gitlab-org--gitlab-foss/spec/controllers/passwords_controller_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe PasswordsController do
  include DeviseHelpers

  before do
    set_devise_mapping(context: @request)
  end

  describe '#check_password_authentication_available' do
    context 'when password authentication is disabled for the web interface and Git' do
      it 'prevents a password reset' do
        stub_application_setting(password_authentication_enabled_for_web: false)
        stub_application_setting(password_authentication_enabled_for_git: false)

        post :create

        expect(response).to have_gitlab_http_status(:found)
        expect(flash[:alert]).to eq _('Password authentication is unavailable.')
      end
    end

    context 'when reset email belongs to an ldap user' do
      let(:user) { create(:omniauth_user, provider: 'ldapmain', email: 'ldapuser@gitlab.com') }

      it 'prevents a password reset' do
        post :create, params: { user: { email: user.email } }

        expect(flash[:alert]).to eq _('Password authentication is unavailable.')
      end
    end
  end

  describe '#update' do
    render_views

    context 'updating the password' do
      subject do
        put :update, params: {
          user: {
            password: password,
            password_confirmation: password_confirmation,
            reset_password_token: reset_password_token
          }
        }
      end

      let(:password) { User.random_password }
      let(:password_confirmation) { password }
      let(:reset_password_token) { user.send_reset_password_instructions }
      let(:user) { create(:user, password_automatically_set: true, password_expires_at: 10.minutes.ago) }

      context 'password update is successful' do
        it 'updates the password-related flags' do
          subject
          user.reload

          expect(response).to redirect_to(new_user_session_path)
          expect(flash[:notice]).to include('password has been changed successfully')
          expect(user.password_automatically_set).to eq(false)
          expect(user.password_expires_at).to be_nil
        end
      end

      context 'password update is unsuccessful' do
        let(:password_confirmation) { 'not_the_same_as_password' }

        it 'does not update the password-related flags' do
          subject
          user.reload

          expect(response).to render_template(:edit)
          expect(response.body).to have_content("Password confirmation doesn't match Password")
          expect(user.password_automatically_set).to eq(true)
          expect(user.password_expires_at).not_to be_nil
        end
      end

      it 'sets the username and caller_id in the context' do
        expect(controller).to receive(:update).and_wrap_original do |m, *args|
          m.call(*args)

          expect(Gitlab::ApplicationContext.current)
            .to include('meta.user' => user.username,
                        'meta.caller_id' => 'PasswordsController#update')
        end

        subject
      end
    end
  end

  describe '#create' do
    let(:user) { create(:user) }

    subject(:perform_request) { post(:create, params: { user: { email: user.email } }) }

    context 'when reCAPTCHA is disabled' do
      before do
        stub_application_setting(recaptcha_enabled: false)
      end

      it 'successfully sends password reset when reCAPTCHA is not solved' do
        perform_request

        expect(response).to redirect_to(new_user_session_path)
        expect(flash[:notice]).to include 'If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.'
      end
    end

    context 'when reCAPTCHA is enabled' do
      before do
        stub_application_setting(recaptcha_enabled: true)
      end

      it 'displays an error when the reCAPTCHA is not solved' do
        Recaptcha.configuration.skip_verify_env.delete('test')

        perform_request

        expect(response).to render_template(:new)
        expect(flash[:alert]).to include _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
      end

      it 'successfully sends password reset when reCAPTCHA is solved' do
        Recaptcha.configuration.skip_verify_env << 'test'

        perform_request

        expect(response).to redirect_to(new_user_session_path)
        expect(flash[:notice]).to include 'If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.'
      end
    end
  end
end
Add some frozen string to spec/*/.rb Adds frozen string to the following: * spec/bin/*/.rb * spec/config/*/.rb * spec/controllers/*/.rb xref https://gitlab.com/gitlab-org/gitlab-ce/issues/59758 2019-04-15 06:17:05 -04:00			`# frozen_string_literal: true`

Fixes needed when GitLab sign-in is not enabled When sign-in is disabled: - skip password expiration checks - prevent password reset requests - don’t show Password tab in User Settings - don’t allow login with username/password for Git over HTTP requests - render 404 on requests to Profiles::PasswordsController 2017-06-27 14:02:09 -04:00			`require 'spec_helper'`

Add latest changes from gitlab-org/gitlab@master 2020-06-03 14:08:28 -04:00			`RSpec.describe PasswordsController do`
Add latest changes from gitlab-org/gitlab@master 2020-09-01 08:11:01 -04:00			`include DeviseHelpers`
Fixes needed when GitLab sign-in is not enabled When sign-in is disabled: - skip password expiration checks - prevent password reset requests - don’t show Password tab in User Settings - don’t allow login with username/password for Git over HTTP requests - render 404 on requests to Profiles::PasswordsController 2017-06-27 14:02:09 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-09-01 08:11:01 -04:00			`before do`
			`set_devise_mapping(context: @request)`
			`end`

			`describe '#check_password_authentication_available' do`
Allow password authentication to be disabled entirely 2017-11-23 08:16:14 -05:00			`context 'when password authentication is disabled for the web interface and Git' do`
			`it 'prevents a password reset' do`
			`stub_application_setting(password_authentication_enabled_for_web: false)`
			`stub_application_setting(password_authentication_enabled_for_git: false)`
Fixes needed when GitLab sign-in is not enabled When sign-in is disabled: - skip password expiration checks - prevent password reset requests - don’t show Password tab in User Settings - don’t allow login with username/password for Git over HTTP requests - render 404 on requests to Profiles::PasswordsController 2017-06-27 14:02:09 -04:00
			`post :create`

