2010-03-26 06:27:19 -04:00
|
|
|
require 'test_helper'
|
2009-09-18 09:20:45 -04:00
|
|
|
|
|
|
|
class RecoverableTest < ActiveSupport::TestCase
|
|
|
|
|
|
|
|
def setup
|
|
|
|
setup_mailer
|
|
|
|
end
|
|
|
|
|
2009-10-18 07:14:52 -04:00
|
|
|
test 'should not generate reset password token after creating a record' do
|
|
|
|
assert_nil new_user.reset_password_token
|
|
|
|
end
|
|
|
|
|
|
|
|
test 'should never generate the same reset password token for different users' do
|
|
|
|
reset_password_tokens = []
|
2009-11-24 20:19:12 -05:00
|
|
|
3.times do
|
2009-10-18 07:14:52 -04:00
|
|
|
user = create_user
|
|
|
|
user.send_reset_password_instructions
|
|
|
|
token = user.reset_password_token
|
|
|
|
assert !reset_password_tokens.include?(token)
|
|
|
|
reset_password_tokens << token
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2009-09-18 09:20:45 -04:00
|
|
|
test 'should reset password and password confirmation from params' do
|
2009-10-07 22:50:42 -04:00
|
|
|
user = create_user
|
2009-12-14 18:30:28 -05:00
|
|
|
user.reset_password!('123456789', '987654321')
|
2009-10-07 22:50:42 -04:00
|
|
|
assert_equal '123456789', user.password
|
|
|
|
assert_equal '987654321', user.password_confirmation
|
2009-09-18 09:20:45 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
test 'should reset password and save the record' do
|
2009-10-07 22:50:42 -04:00
|
|
|
assert create_user.reset_password!('123456789', '123456789')
|
2009-09-18 09:20:45 -04:00
|
|
|
end
|
|
|
|
|
2009-10-18 07:14:52 -04:00
|
|
|
test 'should clear reset password token while reseting the password' do
|
2009-10-15 16:36:44 -04:00
|
|
|
user = create_user
|
2009-10-18 07:14:52 -04:00
|
|
|
assert_nil user.reset_password_token
|
2009-11-24 20:19:12 -05:00
|
|
|
|
2009-10-18 07:14:52 -04:00
|
|
|
user.send_reset_password_instructions
|
|
|
|
assert_present user.reset_password_token
|
2009-10-18 07:54:53 -04:00
|
|
|
assert user.reset_password!('123456789', '123456789')
|
2009-10-18 07:14:52 -04:00
|
|
|
assert_nil user.reset_password_token
|
2009-10-15 16:36:44 -04:00
|
|
|
end
|
|
|
|
|
2009-10-18 07:54:53 -04:00
|
|
|
test 'should not clear reset password token if record is invalid' do
|
|
|
|
user = create_user
|
|
|
|
user.send_reset_password_instructions
|
|
|
|
assert_present user.reset_password_token
|
|
|
|
assert_not user.reset_password!('123456789', '987654321')
|
|
|
|
assert_present user.reset_password_token
|
|
|
|
end
|
|
|
|
|
2009-09-18 09:20:45 -04:00
|
|
|
test 'should not reset password with invalid data' do
|
2009-10-07 22:50:42 -04:00
|
|
|
user = create_user
|
|
|
|
user.stubs(:valid?).returns(false)
|
|
|
|
assert_not user.reset_password!('123456789', '987654321')
|
2009-09-18 09:20:45 -04:00
|
|
|
end
|
|
|
|
|
2009-10-18 07:14:52 -04:00
|
|
|
test 'should reset reset password token and send instructions by email' do
|
2009-10-07 22:50:42 -04:00
|
|
|
user = create_user
|
2009-09-18 09:47:12 -04:00
|
|
|
assert_email_sent do
|
2009-10-18 07:14:52 -04:00
|
|
|
token = user.reset_password_token
|
2009-10-07 22:50:42 -04:00
|
|
|
user.send_reset_password_instructions
|
2009-10-18 07:14:52 -04:00
|
|
|
assert_not_equal token, user.reset_password_token
|
2009-09-18 09:47:12 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2009-09-18 09:20:45 -04:00
|
|
|
test 'should find a user to send instructions by email' do
|
2009-10-07 22:50:42 -04:00
|
|
|
user = create_user
|
2014-02-25 11:42:55 -05:00
|
|
|
reset_password_user = User.send_reset_password_instructions(email: user.email)
|
2009-10-07 22:50:42 -04:00
|
|
|
assert_equal reset_password_user, user
|
2009-09-18 09:20:45 -04:00
|
|
|
end
|
|
|
|
|
2009-11-24 20:19:12 -05:00
|
|
|
test 'should return a new record with errors if user was not found by e-mail' do
|
2014-02-25 11:42:55 -05:00
|
|
|
reset_password_user = User.send_reset_password_instructions(email: "invalid@example.com")
|
2010-03-28 16:26:07 -04:00
|
|
|
assert_not reset_password_user.persisted?
