From 750560ae87580d8f6137a1d597d1c445e35b969a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@gmail.com>
Date: Tue, 6 Jul 2010 16:00:07 +0200
Subject: [PATCH] Ensure method is always POST on new.html.erb forms, closes
 #365. Also, start to remove usage of assert_template.

---
 app/views/devise/confirmations/new.html.erb |  2 +-
 app/views/devise/passwords/new.html.erb     |  2 +-
 app/views/devise/unlocks/new.html.erb       |  2 +-
 test/integration/confirmable_test.rb        | 25 +++++++++++++--------
 test/support/integration.rb                 | 12 +++++++---
 5 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb
index 409b98ae..2dd5a7e6 100644
--- a/app/views/devise/confirmations/new.html.erb
+++ b/app/views/devise/confirmations/new.html.erb
@@ -1,6 +1,6 @@
 <h2>Resend confirmation instructions</h2>
 
-<%= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name)) do |f| %>
+<%= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %>
   <%= devise_error_messages! %>
 
   <p><%= f.label :email %><br />
diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb
index d5ad8451..b8819f15 100644
--- a/app/views/devise/passwords/new.html.erb
+++ b/app/views/devise/passwords/new.html.erb
@@ -1,6 +1,6 @@
 <h2>Forgot your password?</h2>
 
-<%= form_for(resource, :as => resource_name, :url => password_path(resource_name)) do |f| %>
+<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
   <%= devise_error_messages! %>
 
   <p><%= f.label :email %><br />
diff --git a/app/views/devise/unlocks/new.html.erb b/app/views/devise/unlocks/new.html.erb
index 989bb8fe..a7be7e44 100644
--- a/app/views/devise/unlocks/new.html.erb
+++ b/app/views/devise/unlocks/new.html.erb
@@ -1,6 +1,6 @@
 <h2>Resend unlock instructions</h2>
 
-<%= form_for(resource, :as => resource_name, :url => unlock_path(resource_name)) do |f| %>
+<%= form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %>
   <%= devise_error_messages! %>
 
   <p><%= f.label :email %><br />
diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb
index f4dea239..d60084f7 100644
--- a/test/integration/confirmable_test.rb
+++ b/test/integration/confirmable_test.rb
@@ -16,16 +16,13 @@ class ConfirmationTest < ActionController::IntegrationTest
     fill_in 'email', :with => user.email
     click_button 'Resend confirmation instructions'
 
-    assert_template 'sessions/new'
+    assert_current_url '/users/sign_in'
     assert_contain 'You will receive an email with instructions about how to confirm your account in a few minutes'
     assert_equal 1, ActionMailer::Base.deliveries.size
   end
 
   test 'user with invalid confirmation token should not be able to confirm an account' do
     visit_user_confirmation_with_token('invalid_confirmation')
-
-    assert_response :success
-    assert_template 'confirmations/new'
     assert_have_selector '#error_explanation'
     assert_contain /Confirmation token(.*)invalid/
   end
@@ -33,26 +30,36 @@ class ConfirmationTest < ActionController::IntegrationTest
   test 'user with valid confirmation token should be able to confirm an account' do
     user = create_user(:confirm => false)
     assert_not user.confirmed?
-
     visit_user_confirmation_with_token(user.confirmation_token)
 
-    assert_template 'home/index'
     assert_contain 'Your account was successfully confirmed.'
-
+    assert_current_url '/'
     assert user.reload.confirmed?
   end
 
-  test 'user already confirmed user should not be able to confirm the account again' do
+  test 'already confirmed user should not be able to confirm the account again' do
     user = create_user(:confirm => false)
     user.confirmed_at = Time.now
     user.save
     visit_user_confirmation_with_token(user.confirmation_token)
 
-    assert_template 'confirmations/new'
     assert_have_selector '#error_explanation'
     assert_contain 'already confirmed'
   end
 
+  test 'already confirmed user should not be able to confirm the account again neither request confirmation' do
+    user = create_user(:confirm => false)
+    user.confirmed_at = Time.now
+    user.save
+
+    visit_user_confirmation_with_token(user.confirmation_token)
+    assert_contain 'already confirmed'
+
+    fill_in 'email', :with => user.email
+    click_button 'Resend confirmation instructions'
+    assert_contain 'already confirmed'
+  end
+
   test 'sign in user automatically after confirming it\'s email' do
     user = create_user(:confirm => false)
     visit_user_confirmation_with_token(user.confirmation_token)
diff --git a/test/support/integration.rb b/test/support/integration.rb
index c39b089a..42044ae0 100644
--- a/test/support/integration.rb
+++ b/test/support/integration.rb
@@ -57,9 +57,15 @@ class ActionDispatch::IntegrationTest
     assert [301, 302].include?(@integration_session.status),
            "Expected status to be 301 or 302, got #{@integration_session.status}"
 
-    url = prepend_host(url)
-    location = prepend_host(@integration_session.headers["Location"])
-    assert_equal url, location
+    assert_url url, @integration_session.headers["Location"]
+  end
+
+  def assert_current_url(expected)
+    assert_url expected, current_url
+  end
+
+  def assert_url(expected, actual)
+    assert_equal prepend_host(expected), prepend_host(actual)
   end
 
   protected