Add latest changes from gitlab-org/gitlab@master 2020-01-27 07:08:35 -05:00			`expect(response).to have_gitlab_http_status(:found)`
Add latest changes from gitlab-org/gitlab@master 2019-12-12 07:07:33 -05:00			`expect(flash[:alert]).to eq _('Password authentication is unavailable.')`
Fixes needed when GitLab sign-in is not enabled When sign-in is disabled: - skip password expiration checks - prevent password reset requests - don’t show Password tab in User Settings - don’t allow login with username/password for Git over HTTP requests - render 404 on requests to Profiles::PasswordsController 2017-06-27 14:02:09 -04:00			`end`
			`end`

			`context 'when reset email belongs to an ldap user' do`
			`let(:user) { create(:omniauth_user, provider: 'ldapmain', email: 'ldapuser@gitlab.com') }`

			`it 'prevents a password reset' do`
Update specs to rails5 format Updates specs to use new rails5 format. The old format: `get :show, { some: params }, { some: headers }` The new format: `get :show, params: { some: params }, headers: { some: headers }` 2018-12-17 17:52:17 -05:00			`post :create, params: { user: { email: user.email } }`
Fixes needed when GitLab sign-in is not enabled When sign-in is disabled: - skip password expiration checks - prevent password reset requests - don’t show Password tab in User Settings - don’t allow login with username/password for Git over HTTP requests - render 404 on requests to Profiles::PasswordsController 2017-06-27 14:02:09 -04:00
Add latest changes from gitlab-org/gitlab@master 2019-12-12 07:07:33 -05:00			`expect(flash[:alert]).to eq _('Password authentication is unavailable.')`
Fixes needed when GitLab sign-in is not enabled When sign-in is disabled: - skip password expiration checks - prevent password reset requests - don’t show Password tab in User Settings - don’t allow login with username/password for Git over HTTP requests - render 404 on requests to Profiles::PasswordsController 2017-06-27 14:02:09 -04:00			`end`
			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-09-01 08:11:01 -04:00
			`describe '#update' do`
			`render_views`

			`context 'updating the password' do`
			`subject do`
			`put :update, params: {`
			`user: {`
			`password: password,`
			`password_confirmation: password_confirmation,`
			`reset_password_token: reset_password_token`
			`}`
			`}`
			`end`

			`let(:password) { User.random_password }`
			`let(:password_confirmation) { password }`
			`let(:reset_password_token) { user.send_reset_password_instructions }`
			`let(:user) { create(:user, password_automatically_set: true, password_expires_at: 10.minutes.ago) }`

			`context 'password update is successful' do`
			`it 'updates the password-related flags' do`
			`subject`
			`user.reload`

			`expect(response).to redirect_to(new_user_session_path)`
			`expect(flash[:notice]).to include('password has been changed successfully')`
			`expect(user.password_automatically_set).to eq(false)`
			`expect(user.password_expires_at).to be_nil`
			`end`
			`end`

			`context 'password update is unsuccessful' do`
			`let(:password_confirmation) { 'not_the_same_as_password' }`

			`it 'does not update the password-related flags' do`
			`subject`
			`user.reload`

			`expect(response).to render_template(:edit)`
			`expect(response.body).to have_content("Password confirmation doesn't match Password")`
			`expect(user.password_automatically_set).to eq(true)`
			`expect(user.password_expires_at).not_to be_nil`
			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2021-06-07 11:09:56 -04:00
			`it 'sets the username and caller_id in the context' do`
			`expect(controller).to receive(:update).and_wrap_original do \|m, *args\|`
			`m.call(*args)`

			`expect(Gitlab::ApplicationContext.current)`
			`.to include('meta.user' => user.username,`
			`'meta.caller_id' => 'PasswordsController#update')`
			`end`

			`subject`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-09-01 08:11:01 -04:00			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2021-11-02 11:12:22 -04:00
			`describe '#create' do`
			`let(:user) { create(:user) }`

			`subject(:perform_request) { post(:create, params: { user: { email: user.email } }) }`

			`context 'when reCAPTCHA is disabled' do`
			`before do`
			`stub_application_setting(recaptcha_enabled: false)`
			`end`

			`it 'successfully sends password reset when reCAPTCHA is not solved' do`
			`perform_request`

			`expect(response).to redirect_to(new_user_session_path)`
			`expect(flash[:notice]).to include 'If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.'`
			`end`
			`end`

			`context 'when reCAPTCHA is enabled' do`
			`before do`
			`stub_application_setting(recaptcha_enabled: true)`
			`end`

			`it 'displays an error when the reCAPTCHA is not solved' do`
			`Recaptcha.configuration.skip_verify_env.delete('test')`

			`perform_request`

			`expect(response).to render_template(:new)`
Add latest changes from gitlab-org/gitlab@master 2022-03-03 07:14:02 -05:00			`expect(flash[:alert]).to include _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')`
Add latest changes from gitlab-org/gitlab@master 2021-11-02 11:12:22 -04:00			`end`

			`it 'successfully sends password reset when reCAPTCHA is solved' do`
			`Recaptcha.configuration.skip_verify_env << 'test'`

			`perform_request`

			`expect(response).to redirect_to(new_user_session_path)`
			`expect(flash[:notice]).to include 'If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.'`
			`end`
			`end`
			`end`
Fixes needed when GitLab sign-in is not enabled When sign-in is disabled: - skip password expiration checks - prevent password reset requests - don’t show Password tab in User Settings - don’t allow login with username/password for Git over HTTP requests - render 404 on requests to Profiles::PasswordsController 2017-06-27 14:02:09 -04:00			`end`