|
2010-09-21 06:05:17 -04:00
|
|
|
assert_equal "not found", reset_password_user.errors[:email].join
|
2010-07-25 13:53:42 -04:00
|
|
|
end
|
2010-12-28 17:00:23 -05:00
|
|
|
|
2010-07-25 13:53:42 -04:00
|
|
|
test 'should find a user to send instructions by authentication_keys' do
|
2014-02-25 11:42:55 -05:00
|
|
|
swap Devise, authentication_keys: [:username, :email] do
|
2010-07-25 13:53:42 -04:00
|
|
|
user = create_user
|
2014-02-25 11:42:55 -05:00
|
|
|
reset_password_user = User.send_reset_password_instructions(email: user.email, username: user.username)
|
2010-07-25 13:53:42 -04:00
|
|
|
assert_equal reset_password_user, user
|
|
|
|
end
|
|
|
|
end
|
2009-09-18 09:20:45 -04:00
|
|
|
|
2010-12-29 12:15:43 -05:00
|
|
|
test 'should require all reset_password_keys' do
|
2014-02-25 11:42:55 -05:00
|
|
|
swap Devise, reset_password_keys: [:username, :email] do
|
2010-12-29 12:15:43 -05:00
|
|
|
user = create_user
|
2014-02-25 11:42:55 -05:00
|
|
|
reset_password_user = User.send_reset_password_instructions(email: user.email)
|
2010-12-29 12:15:43 -05:00
|
|
|
assert_not reset_password_user.persisted?
|
|
|
|
assert_equal "can't be blank", reset_password_user.errors[:username].join
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2009-11-24 20:19:12 -05:00
|
|
|
test 'should reset reset_password_token before send the reset instructions email' do
|
2009-10-07 22:50:42 -04:00
|
|
|
user = create_user
|
2009-10-18 07:14:52 -04:00
|
|
|
token = user.reset_password_token
|
2014-02-25 11:42:55 -05:00
|
|
|
User.send_reset_password_instructions(email: user.email)
|
2009-10-18 07:14:52 -04:00
|
|
|
assert_not_equal token, user.reload.reset_password_token
|
2009-09-18 09:20:45 -04:00
|
|
|
end
|
|
|
|
|
2013-12-02 04:02:17 -05:00
|
|
|
test 'should send email instructions to the user reset their password' do
|
2009-10-07 22:50:42 -04:00
|
|
|
user = create_user
|
2009-09-18 09:20:45 -04:00
|
|
|
assert_email_sent do
|
2014-02-25 11:42:55 -05:00
|
|
|
User.send_reset_password_instructions(email: user.email)
|
2009-09-18 09:20:45 -04:00
|
|
|
end
|
|
|
|
end
|
2009-09-18 09:47:12 -04:00
|
|
|
|
2013-12-02 04:02:17 -05:00
|
|
|
test 'should find a user to reset their password based on the raw token' do
|
2013-08-05 12:56:07 -04:00
|
|
|
user = create_user
|
|
|
|
raw = user.send_reset_password_instructions
|
|
|
|
|
2014-02-25 11:42:55 -05:00
|
|
|
reset_password_user = User.reset_password_by_token(reset_password_token: raw)
|
2013-08-05 12:56:07 -04:00
|
|
|
assert_equal reset_password_user, user
|
|
|
|
end
|
|
|
|
|
2011-02-09 04:11:48 -05:00
|
|
|
test 'should return a new record with errors if no reset_password_token is found' do
|
2014-02-25 11:42:55 -05:00
|
|
|
reset_password_user = User.reset_password_by_token(reset_password_token: 'invalid_token')
|
2010-03-28 16:26:07 -04:00
|
|
|
assert_not reset_password_user.persisted?
|
2010-02-16 11:00:36 -05:00
|
|
|
assert_equal "is invalid", reset_password_user.errors[:reset_password_token].join
|
2009-09-18 09:47:12 -04:00
|
|
|
end
|
|
|
|
|
2011-02-09 04:11:48 -05:00
|
|
|
test 'should return a new record with errors if reset_password_token is blank' do
|
2014-02-25 11:42:55 -05:00
|
|
|
reset_password_user = User.reset_password_by_token(reset_password_token: '')
|
2010-03-28 16:26:07 -04:00
|
|
|
assert_not reset_password_user.persisted?
