gitlab-org--gitlab-foss/spec/features/password_reset_spec.rb

require 'spec_helper'

describe 'Password reset' do
  describe 'throttling' do
    it 'sends reset instructions when not previously sent' do
      user = create(:user)
      forgot_password(user)

      expect(page).to have_content(I18n.t('devise.passwords.send_paranoid_instructions'))
      expect(current_path).to eq new_user_session_path
      expect(user.recently_sent_password_reset?).to be_truthy
    end

    it 'sends reset instructions when previously sent more than a minute ago' do
      user = create(:user)
      user.send_reset_password_instructions
      user.update_attribute(:reset_password_sent_at, 5.minutes.ago)

      expect { forgot_password(user) }.to change { user.reset_password_sent_at }
      expect(page).to have_content(I18n.t('devise.passwords.send_paranoid_instructions'))
      expect(current_path).to eq new_user_session_path
    end

    it 'throttles multiple resets in a short timespan' do
      user = create(:user)
      user.send_reset_password_instructions
      # Reload because PG handles datetime less precisely than Ruby/Rails
      user.reload

      expect { forgot_password(user) }.not_to change { user.reset_password_sent_at }
      expect(page).to have_content(I18n.t('devise.passwords.send_paranoid_instructions'))
      expect(current_path).to eq new_user_session_path
    end
  end

  describe 'Changing password while logged in' do
    it 'updates the password' do
      user = create(:user)
      token = user.send_reset_password_instructions

      sign_in(user)

      visit(edit_user_password_path(reset_password_token: token))

      fill_in 'New password', with: 'hello1234'
      fill_in 'Confirm new password', with: 'hello1234'

      click_button 'Change your password'

      expect(page).to have_content(I18n.t('devise.passwords.updated_not_active'))
      expect(current_path).to eq new_user_session_path
    end
  end

  def forgot_password(user)
    visit root_path
    click_on 'Forgot your password?'
    fill_in 'Email', with: user.email
    click_button 'Reset password'
    user.reload
  end
end
Handle password reset for users with 2FA enabled 2015-05-11 14:31:31 -04:00			`require 'spec_helper'`

Enable Capybara/FeatureMethods cop 2018-07-05 02:32:05 -04:00			`describe 'Password reset' do`
Only allow password reset emails once per minute Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2611 2015-09-30 15:38:21 -04:00			`describe 'throttling' do`
			`it 'sends reset instructions when not previously sent' do`
Use devise paranoid mode and ensure the same message is returned every time Skipped CI because it has already passed. Had to rebase due to CHANGELOG. 2015-12-09 12:45:26 -05:00			`user = create(:user)`
			`forgot_password(user)`
Only allow password reset emails once per minute Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2611 2015-09-30 15:38:21 -04:00
Use devise paranoid mode and ensure the same message is returned every time Skipped CI because it has already passed. Had to rebase due to CHANGELOG. 2015-12-09 12:45:26 -05:00			`expect(page).to have_content(I18n.t('devise.passwords.send_paranoid_instructions'))`
Only allow password reset emails once per minute Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2611 2015-09-30 15:38:21 -04:00			`expect(current_path).to eq new_user_session_path`
Use devise paranoid mode and ensure the same message is returned every time Skipped CI because it has already passed. Had to rebase due to CHANGELOG. 2015-12-09 12:45:26 -05:00			`expect(user.recently_sent_password_reset?).to be_truthy`
Only allow password reset emails once per minute Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2611 2015-09-30 15:38:21 -04:00			`end`
Handle password reset for users with 2FA enabled 2015-05-11 14:31:31 -04:00
Only allow password reset emails once per minute Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2611 2015-09-30 15:38:21 -04:00			`it 'sends reset instructions when previously sent more than a minute ago' do`
			`user = create(:user)`
			`user.send_reset_password_instructions`
			`user.update_attribute(:reset_password_sent_at, 5.minutes.ago)`

Enable the Layout/SpaceBeforeBlockBraces cop Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-08-09 05:52:22 -04:00			`expect { forgot_password(user) }.to change { user.reset_password_sent_at }`
Use devise paranoid mode and ensure the same message is returned every time Skipped CI because it has already passed. Had to rebase due to CHANGELOG. 2015-12-09 12:45:26 -05:00			`expect(page).to have_content(I18n.t('devise.passwords.send_paranoid_instructions'))`
Only allow password reset emails once per minute Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2611 2015-09-30 15:38:21 -04:00			`expect(current_path).to eq new_user_session_path`
			`end`

Use devise paranoid mode and ensure the same message is returned every time Skipped CI because it has already passed. Had to rebase due to CHANGELOG. 2015-12-09 12:45:26 -05:00			`it 'throttles multiple resets in a short timespan' do`
Only allow password reset emails once per minute Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2611 2015-09-30 15:38:21 -04:00			`user = create(:user)`
			`user.send_reset_password_instructions`
Use devise paranoid mode and ensure the same message is returned every time Skipped CI because it has already passed. Had to rebase due to CHANGELOG. 2015-12-09 12:45:26 -05:00			`# Reload because PG handles datetime less precisely than Ruby/Rails`
			`user.reload`
Only allow password reset emails once per minute Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2611 2015-09-30 15:38:21 -04:00
Enable the Layout/SpaceBeforeBlockBraces cop Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-08-09 05:52:22 -04:00			`expect { forgot_password(user) }.not_to change { user.reset_password_sent_at }`
Use devise paranoid mode and ensure the same message is returned every time Skipped CI because it has already passed. Had to rebase due to CHANGELOG. 2015-12-09 12:45:26 -05:00			`expect(page).to have_content(I18n.t('devise.passwords.send_paranoid_instructions'))`
			`expect(current_path).to eq new_user_session_path`
Only allow password reset emails once per minute Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2611 2015-09-30 15:38:21 -04:00			`end`
			`end`

Allow logged in user to change his password Users were unable to change their password through the "Reset password" link that was sent to their email if they were logged in. This is due to a default controller filter from Devise that requires the user to not be logged in in order to use this link. 2017-12-31 00:08:15 -05:00			`describe 'Changing password while logged in' do`
			`it 'updates the password' do`
			`user = create(:user)`
			`token = user.send_reset_password_instructions`

			`sign_in(user)`

			`visit(edit_user_password_path(reset_password_token: token))`

			`fill_in 'New password', with: 'hello1234'`
			`fill_in 'Confirm new password', with: 'hello1234'`

			`click_button 'Change your password'`

			`expect(page).to have_content(I18n.t('devise.passwords.updated_not_active'))`
			`expect(current_path).to eq new_user_session_path`
			`end`
			`end`

Only allow password reset emails once per minute Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2611 2015-09-30 15:38:21 -04:00			`def forgot_password(user)`
Use devise paranoid mode and ensure the same message is returned every time Skipped CI because it has already passed. Had to rebase due to CHANGELOG. 2015-12-09 12:45:26 -05:00			`visit root_path`
Take advantage of `Devise.sign_in_after_reset_password` 2015-09-30 14:35:00 -04:00			`click_on 'Forgot your password?'`
			`fill_in 'Email', with: user.email`
			`click_button 'Reset password'`
			`user.reload`
			`end`
Handle password reset for users with 2FA enabled 2015-05-11 14:31:31 -04:00			`end`