@ -2,7 +2,6 @@ require "rails_helper"
require_relative " ../../support/devise "
require_relative " ../../support/devise "
RSpec . describe Auth :: PasswordsController , type : :request do
RSpec . describe Auth :: PasswordsController , type : :request do
let ( :params ) { { user : { email : } } }
let ( :page ) { Capybara :: Node :: Simple . new ( response . body ) }
let ( :page ) { Capybara :: Node :: Simple . new ( response . body ) }
let ( :notify_client ) { instance_double ( Notifications :: Client ) }
let ( :notify_client ) { instance_double ( Notifications :: Client ) }
let ( :devise_notify_mailer ) { DeviseNotifyMailer . new }
let ( :devise_notify_mailer ) { DeviseNotifyMailer . new }
@ -13,60 +12,134 @@ RSpec.describe Auth::PasswordsController, type: :request do
allow ( notify_client ) . to receive ( :send_email ) . and_return ( true )
allow ( notify_client ) . to receive ( :send_email ) . and_return ( true )
end
end
context " when a password reset is requested for a valid email " do
context " when a regular user " do
let ( :user ) { FactoryBot . create ( :user ) }
let ( :params ) { { user : { email : } } }
let ( :email ) { user . email }
it " redirects to the email sent page " do
context " when a password reset is requested for a valid email " do
post " /users/password " , params : params
let ( :user ) { FactoryBot . create ( :user ) }
expect ( response ) . to have_http_status ( :redirect )
let ( :email ) { user . email }
follow_redirect!
expect ( response . body ) . to match ( / Check your email / )
it " redirects to the email sent page " do
post " /users/password " , params : params
expect ( response ) . to have_http_status ( :redirect )
follow_redirect!
expect ( response . body ) . to match ( / Check your email / )
end
end
end
end
context " when a password reset is requested with an email that doesn't exist in the system " do
context " when a password reset is requested with an email that doesn't exist in the system " do
before do
before do
allow ( Devise . navigational_formats ) . to receive ( :include? ) . and_return ( false )
allow ( Devise . navigational_formats ) . to receive ( :include? ) . and_return ( false )
end
let ( :email ) { " madeup_email@test.com " }
it " redirects to the email sent page anyway " do
post " /users/password " , params : params
expect ( response ) . to have_http_status ( :redirect )
follow_redirect!
expect ( response . body ) . to match ( / Check your email / )
end
end
end
let ( :email ) { " madeup_email@test.com " }
describe " # Update - reset password " do
let ( :user ) { FactoryBot . create ( :user ) }
let ( :token ) { user . send ( :set_reset_password_token ) }
let ( :updated_password ) { " updated_password_280 " }
let ( :update_password_params ) do
{
user :
{
reset_password_token : token ,
password : updated_password ,
password_confirmation : updated_password ,
} ,
}
end
let ( :message ) { " Your password has been changed successfully. You are now signed in " }
it " redirects to the email sent page anyway " do
it " changes the password " do
post " /users/password " , params : params
expect { put " /users/password " , params : update_password_params }
expect ( response ) . to have_http_status ( :redirect )
. to ( change { user . reload . encrypted_password } )
follow_redirect!
end
expect ( response . body ) . to match ( / Check your email / )
it " after password change, the user is signed in " do
put " /users/password " , params : update_password_params
# Devise redirects once after re-sign in with new password and then root redirects as well.
follow_redirect!
follow_redirect!
expect ( page ) . to have_css ( " div " , class : " govuk-notification-banner__heading " , text : message )
end
end
end
end
end
describe " # Update - reset password " do
context " when an admin user " do
let ( :user ) { FactoryBot . create ( :user ) }
let ( :admin_user ) { FactoryBot . create ( :admin_user ) }
let ( :token ) { user . send ( :set_reset_password_token ) }
let ( :updated_password ) { " updated_password_280 " }
describe " reset password " do
let ( :update_password_params ) do
let ( :new_value ) { " new-password " }
{
user :
before do
allow ( Sms ) . to receive ( :notify_client ) . and_return ( notify_client )
allow ( notify_client ) . to receive ( :send_sms ) . and_return ( true )
end
it " renders the user edit password view " do
_raw , enc = Devise . token_generator . generate ( AdminUser , :reset_password_token )
get " /admin/password/edit?reset_password_token= #{ enc } "
expect ( page ) . to have_css ( " h1 " , text : " Reset your password " )
end
context " when passwords entered don't match " do
let ( :raw ) { admin_user . send_reset_password_instructions }
let ( :params ) do
{
{
reset_password_token : token ,
id : admin_user . id ,
password : updated_password ,
admin_user : {
password_confirmation : updated_password ,
password : new_value ,
} ,
password_confirmation : " something_else " ,
}
reset_password_token : raw ,
end
} ,
let ( :message ) { " Your password has been changed successfully. You are now signed in " }
}
end
it " changes the password " do
it " shows an error " do
expect { put " /users/password " , params : update_password_params }
put " /admin/password " , headers : headers , params : params
. to ( change { user . reload . encrypted_password } )
expect ( response ) . to have_http_status ( :unprocessable_entity )
end
expect ( page ) . to have_content ( " doesn't match Password " )
end
end
context " when passwords is reset " do
let ( :raw ) { admin_user . send_reset_password_instructions }
let ( :params ) do
{
id : admin_user . id ,
admin_user : {
password : new_value ,
password_confirmation : new_value ,
reset_password_token : raw ,
} ,
}
end
it " updates the password " do
expect {
put " /admin/password " , headers : headers , params : params
admin_user . reload
} . to change ( admin_user , :encrypted_password )
end
it " sends you to the 2FA page " do
put " /admin/password " , headers : headers , params : params
expect ( response ) . to redirect_to ( " /admin/two-factor-authentication " )
end
it " after password change, the user is signed in " do
it " triggers an SMS " do
put " /users/password " , params : update_password_params
expect ( notify_client ) . to receive ( :send_sms )
# Devise redirects once after re-sign in with new password and then root redirects as well.
put " /admin/password " , headers : headers , params : params
follow_redirect!
end
follow_redirect!
end
expect ( page ) . to have_css ( " div " , class : " govuk-notification-banner__heading " , text : message )
end
end
end
end
end
end