|
2010-02-16 11:00:36 -05:00
|
|
|
assert_match "can't be blank", reset_password_user.errors[:reset_password_token].join
|
2009-09-18 09:47:12 -04:00
|
|
|
end
|
|
|
|
|
2011-02-09 04:11:48 -05:00
|
|
|
test 'should return a new record with errors if password is blank' do
|
|
|
|
user = create_user
|
2013-08-05 12:56:07 -04:00
|
|
|
raw = user.send_reset_password_instructions
|
2011-02-09 04:11:48 -05:00
|
|
|
|
2014-02-25 11:42:55 -05:00
|
|
|
reset_password_user = User.reset_password_by_token(reset_password_token: raw, password: '')
|
2011-02-09 04:11:48 -05:00
|
|
|
assert_not reset_password_user.errors.empty?
|
|
|
|
assert_match "can't be blank", reset_password_user.errors[:password].join
|
|
|
|
end
|
|
|
|
|
2009-09-18 09:47:12 -04:00
|
|
|
test 'should reset successfully user password given the new password and confirmation' do
|
2009-10-07 22:50:42 -04:00
|
|
|
user = create_user
|
|
|
|
old_password = user.password
|
2013-08-05 12:56:07 -04:00
|
|
|
raw = user.send_reset_password_instructions
|
2009-11-24 15:02:36 -05:00
|
|
|
|
2012-05-26 12:31:42 -04:00
|
|
|
User.reset_password_by_token(
|
2014-02-25 11:42:55 -05:00
|
|
|
reset_password_token: raw,
|
|
|
|
password: 'new_password',
|
|
|
|
password_confirmation: 'new_password'
|
2009-10-07 21:33:45 -04:00
|
|
|
)
|
2009-10-07 22:50:42 -04:00
|
|
|
user.reload
|
2009-11-24 15:02:36 -05:00
|
|
|
|
2009-10-07 22:50:42 -04:00
|
|
|
assert_not user.valid_password?(old_password)
|
|
|
|
assert user.valid_password?('new_password')
|
2009-09-18 09:47:12 -04:00
|
|
|
end
|
2011-01-24 10:48:44 -05:00
|
|
|
|
|
|
|
test 'should not reset password after reset_password_within time' do
|
2014-02-25 11:42:55 -05:00
|
|
|
swap Devise, reset_password_within: 1.hour do
|
2011-01-24 10:48:44 -05:00
|
|
|
user = create_user
|
2013-08-05 12:56:07 -04:00
|
|
|
raw = user.send_reset_password_instructions
|
|
|
|
|
2011-01-24 10:48:44 -05:00
|
|
|
old_password = user.password
|
|
|
|
user.reset_password_sent_at = 2.days.ago
|
|
|
|
user.save!
|
|
|
|
|
|
|
|
reset_password_user = User.reset_password_by_token(
|
2014-02-25 11:42:55 -05:00
|
|
|
reset_password_token: raw,
|
|
|
|
password: 'new_password',
|
|
|
|
password_confirmation: 'new_password'
|
2011-01-24 10:48:44 -05:00
|
|
|
)
|
|
|
|
user.reload
|
|
|
|
|
|
|
|
assert user.valid_password?(old_password)
|
|
|
|
assert_not user.valid_password?('new_password')
|
2011-04-21 13:17:21 -04:00
|
|
|
assert_equal "has expired, please request a new one", reset_password_user.errors[:reset_password_token].join
|
2011-01-24 10:48:44 -05:00
|
|
|
end
|
|
|
|
end
|
2012-02-20 06:14:06 -05:00
|
|
|
|
|
|
|
test 'required_fields should contain the fields that Devise uses' do
|
2012-02-20 06:54:45 -05:00
|
|
|
assert_same_content Devise::Models::Recoverable.required_fields(User), [
|
2012-02-20 06:14:06 -05:00
|
|
|
:reset_password_sent_at,
|
|
|
|
:reset_password_token
|
|
|
|
]
|
2013-12-05 03:03:32 -05:00
|
|
|
end
|
2014-03-31 09:51:13 -04:00
|
|
|
|
|
|
|
test 'should return a user based on the raw token' do
|
|
|
|
user = create_user
|
|
|
|
raw = user.send_reset_password_instructions
|
|
|
|
|
|
|
|
assert_equal User.with_reset_password_token(raw), user
|
|
|
|
end
|
|
|
|
|
|
|
|
test 'should return nil if a user based on the raw token is not found' do
|
|
|
|
assert_equal User.with_reset_password_token('random-token'), nil
|
|
|
|
end
|
|
|
|
|
2012-05-26 12:31:42 -04:00
|
|
|
end
|