Add email validation to reset password form

4 years ago · bd1058234b
5 changed files with 36 additions and 9 deletions
--- a/app/controllers/helpers/email.rb
+++ b/app/controllers/helpers/email.rb
@ -0,0 +1,5 @@
+module Helpers::Email
+  def email_valid?(email)
+    email =~ URI::MailTo::EMAIL_REGEXP
+  end
+end
--- a/app/controllers/users/passwords_controller.rb
+++ b/app/controllers/users/passwords_controller.rb
@ -1,8 +1,19 @@
 class Users::PasswordsController < Devise::PasswordsController
+  include Helpers::Email
+
  def reset_confirmation
+    self.resource = resource_class.new
    @email = params["email"]
-    flash[:notice] = "Reset password instructions have been sent to #{@email}"
-    render "devise/confirmations/reset"
+    if @email.empty?
+      resource.errors.add :email, "Enter an email address"
+      render "devise/passwords/new", status: :unprocessable_entity
+    elsif !email_valid?(@email)
+      resource.errors.add :email, "Enter an email address in the correct format, like name@example.com"
+      render "devise/passwords/new", status: :unprocessable_entity
+    else
+      flash[:notice] = "Reset password instructions have been sent to #{@email}"
+      render "devise/confirmations/reset"
+    end
  end

  def create
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@ -1,4 +1,6 @@
 class Users::SessionsController < Devise::SessionsController
+  include Helpers::Email
+
  def create
    self.resource = resource_class.new
    if params.dig("user", "email").empty?
@ -15,10 +17,4 @@ class Users::SessionsController < Devise::SessionsController
      super
    end
  end
-
-private
-
-  def email_valid?(email)
-    email =~ URI::MailTo::EMAIL_REGEXP
-  end
 end
--- a/app/views/devise/passwords/new.html.erb
+++ b/app/views/devise/passwords/new.html.erb
@ -9,7 +9,7 @@
  <div class="govuk-grid-row">
    <div class="govuk-grid-column-two-thirds">
      <h1 class="govuk-heading-l">Reset password</h1>
-      <%= render "devise/shared/error_messages", resource: resource %>
+      <%= f.govuk_error_summary %>

      <p class="govuk-body">Enter the email address you used to create your account.</p>
      <p class="govuk-body">We’ll email you a link to reset your password. This link will expire in 3 hours.</p>
--- a/spec/features/user_spec.rb
+++ b/spec/features/user_spec.rb
@ -29,6 +29,21 @@ RSpec.describe "User Features" do
      expect(page).to have_current_path("/users/password/new")
    end

+    it " is shown an error message if they submit without entering an email address" do
+      visit("/users/password/new")
+      click_button("Send email")
+      expect(page).to have_selector("#error-summary-title")
+      expect(page).to have_selector("#user-email-field-error")
+    end
+
+    it " is shown an error message if they submit an invalid email address" do
+      visit("/users/password/new")
+      fill_in("user[email]", with: "thisisn'tanemail")
+      click_button("Send email")
+      expect(page).to have_selector("#error-summary-title")
+      expect(page).to have_selector("#user-email-field-error")
+    end
+
    it " is redirected to check your email page after submitting an email on the reset password page" do
      visit("/users/password/new")
      fill_in("user[email]", with: user.email)