Actually work

3 years ago · ecd9740cce
3 changed files with 14 additions and 12 deletions
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@ -35,7 +35,7 @@
        row.key { 'Password' }
        row.value { '••••••••' }
        if current_user == @user
-          row.action(visually_hidden_text: 'password', href: password_edit_account_path, html_attributes: { 'data-qa': 'change-password' })
+          row.action(visually_hidden_text: 'password', href: edit_password_account_path, html_attributes: { 'data-qa': 'change-password' })
        else
          row.action()
        end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -22,10 +22,6 @@ Rails.application.routes.draw do
    get "admin/two-factor-authentication/resend", to: "auth/two_factor_authentication#show_resend"
  end

-  resource :account, only: %i[show edit], controller: "users" do
-    get "password/edit", to: "users#edit_password"
-  end
-
  devise_for :users, {
    path: :account,
    controllers: {
@ -40,6 +36,7 @@ Rails.application.routes.draw do

  devise_scope :user do
    get "account/password/reset-confirmation", to: "auth/passwords#reset_confirmation"
+    put "account", to: "users#update"
  end

  get "/health", to: ->(_) { [204, {}, [nil]] }
@ -52,6 +49,10 @@ Rails.application.routes.draw do
  get "/privacy-notice", to: "content#privacy_notice"
  get "/data-sharing-agreement", to: "content#data_sharing_agreement"

+  resource :account, only: %i[show edit], controller: "users" do
+    get "edit/password", to: "users#edit_password"
+  end
+
  resources :users

  resources :organisations do
--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@ -34,7 +34,7 @@ RSpec.describe UsersController, type: :request do

    describe "#password" do
      it "does not let you edit user passwords" do
-        get "/users/#{user.id}/password/edit", headers: headers, params: {}
+        get "/account/edit/password", headers: headers, params: {}
        expect(response).to redirect_to("/account/sign-in")
      end
    end
@ -63,7 +63,7 @@ RSpec.describe UsersController, type: :request do

          before do
            sign_in user
-            put "/users/#{user.id}", headers: headers, params: params
+            put "/account", headers: headers, params: params
          end

          it "shows an error if passwords don't match" do
@ -204,7 +204,7 @@ RSpec.describe UsersController, type: :request do
      context "when the current user matches the user ID" do
        before do
          sign_in user
-          get "/users/#{user.id}/password/edit", headers: headers, params: {}
+          get "/account/edit/password", headers: headers, params: {}
        end

        it "shows the edit password page" do
@ -453,7 +453,7 @@ RSpec.describe UsersController, type: :request do
      context "when the current user matches the user ID" do
        before do
          sign_in user
-          get "/users/#{user.id}/password/edit", headers: headers, params: {}
+          get "/account/edit/password", headers: headers, params: {}
        end

        it "shows the edit password page" do
@ -468,11 +468,12 @@ RSpec.describe UsersController, type: :request do
      context "when the current user does not matches the user ID" do
        before do
          sign_in user
-          get "/users/#{other_user.id}/password/edit", headers: headers, params: {}
        end

-        it "returns not found 404" do
-          expect(response).to have_http_status(:not_found)
+        it "there is no route" do
+          expect {
+            get "/users/#{other_user.id}/password/edit", headers: headers, params: {}
+          }.to raise_error(ActionController::RoutingError)
        end
      end
    end