2010-03-26 06:27:19 -04:00
require 'test_helper'
2009-10-12 07:37:42 -04:00
2009-10-17 10:12:50 -04:00
class PasswordTest < ActionController :: IntegrationTest
2009-10-12 07:37:42 -04:00
def visit_new_password_path
2009-10-12 08:56:12 -04:00
visit new_user_session_path
2010-03-30 14:06:56 -04:00
click_link 'Forgot your password?'
2009-10-12 07:37:42 -04:00
end
def request_forgot_password ( & block )
visit_new_password_path
assert_response :success
2009-10-12 08:56:12 -04:00
assert_not warden . authenticated? ( :user )
2009-10-12 07:37:42 -04:00
2009-10-12 08:56:12 -04:00
fill_in 'email' , :with = > 'user@test.com'
2009-10-12 07:37:42 -04:00
yield if block_given?
click_button 'Send me reset password instructions'
end
2011-05-20 17:42:11 -04:00
def reset_password ( options = { } , & block )
2010-09-30 03:05:11 -04:00
visit edit_user_password_path ( :reset_password_token = > options [ :reset_password_token ] ) unless options [ :visit ] == false
2009-10-12 07:37:42 -04:00
assert_response :success
2010-09-30 03:05:11 -04:00
fill_in 'New password' , :with = > '987654321'
fill_in 'Confirm new password' , :with = > '987654321'
2009-10-12 07:37:42 -04:00
yield if block_given?
click_button 'Change my password'
end
2010-11-20 09:54:01 -05:00
test 'reset password with email of different case should succeed when email is in the list of case insensitive keys' do
create_user ( :email = > 'Foo@Bar.com' )
2011-05-20 17:42:11 -04:00
2010-11-20 09:54:01 -05:00
request_forgot_password do
fill_in 'email' , :with = > 'foo@bar.com'
end
2011-05-20 17:42:11 -04:00
2010-11-20 09:54:01 -05:00
assert_current_url '/users/sign_in'
assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.'
end
test 'reset password with email of different case should fail when email is NOT the list of case insensitive keys' do
swap Devise , :case_insensitive_keys = > [ ] do
create_user ( :email = > 'Foo@Bar.com' )
2011-05-20 17:42:11 -04:00
2010-11-20 09:54:01 -05:00
request_forgot_password do
fill_in 'email' , :with = > 'foo@bar.com'
end
2011-05-20 17:42:11 -04:00
2010-11-20 09:54:01 -05:00
assert_response :success
assert_current_url '/users/password'
assert_have_selector " input[type=email][value='foo@bar.com'] "
assert_contain 'not found'
end
end
2011-06-10 04:37:43 -04:00
test 'reset password with email with extra whitespace should succeed when email is in the list of strip whitespace keys' do
2011-06-10 05:10:56 -04:00
create_user ( :email = > 'foo@bar.com' )
2011-06-10 04:37:43 -04:00
request_forgot_password do
2011-06-10 05:10:56 -04:00
fill_in 'email' , :with = > ' foo@bar.com '
2011-06-10 04:37:43 -04:00
end
assert_current_url '/users/sign_in'
assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.'
end
test 'reset password with email with extra whitespace should fail when email is NOT the list of strip whitespace keys' do
2011-06-10 05:10:56 -04:00
swap Devise , :strip_whitespace_keys = > [ ] do
create_user ( :email = > 'foo@bar.com' )
2011-06-10 04:37:43 -04:00
request_forgot_password do
2011-06-10 05:10:56 -04:00
fill_in 'email' , :with = > ' foo@bar.com '
2011-06-10 04:37:43 -04:00
end
assert_response :success
assert_current_url '/users/password'
2011-06-10 05:10:56 -04:00
assert_have_selector " input[type=email][value=' foo@bar.com '] "
2011-06-10 04:37:43 -04:00
assert_contain 'not found'
end
end
2010-11-20 09:54:01 -05:00
2009-10-12 08:56:12 -04:00
test 'authenticated user should not be able to visit forgot password page' do
sign_in_as_user
assert warden . authenticated? ( :user )
2009-10-12 07:37:42 -04:00
2009-10-12 08:56:12 -04:00
get new_user_password_path
2009-10-12 07:37:42 -04:00
assert_response :redirect
assert_redirected_to root_path
end
2009-10-12 08:56:12 -04:00
test 'not authenticated user should be able to request a forgot password' do
create_user
2009-10-12 07:37:42 -04:00
request_forgot_password
2010-09-30 03:05:11 -04:00
assert_current_url '/users/sign_in'
2009-10-12 07:37:42 -04:00
assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.'
