Browse Source

add test around protecting emails

pull/81/head
MadeTech Dushan 3 years ago
parent
commit
72b8864cdc
  1. 7
      app/controllers/users/passwords_controller.rb
  2. 7
      spec/features/user_spec.rb

7
app/controllers/users/passwords_controller.rb

@ -5,6 +5,13 @@ class Users::PasswordsController < Devise::PasswordsController
render "devise/confirmations/reset"
end
def create
self.resource = resource_class.send_reset_password_instructions(resource_params)
yield resource if block_given?
respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name))
end
protected
def after_sending_reset_password_instructions_path_for(resource)

7
spec/features/user_spec.rb

@ -36,5 +36,12 @@ RSpec.describe "User Features" do
click_button("Send email")
expect(page).to have_content("test@example.com")
end
it " is shown the reset password confirmation page even if their email doesn't exist in the system" do
visit("/users/password/new")
fill_in("user_email", with: "idontexist@example.com")
click_button("Send email")
expect(page).to have_current_path("/confirmations/reset?email=idontexist%40example.com")
end
end
end

Loading…
Cancel
Save