passwords_controller_spec.rb 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. describe Auth::PasswordsController do
  4. include Devise::Test::ControllerHelpers
  5. describe 'GET #new' do
  6. it 'returns http success' do
  7. request.env['devise.mapping'] = Devise.mappings[:user]
  8. get :new
  9. expect(response).to have_http_status(200)
  10. end
  11. end
  12. describe 'GET #edit' do
  13. let(:user) { Fabricate(:user) }
  14. before do
  15. request.env['devise.mapping'] = Devise.mappings[:user]
  16. end
  17. context 'with valid reset_password_token' do
  18. it 'returns http success' do
  19. token = user.send_reset_password_instructions
  20. get :edit, params: { reset_password_token: token }
  21. expect(response).to have_http_status(200)
  22. end
  23. end
  24. context 'with invalid reset_password_token' do
  25. it 'redirects to #new' do
  26. get :edit, params: { reset_password_token: 'some_invalid_value' }
  27. expect(response).to redirect_to subject.new_password_path(subject.send(:resource_name))
  28. end
  29. end
  30. end
  31. describe 'POST #update' do
  32. let(:user) { Fabricate(:user) }
  33. let(:password) { 'reset0password' }
  34. before do
  35. request.env['devise.mapping'] = Devise.mappings[:user]
  36. end
  37. context 'with valid reset_password_token' do
  38. let!(:session_activation) { Fabricate(:session_activation, user: user) }
  39. let!(:access_token) { Fabricate(:access_token, resource_owner_id: user.id) }
  40. let!(:web_push_subscription) { Fabricate(:web_push_subscription, access_token: access_token) }
  41. before do
  42. token = user.send_reset_password_instructions
  43. post :update, params: { user: { password: password, password_confirmation: password, reset_password_token: token } }
  44. end
  45. it 'redirect to sign in' do
  46. expect(response).to redirect_to '/auth/sign_in'
  47. end
  48. it 'changes password' do
  49. this_user = User.find(user.id)
  50. expect(this_user).to_not be_nil
  51. expect(this_user.valid_password?(password)).to be true
  52. end
  53. it 'deactivates all sessions' do
  54. expect(user.session_activations.count).to eq 0
  55. expect { session_activation.reload }.to raise_error(ActiveRecord::RecordNotFound)
  56. end
  57. it 'revokes all access tokens' do
  58. expect(Doorkeeper::AccessToken.active_for(user).count).to eq 0
  59. end
  60. it 'removes push subscriptions' do
  61. expect(Web::PushSubscription.where(user: user).or(Web::PushSubscription.where(access_token: access_token)).count).to eq 0
  62. expect { web_push_subscription.reload }.to raise_error(ActiveRecord::RecordNotFound)
  63. end
  64. end
  65. context 'with invalid reset_password_token' do
  66. before do
  67. post :update, params: { user: { password: password, password_confirmation: password, reset_password_token: 'some_invalid_value' } }
  68. end
  69. it 'renders reset password' do
  70. expect(response).to render_template(:new)
  71. end
  72. it 'retains password' do
  73. this_user = User.find(user.id)
  74. expect(this_user).to_not be_nil
  75. expect(this_user.external_or_valid_password?(user.password)).to be true
  76. end
  77. end
  78. end
  79. end