|
|
end
|
|
end
|
|
|
|
describe('#update') do
|
|
before(:each) do
|
|
@user.password_reset_token = 'token'
|
|
@user.password_reset_sent_at = Time.zone.now
|
|
@user.save
|
|
end
|
|
|
|
it 'shows an error if the passwords do not match' do
|
|
payload = { carto_user: { password: 'newpass', password_confirmation: 'other' } }
|
|
|
|
put update_password_reset_path(id: @user.password_reset_token), payload, @headers
|
|
|
|
response.status.should == 200
|
|
response.body.should include "Please ensure your passwords match"
|
|
end
|
|
|
|
it 'shows an error if the password is the username' do
|
|
payload = { carto_user: { password: @user.username, password_confirmation: @user.username } }
|
|
|
|
put update_password_reset_path(id: @user.password_reset_token), payload, @headers
|
|
|
|
response.status.should == 200
|
|
response.body.should include "must be different than the user name"
|
|
end
|
|
|
|
it 'shows an error if the password is a common one' do
|
|
payload = { carto_user: { password: 'galina', password_confirmation: 'galina' } }
|
|
|
|
put update_password_reset_path(id: @user.password_reset_token), payload, @headers
|
|
|
|
response.status.should == 200
|
|
response.body.should include "be a common password"
|
|
end
|
|
|
|
it 'shows an error if the password is not strong' do
|
|
organization = mock
|
|
organization.stubs(:strong_passwords_enabled).returns(true)
|
|
organization.stubs(:color)
|
|
organization.stubs(:avatar_url)
|
|
Carto::User.any_instance.stubs(:organization).returns(organization)
|
|
|
|
payload = { carto_user: { password: 'galinaa', password_confirmation: 'galinaa' } }
|
|
|
|
put update_password_reset_path(id: @user.password_reset_token), payload, @headers
|
|
|
|
response.status.should == 200
|
|
response.body.should include "must be at least 8 characters long"
|
|
Carto::User.any_instance.unstub(:organization)
|
|
end
|
|
|
|
it 'redirects to the initial password reset view if the token has expired' do
|
|
payload = { carto_user: { password: 'newpass', password_confirmation: 'other' } }
|
|
|
|
Delorean.jump(49.hours) do
|
|
put update_password_reset_path(id: @user.password_reset_token), payload, @headers
|
|
end
|
|
|
|
response.status.should == 302
|
|
follow_redirect!
|
|
request.path.should eq new_password_reset_path
|
|
end
|
|
|
|
it 'updates the user password' do
|
|
original_password = @user.crypted_password
|
|
payload = { carto_user: { password: 'newpass', password_confirmation: 'newpass' } }
|
|
|
|
put update_password_reset_path(id: @user.password_reset_token), payload, @headers
|
|
|
|
@user.reload
|
|
@user.crypted_password.should_not == original_password
|
|
end
|
|
|
|
it 'resets the password_reset_token' do
|
|
@user.password_reset_token.should_not be_nil
|
|
|
|
payload = { carto_user: { password: 'newpass2', password_confirmation: 'newpass2' } }
|
|
|
|
put update_password_reset_path(id: @user.password_reset_token), payload, @headers
|
|
|
|
@user.reload
|
|
@user.password_reset_token.should be_nil
|
|
end
|
|
|
|
it 'redirects to the right page' do
|
|
payload = { carto_user: { password: 'newpass3', password_confirmation: 'newpass3' } }
|
|
|
|
put update_password_reset_path(id: @user.password_reset_token), payload, @headers
|
|
|
|
response.status.should == 302
|
|
follow_redirect!
|
|
request.path.should eq changed_password_reset_path
|
|
end
|
|
end
|
|
end
|