| @@ -63,11 +63,17 class AccountController < ApplicationController | |||
|
|
63 | 63 | return |
|
|
64 | 64 | else |
|
|
65 | 65 | if request.post? |
|
|
66 | user = User.find_by_mail(params[:mail]) | |
|
|
67 |
# user not found |
|
|
|
68 | (flash.now[:error] = l(:notice_account_unknown_email); return) unless user | |
|
|
69 | # user uses an external authentification | |
|
|
70 | (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id | |
|
|
66 | user = User.find_by_mail(params[:mail].to_s) | |
|
|
67 | # user not found or not active | |
|
|
68 | unless user && user.active? | |
|
|
69 | flash.now[:error] = l(:notice_account_unknown_email) | |
|
|
70 | return | |
|
|
71 | end | |
|
|
72 | # user cannot change its password | |
|
|
73 | unless user.change_password_allowed? | |
|
|
74 | flash.now[:error] = l(:notice_can_t_change_password) | |
|
|
75 | return | |
|
|
76 | end | |
|
|
71 | 77 | # create a new token for password recovery |
|
|
72 | 78 | token = Token.new(:user => user, :action => "recovery") |
|
|
73 | 79 | if token.save |
| @@ -141,4 +141,45 class AccountControllerTest < ActionController::TestCase | |||
|
|
141 | 141 | end |
|
|
142 | 142 | end |
|
|
143 | 143 | end |
|
|
144 | ||
|
|
145 | def test_get_lost_password_should_display_lost_password_form | |
|
|
146 | get :lost_password | |
|
|
147 | assert_response :success | |
|
|
148 | assert_select 'input[name=mail]' | |
|
|
149 | end | |
|
|
150 | ||
|
|
151 | def test_lost_password_for_active_user_should_create_a_token | |
|
|
152 | assert_difference 'ActionMailer::Base.deliveries.size' do | |
|
|
153 | assert_difference 'Token.count' do | |
|
|
154 | with_settings :host_name => 'mydomain.foo', :protocol => 'http' do | |
|
|
155 | post :lost_password, :mail => 'JSmith@somenet.foo' | |
|
|
156 | assert_redirected_to '/login' | |
|
|
157 | end | |
|
|
158 | end | |
|
|
159 | end | |
|
|
160 | ||
|
|
161 | token = Token.order('id DESC').first | |
|
|
162 | assert_equal User.find(2), token.user | |
|
|
163 | assert_equal 'recovery', token.action | |
|
|
164 | ||
|
|
165 | assert_select_email do | |
|
|
166 | assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}" | |
|
|
167 | end | |
|
|
168 | end | |
|
|
169 | ||
|
|
170 | def test_lost_password_for_unknown_user_should_fail | |
|
|
171 | assert_no_difference 'Token.count' do | |
|
|
172 | post :lost_password, :mail => 'invalid@somenet.foo' | |
|
|
173 | assert_response :success | |
|
|
174 | end | |
|
|
175 | end | |
|
|
176 | ||
|
|
177 | def test_lost_password_for_non_active_user_should_fail | |
|
|
178 | assert User.find(2).lock! | |
|
|
179 | ||
|
|
180 | assert_no_difference 'Token.count' do | |
|
|
181 | post :lost_password, :mail => 'JSmith@somenet.foo' | |
|
|
182 | assert_response :success | |
|
|
183 | end | |
|
|
184 | end | |
|
|
144 | 185 | end |
General Comments 0
You need to be logged in to leave comments.
Login now