diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb index 899d4b2d3..6f1335293 100644 --- a/config/initializers/rack_attack.rb +++ b/config/initializers/rack_attack.rb @@ -9,7 +9,7 @@ else end Rack::Attack.throttle("password reset requests", limit: 5, period: 60.seconds) do |request| - if request.params["user"].present? && request.path == "/users/password" && request.post? + if request.params["user"].present? && request.path == "/account/password" && request.post? request.params["user"]["email"].to_s.downcase.gsub(/\s+/, "") end end diff --git a/spec/features/auth/user_lockout_spec.rb b/spec/features/auth/user_lockout_spec.rb index 871dee26a..64656756d 100644 --- a/spec/features/auth/user_lockout_spec.rb +++ b/spec/features/auth/user_lockout_spec.rb @@ -9,7 +9,7 @@ RSpec.describe "User Lockout" do context "when login-in with the wrong user password up to a maximum number of attempts" do before do - visit("/users/sign-in") + visit("/account/sign-in") max_login_attempts.times do fill_in("user[email]", with: user.email) fill_in("user[password]", with: "wrong_password") @@ -18,7 +18,7 @@ RSpec.describe "User Lockout" do end it "locks the user account" do - visit("/users/sign-in") + visit("/account/sign-in") fill_in("user[email]", with: user.email) fill_in("user[password]", with: user.password) click_button("Sign in") diff --git a/spec/features/organisation_spec.rb b/spec/features/organisation_spec.rb index 04c602c9a..5129d2588 100644 --- a/spec/features/organisation_spec.rb +++ b/spec/features/organisation_spec.rb @@ -55,7 +55,7 @@ RSpec.describe "User Features" do name: "New User", email: "new_user@example.com", organisation: organisation.name, - link: "http://localhost:3000/users/password/edit?reset_password_token=#{reset_password_token}", + link: "http://localhost:3000/account/password/edit?reset_password_token=#{reset_password_token}", }, }, ) diff --git a/spec/features/start_page_spec.rb b/spec/features/start_page_spec.rb index d703a8439..625c4130b 100644 --- a/spec/features/start_page_spec.rb +++ b/spec/features/start_page_spec.rb @@ -20,7 +20,7 @@ RSpec.describe "Start Page Features" do it "takes you to sign in and then to logs" do visit("/") click_link("Start now") - expect(page).to have_current_path("/users/sign-in?start=true") + expect(page).to have_current_path("/account/sign-in?start=true") fill_in("user[email]", with: user.email) fill_in("user[password]", with: user.password) click_button("Sign in") diff --git a/spec/features/user_spec.rb b/spec/features/user_spec.rb index bb08854db..5f68bcc62 100644 --- a/spec/features/user_spec.rb +++ b/spec/features/user_spec.rb @@ -17,7 +17,7 @@ RSpec.describe "User Features" do context "when the user navigates to case logs" do it " is required to log in" do visit("/logs") - expect(page).to have_current_path("/users/sign-in") + expect(page).to have_current_path("/account/sign-in") expect(page).to have_content("Sign in to your account to submit CORE data") end @@ -59,11 +59,11 @@ RSpec.describe "User Features" do it " is redirected to the reset password page when they click the reset password link" do visit("/logs") click_link("reset your password") - expect(page).to have_current_path("/users/password/new") + expect(page).to have_current_path("/account/password/new") end it " is shown an error message if they submit without entering an email address" do - visit("/users/password/new") + visit("/account/password/new") click_button("Send email") expect(page).to have_selector("#error-summary-title") expect(page).to have_selector("#user-email-field-error") @@ -71,7 +71,7 @@ RSpec.describe "User Features" do end it " is shown an error message if they submit an invalid email address" do - visit("/users/password/new") + visit("/account/password/new") fill_in("user[email]", with: "thisisn'tanemail") click_button("Send email") expect(page).to have_selector("#error-summary-title") @@ -80,24 +80,24 @@ RSpec.describe "User Features" do end it " is redirected to check your email page after submitting an email on the reset password page" do - visit("/users/password/new") + visit("/account/password/new") fill_in("user[email]", with: user.email) click_button("Send email") expect(page).to have_content("Check your email") end it " is shown their email on the password reset confirmation page" do - visit("/users/password/new") + visit("/account/password/new") fill_in("user[email]", with: user.email) click_button("Send email") expect(page).to have_content(user.email) end it " is shown the reset password confirmation page even if their email doesn't exist in the system" do - visit("/users/password/new") + visit("/account/password/new") fill_in("user[email]", with: "idontexist@example.com") click_button("Send email") - expect(page).to have_current_path("/confirmations/reset?email=idontexist%40example.com") + expect(page).to have_current_path("/account/password/reset-confirmation?email=idontexist%40example.com") end it " is sent a reset password email via Notify" do @@ -109,11 +109,11 @@ RSpec.describe "User Features" do name: user.name, email: user.email, organisation: user.organisation.name, - link: "http://localhost:3000/users/password/edit?reset_password_token=#{reset_password_token}", + link: "http://localhost:3000/account/password/edit?reset_password_token=#{reset_password_token}", }, }, ) - visit("/users/password/new") + visit("/account/password/new") fill_in("user[email]", with: user.email) click_button("Send email") end diff --git a/spec/requests/auth/passwords_controller_spec.rb b/spec/requests/auth/passwords_controller_spec.rb index 4dd4dccdd..0243f75e2 100644 --- a/spec/requests/auth/passwords_controller_spec.rb +++ b/spec/requests/auth/passwords_controller_spec.rb @@ -20,7 +20,7 @@ RSpec.describe Auth::PasswordsController, type: :request do let(:email) { user.email } it "redirects to the email sent page" do - post "/users/password", params: params + post "/account/password", params: params expect(response).to have_http_status(:redirect) follow_redirect! expect(response.body).to match(/Check your email/) @@ -35,7 +35,7 @@ RSpec.describe Auth::PasswordsController, type: :request do let(:email) { "madeup_email@test.com" } it "redirects to the email sent page anyway" do - post "/users/password", params: params + post "/account/password", params: params expect(response).to