Trigger SMS on admin password reset

app/controllers/auth/passwords_controller.rb

@@ -39,7 +39,12 @@ protected
 
   def after_resetting_password_path_for(resource)
     if Devise.sign_in_after_reset_password
-      resource_class == AdminUser ? admin_user_two_factor_authentication_path : after_sign_in_path_for(resource)
+      if resource_class == AdminUser
+        resource.send_new_otp
+        admin_user_two_factor_authentication_path
+      else
+        after_sign_in_path_for(resource)
+      end
     else
       new_session_path(resource_name)
     end

spec/request_helper.rb

@@ -7,6 +7,8 @@ module RequestHelper
       .to_return(status: 200, body: "{\"status\":404,\"error\":\"Postcode not found\"}", headers: {})
     WebMock.stub_request(:post, /api.notifications.service.gov.uk\/v2\/notifications\/email/)
       .to_return(status: 200, body: "", headers: {})
+    WebMock.stub_request(:post, /api.notifications.service.gov.uk\/v2\/notifications\/sms/)
+      .to_return(status: 200, body: "", headers: {})
   end
 
   def self.real_http_requests

spec/requests/auth/passwords_controller_spec.rb

@@ -78,6 +78,10 @@ RSpec.describe Auth::PasswordsController, type: :request do
 
     describe "reset password" do
       let(:new_value) { "new-password" }
+      before do
+        allow(Sms).to receive(:notify_client).and_return(notify_client)
+        allow(notify_client).to receive(:send_sms).and_return(true)
+      end
 
       it "renders the user edit password view" do
         _raw, enc = Devise.token_generator.generate(AdminUser, :reset_password_token)
@@ -129,6 +133,11 @@ RSpec.describe Auth::PasswordsController, type: :request do
           put "/admin/password", headers: headers, params: params
           expect(response).to redirect_to("/admin/two-factor-authentication")
         end
+
+        it "triggers an SMS" do
+          expect(notify_client).to receive(:send_sms)
+          put "/admin/password", headers: headers, params: params
+        end
       end
     end
   end