2019-04-15 06:17:05 -04:00
# frozen_string_literal: true
2017-06-27 14:02:09 -04:00
require 'spec_helper'
2020-06-03 14:08:28 -04:00
RSpec . describe PasswordsController do
2020-09-01 08:11:01 -04:00
include DeviseHelpers
2017-06-27 14:02:09 -04:00
2020-09-01 08:11:01 -04:00
before do
set_devise_mapping ( context : @request )
end
describe '#check_password_authentication_available' do
2017-11-23 08:16:14 -05:00
context 'when password authentication is disabled for the web interface and Git' do
it 'prevents a password reset' do
stub_application_setting ( password_authentication_enabled_for_web : false )
stub_application_setting ( password_authentication_enabled_for_git : false )
2017-06-27 14:02:09 -04:00
post :create
2020-01-27 07:08:35 -05:00
expect ( response ) . to have_gitlab_http_status ( :found )
2019-12-12 07:07:33 -05:00
expect ( flash [ :alert ] ) . to eq _ ( 'Password authentication is unavailable.' )
2017-06-27 14:02:09 -04:00
end
end
context 'when reset email belongs to an ldap user' do
let ( :user ) { create ( :omniauth_user , provider : 'ldapmain' , email : 'ldapuser@gitlab.com' ) }
it 'prevents a password reset' do
2018-12-17 17:52:17 -05:00
post :create , params : { user : { email : user . email } }
2017-06-27 14:02:09 -04:00
2019-12-12 07:07:33 -05:00
expect ( flash [ :alert ] ) . to eq _ ( 'Password authentication is unavailable.' )
2017-06-27 14:02:09 -04:00
end
end
end
2020-09-01 08:11:01 -04:00
describe '#update' do
render_views
context 'updating the password' do
subject do
put :update , params : {
user : {
password : password ,
password_confirmation : password_confirmation ,
reset_password_token : reset_password_token
}
}
end
let ( :password ) { User . random_password }
let ( :password_confirmation ) { password }
let ( :reset_password_token ) { user . send_reset_password_instructions }
let ( :user ) { create ( :user , password_automatically_set : true , password_expires_at : 10 . minutes . ago ) }
context 'password update is successful' do
it 'updates the password-related flags' do
subject
user . reload
expect ( response ) . to redirect_to ( new_user_session_path )
expect ( flash [ :notice ] ) . to include ( 'password has been changed successfully' )
expect ( user . password_automatically_set ) . to eq ( false )
expect ( user . password_expires_at ) . to be_nil
end
end
context 'password update is unsuccessful' do
let ( :password_confirmation ) { 'not_the_same_as_password' }
it 'does not update the password-related flags' do
subject
user . reload
expect ( response ) . to render_template ( :edit )
expect ( response . body ) . to have_content ( " Password confirmation doesn't match Password " )
expect ( user . password_automatically_set ) . to eq ( true )
expect ( user . password_expires_at ) . not_to be_nil
end
end
2021-06-07 11:09:56 -04:00
2022-10-27 05:10:57 -04:00
context 'password is weak' do
let ( :password ) { " password " }
it 'tracks the event' do
subject
expect ( response . body ) . to have_content ( " must not contain commonly used combinations of words and letters " )
expect_snowplow_event (
category : 'Gitlab::Tracking::Helpers::WeakPasswordErrorEvent' ,
action : 'track_weak_password_error' ,
controller : 'PasswordsController' ,
method : 'create'
)
end
end
2021-06-07 11:09:56 -04:00
it 'sets the username and caller_id in the context' do
expect ( controller ) . to receive ( :update ) . and_wrap_original do | m , * args |
m . call ( * args )
expect ( Gitlab :: ApplicationContext . current )
. to include ( 'meta.user' = > user . username ,
'meta.caller_id' = > 'PasswordsController#update' )
end
subject
end
2020-09-01 08:11:01 -04:00
end
end
2021-11-02 11:12:22 -04:00
describe '#create' do
let ( :user ) { create ( :user ) }
subject ( :perform_request ) { post ( :create , params : { user : { email : user . email } } ) }
context 'when reCAPTCHA is disabled' do
before do
stub_application_setting ( recaptcha_enabled : false )
end
it 'successfully sends password reset when reCAPTCHA is not solved' do
perform_request
expect ( response ) . to redirect_to ( new_user_session_path )
expect ( flash [ :notice ] ) . to include 'If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.'
end
end
context 'when reCAPTCHA is enabled' do
before do
stub_application_setting ( recaptcha_enabled : true )
end
2022-05-24 02:08:57 -04:00
context 'when the reCAPTCHA is not solved' do
before do
Recaptcha . configuration . skip_verify_env . delete ( 'test' )
end
2021-11-02 11:12:22 -04:00
2022-05-24 02:08:57 -04:00
it 'displays an error' do
perform_request
expect ( response ) . to render_template ( :new )
expect ( flash [ :alert ] ) . to include _ ( 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.' )
end
2021-11-02 11:12:22 -04:00
2022-05-24 02:08:57 -04:00
it 'sets gon variables' do
Gon . clear
perform_request
expect ( response ) . to render_template ( :new )
expect ( Gon . all_variables ) . not_to be_empty
end
2021-11-02 11:12:22 -04:00
end
it 'successfully sends password reset when reCAPTCHA is solved' do
Recaptcha . configuration . skip_verify_env << 'test'
perform_request
expect ( response ) . to redirect_to ( new_user_session_path )
expect ( flash [ :notice ] ) . to include 'If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.'
end
end
end
2017-06-27 14:02:09 -04:00
end