have_http_status(:redirect) follow_redirect! expect(response.body).to match(/Check your email/) @@ -59,12 +59,12 @@ RSpec.describe Auth::PasswordsController, type: :request do let(:message) { "Your password has been changed successfully. You are now signed in" } it "changes the password" do - expect { put "/users/password", params: update_password_params } + expect { put "/account/password", params: update_password_params } .to(change { user.reload.encrypted_password }) end it "after password change, the user is signed in" do - put "/users/password", params: update_password_params + put "/account/password", params: update_password_params # Devise redirects once after re-sign in with new password and then root redirects as well. follow_redirect! follow_redirect! diff --git a/spec/requests/bulk_upload_controller_spec.rb b/spec/requests/bulk_upload_controller_spec.rb index 2ea3c450d..4e10ef797 100644 --- a/spec/requests/bulk_upload_controller_spec.rb +++ b/spec/requests/bulk_upload_controller_spec.rb @@ -17,7 +17,7 @@ RSpec.describe BulkUploadController, type: :request do before { get url, headers: headers, params: {} } it "does not let you see the bulk upload page" do - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end @@ -25,7 +25,7 @@ RSpec.describe BulkUploadController, type: :request do before { post url, params: { bulk_upload: { case_log_bulk_upload: valid_file } } } it "does not let you submit bulk uploads" do - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end end diff --git a/spec/requests/case_logs_controller_spec.rb b/spec/requests/case_logs_controller_spec.rb index 4c396aaa7..ea58cbd28 100644 --- a/spec/requests/case_logs_controller_spec.rb +++ b/spec/requests/case_logs_controller_spec.rb @@ -200,7 +200,7 @@ RSpec.describe CaseLogsController, type: :request do context "with a user that is not signed in" do it "does not let the user get case log tasklist pages they don't have access to" do get "/logs/#{case_log.id}", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end diff --git a/spec/requests/form_controller_spec.rb b/spec/requests/form_controller_spec.rb index bed33d616..1fc4ceb12 100644 --- a/spec/requests/form_controller_spec.rb +++ b/spec/requests/form_controller_spec.rb @@ -24,19 +24,19 @@ RSpec.describe FormController, type: :request do describe "GET" do it "does not let you get case logs pages you don't have access to" do get "/logs/#{case_log.id}/person-1-age", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end it "does not let you get case log check answer pages you don't have access to" do get "/logs/#{case_log.id}/household-characteristics/check-answers", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end describe "POST" do it "does not let you post form answers to case logs you don't have access to" do post "/logs/#{case_log.id}/form", params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end end diff --git a/spec/requests/organisations_controller_spec.rb b/spec/requests/organisations_controller_spec.rb index b92c8da53..5c077b3a7 100644 --- a/spec/requests/organisations_controller_spec.rb +++ b/spec/requests/organisations_controller_spec.rb @@ -13,17 +13,17 @@ RSpec.describe OrganisationsController, type: :request do describe "#show" do it "does not let you see organisation details from org route" do get "/organisations/#{organisation.id}", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end it "does not let you see organisation details from details route" do get "/organisations/#{organisation.id}/details", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end it "does not let you see organisation users" do get "/organisations/#{organisation.id}/users", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end end diff --git a/spec/requests/rack_attack_spec.rb b/spec/requests/rack_attack_spec.rb index a265261ab..b030feb14 100644 --- a/spec/requests/rack_attack_spec.rb +++ b/spec/requests/rack_attack_spec.rb @@ -31,7 +31,7 @@ describe "Rack::Attack" do context "when the number of requests is under the throttle limit" do it "does not throttle" do under_limit.times do - post "/users/password", params: params + post "/account/password", params: params follow_redirect! end last_response = response @@ -42,7 +42,7 @@ describe "Rack::Attack" do context "when the number of requests is at the throttle limit" do it "does not throttle" do limit.times do - post "/users/password", params: params + post "/account/password", params: params follow_redirect! end last_response = response @@ -53,7 +53,7 @@ describe "Rack::Attack" do context "when the number of requests is over the throttle limit" do it "throttles" do over_limit.times do - post "/users/password", params: params + post "/account/password", params: params follow_redirect! end last_response = response diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb index 674607179..fb4623e28 100644 --- a/spec/requests/users_controller_spec.rb +++ b/spec/requests/users_controller_spec.rb @@ -20,35 +20,35 @@ RSpec.describe UsersController, type: :request do describe "#show" do it "does not let you see user details" do get "/users/#{user.id}", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end describe "#edit" do it "does not let you edit user details" do get "/users/#{user.id}/edit", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end describe "#password" do it "does not let you edit user passwords" do get "/users/#{user.id}/password/edit", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end describe "#patch" do it "does not let you update user details" do patch "/logs/#{user.id}", params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end describe "reset password" do it "renders the user edit password view" do _raw, enc = Devise.token_generator.generate(User, :reset_password_token) - get "/users/password/edit?reset_password_token=#{enc}" + get "/account/password/edit?reset_password_token=#{enc}" expect(page).to have_css("h1", class: "govuk-heading-l", text: "Reset your password") end @@ -88,7 +88,7 @@ RSpec.describe UsersController, type: :request do before do allow(User).to receive(:find_or_initialize_with_error_by).and_return(user) allow(user).to receive(:reset_password_sent_at).and_return(4.hours.ago) - put "/users/password", headers: headers, params: params + put "/account/password", headers: headers, params: params end it "shows an error" do