end
2009-10-12 08:56:12 -04:00
test 'not authenticated user with invalid email should receive an error message' do
2009-10-12 07:37:42 -04:00
request_forgot_password do
fill_in 'email' , :with = > 'invalid.test@test.com'
end
assert_response :success
2010-09-30 03:05:11 -04:00
assert_current_url '/users/password'
assert_have_selector " input[type=email][value='invalid.test@test.com'] "
2010-07-25 13:53:42 -04:00
assert_contain 'not found'
2009-10-12 07:37:42 -04:00
end
2009-10-12 08:56:12 -04:00
test 'authenticated user should not be able to visit edit password page' do
sign_in_as_user
get edit_user_password_path
2009-10-12 07:37:42 -04:00
assert_response :redirect
assert_redirected_to root_path
2009-10-12 08:56:12 -04:00
assert warden . authenticated? ( :user )
2009-10-12 07:37:42 -04:00
end
2009-10-18 07:14:52 -04:00
test 'not authenticated user with invalid reset password token should not be able to change his password' do
2009-10-12 08:56:12 -04:00
user = create_user
2009-10-18 07:14:52 -04:00
reset_password :reset_password_token = > 'invalid_reset_password'
2009-10-12 07:37:42 -04:00
assert_response :success
2010-09-30 03:05:11 -04:00
assert_current_url '/users/password'
2010-04-13 17:28:13 -04:00
assert_have_selector '#error_explanation'
2009-12-21 15:10:23 -05:00
assert_contain / Reset password token(.*)invalid /
2009-10-12 08:56:12 -04:00
assert_not user . reload . valid_password? ( '987654321' )
2009-10-12 07:37:42 -04:00
end
2009-10-18 07:14:52 -04:00
test 'not authenticated user with valid reset password token but invalid password should not be able to change his password' do
2009-10-12 08:56:12 -04:00
user = create_user
2009-10-15 16:36:44 -04:00
request_forgot_password
2009-10-18 07:14:52 -04:00
reset_password :reset_password_token = > user . reload . reset_password_token do
2010-09-30 03:05:11 -04:00
fill_in 'Confirm new password' , :with = > 'other_password'
2009-10-12 07:37:42 -04:00
end
assert_response :success
2010-09-30 03:05:11 -04:00
assert_current_url '/users/password'
2010-04-13 17:28:13 -04:00
assert_have_selector '#error_explanation'
2009-10-12 07:37:42 -04:00
assert_contain 'Password doesn\'t match confirmation'
2009-10-12 08:56:12 -04:00
assert_not user . reload . valid_password? ( '987654321' )
2009-10-12 07:37:42 -04:00
end
2009-10-12 08:56:12 -04:00
test 'not authenticated user with valid data should be able to change his password' do
user = create_user
2009-10-15 16:36:44 -04:00
request_forgot_password
2009-10-18 07:14:52 -04:00
reset_password :reset_password_token = > user . reload . reset_password_token
2009-10-12 07:37:42 -04:00
2010-09-30 03:05:11 -04:00
assert_current_url '/'
2009-10-12 07:37:42 -04:00
assert_contain 'Your password was changed successfully.'
2009-10-12 08:56:12 -04:00
assert user . reload . valid_password? ( '987654321' )
2009-10-12 07:37:42 -04:00
end
2009-10-18 07:54:53 -04:00
test 'after entering invalid data user should still be able to change his password' do
user = create_user
request_forgot_password
reset_password :reset_password_token = > user . reload . reset_password_token do
2010-09-30 03:05:11 -04:00
fill_in 'Confirm new password' , :with = > 'other_password'
2009-10-18 07:54:53 -04:00
end
assert_response :success
2010-04-13 17:28:13 -04:00
assert_have_selector '#error_explanation'
2009-10-18 07:54:53 -04:00
assert_not user . reload . valid_password? ( '987654321' )
reset_password :reset_password_token = > user . reload . reset_password_token , :visit = > false
assert_contain 'Your password was changed successfully.'
