Submit social housing lettings and sales data (CORE)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

220 lines
7.3 KiB

require "rails_helper"
require_relative "../../support/devise"
RSpec.describe Auth::PasswordsController, type: :request do
let(:page) { Capybara::Node::Simple.new(response.body) }
let(:notify_client) { instance_double(Notifications::Client) }
let(:devise_notify_mailer) { DeviseNotifyMailer.new }
before do
allow(DeviseNotifyMailer).to receive(:new).and_return(devise_notify_mailer)
allow(devise_notify_mailer).to receive(:notify_client).and_return(notify_client)
allow(notify_client).to receive(:send_email).and_return(true)
end
context "when a regular user" do
let(:params) { { user: { email: } } }
context "when a password reset is requested for a valid email" do
let(:user) { FactoryBot.create(:user) }
let(:email) { user.email }
it "redirects to the email sent page" do
post "/account/password", params: params
expect(response).to have_http_status(:redirect)
follow_redirect!
expect(response.body).to match(/Check your email/)
end
end
context "when a password reset is requested with an email that doesn't exist in the system" do
before do
allow(Devise.navigational_formats).to receive(:include?).and_return(false)
end
let(:email) { "madeup_email@test.com" }
it "redirects to the email sent page anyway" do
post "/account/password", params: params
expect(response).to have_http_status(:redirect)
follow_redirect!
expect(response.body).to match(/Check your email/)
end
3 years ago
end
describe "#Update - reset password" do
let(:user) { FactoryBot.create(:user) }
let(:token) { user.send(:set_reset_password_token) }
let(:updated_password) { "updated_password_280" }
let(:update_password_params) do
{
user:
{
reset_password_token: token,
password: updated_password,
password_confirmation: updated_password,
},
}
end
let(:message) { I18n.t("devise.passwords.updated") }
it "changes the password" do
expect { put "/account/password", params: update_password_params }
.to(change { user.reload.encrypted_password })
end
it "after password change, the user is signed in" do
put "/account/password", params: update_password_params
# Devise redirects once after re-sign in with new password and then root redirects as well.
follow_redirect!
follow_redirect!
expect(page).to have_css("div", class: "govuk-notification-banner__heading", text: message)
end
end
end
context "when an admin user" do
let(:admin_user) { FactoryBot.create(:admin_user) }
describe "reset password" do
let(:new_value) { "new-password" }
before do
allow(DeviseNotifyMailer).to receive(:notify_client).and_return(notify_client)
allow(notify_client).to receive(:send_email).and_return(true)
end
it "renders the user edit password view" do
_raw, enc = Devise.token_generator.generate(AdminUser, :reset_password_token)
get "/admin/password/edit?reset_password_token=#{enc}"
expect(page).to have_css("h1", text: "Reset your password")
end
context "when passwords entered don't match" do
let(:raw) { admin_user.send_reset_password_instructions }
let(:params) do
{
id: admin_user.id,
admin_user: {
password: new_value,
password_confirmation: "something_else",
reset_password_token: raw,
},
}
end
it "shows an error" do
put "/admin/password", headers: headers, params: params
expect(response).to have_http_status(:unprocessable_entity)
expect(page).to have_content("doesn't match Password")
end
end
context "when passwords is reset" do
let(:raw) { admin_user.send_reset_password_instructions }
let(:params) do
{
id: admin_user.id,
admin_user: {
password: new_value,
password_confirmation: new_value,
reset_password_token: raw,
},
}
end
it "updates the password" do
expect {
put "/admin/password", headers: headers, params: params
admin_user.reload
}.to change(admin_user, :encrypted_password)
end
it "sends you to the 2FA page and does not allow bypassing 2FA code" do
put "/admin/password", headers: headers, params: params
expect(response).to redirect_to("/admin/two-factor-authentication")
get "/admin/case_logs", headers: headers
expect(response).to redirect_to("/admin/two-factor-authentication")
end
it "triggers an email" do
expect(notify_client).to receive(:send_email)
put "/admin/password", headers: headers, params: params
end
end
end
end
context "when a customer support user" do
let(:support_user) { FactoryBot.create(:user, :support) }
describe "reset password" do
let(:new_value) { "new-password" }
before do
allow(DeviseNotifyMailer).to receive(:notify_client).and_return(notify_client)
allow(notify_client).to receive(:send_email).and_return(true)
end
it "renders the user edit password view" do
_raw, enc = Devise.token_generator.generate(User, :reset_password_token)
get "/account/password/edit?reset_password_token=#{enc}"
expect(page).to have_css("h1", text: "Reset your password")
end
context "when passwords entered don't match" do
let(:raw) { support_user.send_reset_password_instructions }
let(:params) do
{
id: support_user.id,
user: {
password: new_value,
password_confirmation: "something_else",
reset_password_token: raw,
},
}
end
it "shows an error" do
put "/account/password", headers: headers, params: params
expect(response).to have_http_status(:unprocessable_entity)
expect(page).to have_content("doesn't match Password")
end
end
context "when passwords is reset" do
let(:raw) { support_user.send_reset_password_instructions }
let(:params) do
{
id: support_user.id,
user: {
password: new_value,
password_confirmation: new_value,
reset_password_token: raw,
},
}
end
it "updates the password" do
expect {
put "/account/password", headers: headers, params: params
support_user.reload
}.to change(support_user, :encrypted_password)
end
it "sends you to the 2FA page and does not allow bypassing 2FA code" do
put "/account/password", headers: headers, params: params
expect(response).to redirect_to("/account/two-factor-authentication")
get "/logs", headers: headers
expect(response).to redirect_to("/account/two-factor-authentication")
end
it "triggers an email" do
expect(notify_client).to receive(:send_email)
put "/account/password", headers: headers, params: params
end
end
end
end
end