Browse Source

Fix password reset flow (#157)

* Render gov uk reset view

* Pass password reset token

* Test password update and sign in

* The cop is working
pull/158/head
baarkerlounger 3 years ago committed by GitHub
parent
commit
5842f7aed7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 5
      app/controllers/auth/passwords_controller.rb
  2. 31
      app/views/users/reset_password.html.erb
  3. 31
      spec/requests/auth/passwords_controller_spec.rb
  4. 8
      spec/requests/user_controller_spec.rb

5
app/controllers/auth/passwords_controller.rb

@ -23,6 +23,11 @@ class Auth::PasswordsController < Devise::PasswordsController
respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name))
end
def edit
super
render "users/reset_password"
end
protected
def after_sending_reset_password_instructions_path_for(_resource)

31
app/views/users/reset_password.html.erb

@ -0,0 +1,31 @@
<% content_for :title, "Reset your password" %>
<% content_for :before_content do %>
<%= govuk_back_link(
text: 'Back',
href: :back,
) %>
<% end %>
<%= form_for(@user, as: :user, url: password_path(User), html: { method: :put }) do |f| %>
<%= f.hidden_field :reset_password_token %>
<div class="govuk-grid-row">
<div class="govuk-grid-column-two-thirds">
<h1 class="govuk-heading-l">
<%= content_for(:title) %>
</h1>
<%= f.govuk_password_field :password,
label: { text: "New password" },
hint: @minimum_password_length ? { text: "Your password must be at least #{@minimum_password_length} characters and hard to guess." } : nil,
autocomplete: "new-password"
%>
<%= f.govuk_password_field :password_confirmation,
label: { text: "Confirm new password" }
%>
<%= f.govuk_submit "Update" %>
</div>
</div>
<% end %>

31
spec/requests/auth/passwords_controller_spec.rb

@ -3,12 +3,13 @@ require_relative "../../support/devise"
RSpec.describe Auth::PasswordsController, type: :request do
let(:params) { { user: { email: email } } }
let(:page) { Capybara::Node::Simple.new(response.body) }
context "when a password reset is requested for a valid email" do
let(:user) { FactoryBot.create(:user) }
let(:email) { user.email }
it "redirects to the email sent page anyway" do
it "redirects to the email sent page" do
post "/users/password", params: params
expect(response).to have_http_status(:redirect)
follow_redirect!
@ -43,4 +44,32 @@ RSpec.describe Auth::PasswordsController, type: :request do
expect(email_content).to match(email)
end
end
context "#Update - reset password" do
let(:user) { FactoryBot.create(:user) }
let(:token) { user.send(:set_reset_password_token) }
let(:updated_password) { "updated_password_280" }
let(:update_password_params) do
{
user:
{
reset_password_token: token,
password: updated_password,
password_confirmation: updated_password,
},
}
end
let(:message) { "Your password has been changed successfully. You are now signed in" }
it "changes the password" do
expect { put "/users/password", params: update_password_params }
.to(change { user.reload.encrypted_password })
end
it "signs in" do
put "/users/password", params: update_password_params
follow_redirect!
expect(page).to have_css("div", class: "govuk-notification-banner__heading", text: message)
end
end
end

8
spec/requests/user_controller_spec.rb

@ -37,6 +37,14 @@ RSpec.describe UsersController, type: :request do
expect(response).to redirect_to("/users/sign-in")
end
end
describe "reset password" do
it "renders the user edit password view" do
_raw, enc = Devise.token_generator.generate(User, :reset_password_token)
get "/users/password/edit?reset_password_token=#{enc}"
expect(page).to have_css("h1", class: "govuk-heading-l", text: "Reset your password")
end
end
end
describe "#show" do

Loading…
Cancel
Save