assert user . reload . valid_password? ( '987654321' )
end
2009-10-18 08:36:20 -04:00
test 'sign in user automatically after changing it\'s password' do
user = create_user
request_forgot_password
reset_password :reset_password_token = > user . reload . reset_password_token
assert warden . authenticated? ( :user )
end
2010-02-05 15:34:05 -05:00
test 'does not sign in user automatically after changing it\'s password if it\'s not active' do
user = create_user ( :confirm = > false )
request_forgot_password
reset_password :reset_password_token = > user . reload . reset_password_token
2010-04-03 05:43:31 -04:00
assert_equal new_user_session_path , @request . path
2010-02-05 15:34:05 -05:00
assert ! warden . authenticated? ( :user )
end
2011-01-15 14:33:54 -05:00
test 'reset password request with valid E-Mail in XML format should return valid response' do
create_user
post user_password_path ( :format = > 'xml' ) , :user = > { :email = > " user@test.com " }
assert_response :success
assert response . body . include? %( <?xml version= \" 1.0 \" encoding= \" UTF-8 \" ?> \n <user> )
end
test 'reset password request with invalid E-Mail in XML format should return valid response' do
create_user
post user_password_path ( :format = > 'xml' ) , :user = > { :email = > " invalid.test@test.com " }
assert_response :unprocessable_entity
assert response . body . include? %( <?xml version= \" 1.0 \" encoding= \" UTF-8 \" ?> \n <errors> )
end
test 'change password with valid parameters in XML format should return valid response' do
user = create_user
request_forgot_password
put user_password_path ( :format = > 'xml' ) , :user = > { :reset_password_token = > user . reload . reset_password_token , :password = > '987654321' , :password_confirmation = > '987654321' }
assert_response :success
assert warden . authenticated? ( :user )
end
test 'change password with invalid token in XML format should return invalid response' do
user = create_user
request_forgot_password
put user_password_path ( :format = > 'xml' ) , :user = > { :reset_password_token = > 'invalid.token' , :password = > '987654321' , :password_confirmation = > '987654321' }
assert_response :unprocessable_entity
assert response . body . include? %( <?xml version= \" 1.0 \" encoding= \" UTF-8 \" ?> \n <errors> )
end
test 'change password with invalid new password in XML format should return invalid response' do
user = create_user
request_forgot_password
put user_password_path ( :format = > 'xml' ) , :user = > { :reset_password_token = > user . reload . reset_password_token , :password = > '' , :password_confirmation = > '987654321' }
assert_response :unprocessable_entity
assert response . body . include? %( <?xml version= \" 1.0 \" encoding= \" UTF-8 \" ?> \n <errors> )
end
2011-05-20 17:42:11 -04:00
2011-05-20 18:41:26 -04:00
test " when in paranoid mode and with an invalid e-mail, asking to reset a password should display a message that does not indicates that the e-mail does not exists in the database " do
swap Devise , :paranoid = > true do
visit_new_password_path
fill_in " email " , :with = > " arandomemail@test.com "
click_button 'Send me reset password instructions'
2011-06-16 10:27:27 -04:00
assert_not_contain " 1 error prohibited this user from being saved: "
assert_not_contain " Email not found "
2011-05-20 18:41:26 -04:00
assert_contain " If your e-mail exists on our database, you will receive a password recovery link on your e-mail "
2011-06-16 10:27:27 -04:00
assert_current_url " /users/password "
2011-05-20 17:42:11 -04:00
end
2011-05-20 18:41:26 -04:00
end
2011-05-20 17:42:11 -04:00
2011-06-16 10:27:27 -04:00
test " when in paranoid mode and with a valid e-mail, asking to reset password should display a message that does not indicates that the email exists in the database and redirect to the failure route " do
2011-05-20 18:41:26 -04:00
swap Devise , :paranoid = > true do
user = create_user
visit_new_password_path
fill_in 'email' , :with = > user . email
click_button 'Send me reset password instructions'
2011-06-16 10:27:27 -04:00
2011-05-20 18:41:26 -04:00
assert_contain " If your e-mail exists on our database, you will receive a password recovery link on your e-mail "
2011-06-16 10:27:27 -04:00
assert_current_url " /users/password "
2011-05-20 18:41:26 -04:00
end
2011-05-20 17:42:11 -04:00
end
2009-10-12 07:37:42 -04:00
end
