password_reset_spec.rb 2.02 KB
Newer Older
1 2
require 'spec_helper'

3
feature 'Password reset' do
4 5
  describe 'throttling' do
    it 'sends reset instructions when not previously sent' do
6 7
      user = create(:user)
      forgot_password(user)
8

9
      expect(page).to have_content(I18n.t('devise.passwords.send_paranoid_instructions'))
10
      expect(current_path).to eq new_user_session_path
11
      expect(user.recently_sent_password_reset?).to be_truthy
12
    end
13

14 15 16 17 18
    it 'sends reset instructions when previously sent more than a minute ago' do
      user = create(:user)
      user.send_reset_password_instructions
      user.update_attribute(:reset_password_sent_at, 5.minutes.ago)

19
      expect { forgot_password(user) }.to change { user.reset_password_sent_at }
20
      expect(page).to have_content(I18n.t('devise.passwords.send_paranoid_instructions'))
21 22 23
      expect(current_path).to eq new_user_session_path
    end

24
    it 'throttles multiple resets in a short timespan' do
25 26
      user = create(:user)
      user.send_reset_password_instructions
27 28
      # Reload because PG handles datetime less precisely than Ruby/Rails
      user.reload
29

30
      expect { forgot_password(user) }.not_to change { user.reset_password_sent_at }
31 32
      expect(page).to have_content(I18n.t('devise.passwords.send_paranoid_instructions'))
      expect(current_path).to eq new_user_session_path
33 34 35
    end
  end

36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54
  describe 'Changing password while logged in' do
    it 'updates the password' do
      user = create(:user)
      token = user.send_reset_password_instructions

      sign_in(user)

      visit(edit_user_password_path(reset_password_token: token))

      fill_in 'New password', with: 'hello1234'
      fill_in 'Confirm new password', with: 'hello1234'

      click_button 'Change your password'

      expect(page).to have_content(I18n.t('devise.passwords.updated_not_active'))
      expect(current_path).to eq new_user_session_path
    end
  end

55
  def forgot_password(user)
56
    visit root_path
57 58 59 60 61
    click_on 'Forgot your password?'
    fill_in 'Email', with: user.email
    click_button 'Reset password'
    user.reload
  end
62
end