| @@ -63,11 +63,17 class AccountController < ApplicationController | |||||
| 63 | return |
|
63 | return | |
| 64 | else |
|
64 | else | |
| 65 | if request.post? |
|
65 | if request.post? | |
| 66 | user = User.find_by_mail(params[:mail]) |
|
66 | user = User.find_by_mail(params[:mail].to_s) | |
| 67 |
# user not found |
|
67 | # user not found or not active | |
| 68 | (flash.now[:error] = l(:notice_account_unknown_email); return) unless user |
|
68 | unless user && user.active? | |
| 69 | # user uses an external authentification |
|
69 | flash.now[:error] = l(:notice_account_unknown_email) | |
| 70 | (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id |
|
70 | return | |
|
|
71 | end | |||
|
|
72 | # user cannot change its password | |||
|
|
73 | unless user.change_password_allowed? | |||
|
|
74 | flash.now[:error] = l(:notice_can_t_change_password) | |||
|
|
75 | return | |||
|
|
76 | end | |||
| 71 | # create a new token for password recovery |
|
77 | # create a new token for password recovery | |
| 72 | token = Token.new(:user => user, :action => "recovery") |
|
78 | token = Token.new(:user => user, :action => "recovery") | |
| 73 | if token.save |
|
79 | if token.save | |
| @@ -141,4 +141,45 class AccountControllerTest < ActionController::TestCase | |||||
| 141 | end |
|
141 | end | |
| 142 | end |
|
142 | end | |
| 143 | end |
|
143 | end | |
|
|
144 | ||||
|
|
145 | def test_get_lost_password_should_display_lost_password_form | |||
|
|
146 | get :lost_password | |||
|
|
147 | assert_response :success | |||
|
|
148 | assert_select 'input[name=mail]' | |||
|
|
149 | end | |||
|
|
150 | ||||
|
|
151 | def test_lost_password_for_active_user_should_create_a_token | |||
|
|
152 | assert_difference 'ActionMailer::Base.deliveries.size' do | |||
|
|
153 | assert_difference 'Token.count' do | |||
|
|
154 | with_settings :host_name => 'mydomain.foo', :protocol => 'http' do | |||
|
|
155 | post :lost_password, :mail => 'JSmith@somenet.foo' | |||
|
|
156 | assert_redirected_to '/login' | |||
|
|
157 | end | |||
|
|
158 | end | |||
|
|
159 | end | |||
|
|
160 | ||||
|
|
161 | token = Token.order('id DESC').first | |||
|
|
162 | assert_equal User.find(2), token.user | |||
|
|
163 | assert_equal 'recovery', token.action | |||
|
|
164 | ||||
|
|
165 | assert_select_email do | |||
|
|
166 | assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}" | |||
|
|
167 | end | |||
|
|
168 | end | |||
|
|
169 | ||||
|
|
170 | def test_lost_password_for_unknown_user_should_fail | |||
|
|
171 | assert_no_difference 'Token.count' do | |||
|
|
172 | post :lost_password, :mail => 'invalid@somenet.foo' | |||
|
|
173 | assert_response :success | |||
|
|
174 | end | |||
|
|
175 | end | |||
|
|
176 | ||||
|
|
177 | def test_lost_password_for_non_active_user_should_fail | |||
|
|
178 | assert User.find(2).lock! | |||
|
|
179 | ||||
|
|
180 | assert_no_difference 'Token.count' do | |||
|
|
181 | post :lost_password, :mail => 'JSmith@somenet.foo' | |||
|
|
182 | assert_response :success | |||
|
|
183 | end | |||
|
|
184 | end | |||
| 144 | end |
|
185 | end | |
General Comments 0
You need to be logged in to leave comments.
Login now