| @@ -50,6 +50,10 class AccountController < ApplicationController | |||||
| 50 | return |
|
50 | return | |
| 51 | end |
|
51 | end | |
| 52 | @user = @token.user |
|
52 | @user = @token.user | |
|
|
53 | unless @user && @user.active? | |||
|
|
54 | redirect_to home_url | |||
|
|
55 | return | |||
|
|
56 | end | |||
| 53 | if request.post? |
|
57 | if request.post? | |
| 54 | @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation] |
|
58 | @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation] | |
| 55 | if @user.save |
|
59 | if @user.save | |
| @@ -186,4 +186,58 class AccountControllerTest < ActionController::TestCase | |||||
| 186 | assert_response :success |
|
186 | assert_response :success | |
| 187 | end |
|
187 | end | |
| 188 | end |
|
188 | end | |
|
|
189 | ||||
|
|
190 | def test_get_lost_password_with_token_should_display_the_password_recovery_form | |||
|
|
191 | user = User.find(2) | |||
|
|
192 | token = Token.create!(:action => 'recovery', :user => user) | |||
|
|
193 | ||||
|
|
194 | get :lost_password, :token => token.value | |||
|
|
195 | assert_response :success | |||
|
|
196 | assert_template 'password_recovery' | |||
|
|
197 | ||||
|
|
198 | assert_select 'input[type=hidden][name=token][value=?]', token.value | |||
|
|
199 | end | |||
|
|
200 | ||||
|
|
201 | def test_get_lost_password_with_invalid_token_should_redirect | |||
|
|
202 | get :lost_password, :token => "abcdef" | |||
|
|
203 | assert_redirected_to '/' | |||
|
|
204 | end | |||
|
|
205 | ||||
|
|
206 | def test_post_lost_password_with_token_should_change_the_user_password | |||
|
|
207 | user = User.find(2) | |||
|
|
208 | token = Token.create!(:action => 'recovery', :user => user) | |||
|
|
209 | ||||
|
|
210 | post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'newpass' | |||
|
|
211 | assert_redirected_to '/login' | |||
|
|
212 | user.reload | |||
|
|
213 | assert user.check_password?('newpass') | |||
|
|
214 | assert_nil Token.find_by_id(token.id), "Token was not deleted" | |||
|
|
215 | end | |||
|
|
216 | ||||
|
|
217 | def test_post_lost_password_with_token_for_non_active_user_should_fail | |||
|
|
218 | user = User.find(2) | |||
|
|
219 | token = Token.create!(:action => 'recovery', :user => user) | |||
|
|
220 | user.lock! | |||
|
|
221 | ||||
|
|
222 | post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'newpass' | |||
|
|
223 | assert_redirected_to '/' | |||
|
|
224 | assert ! user.check_password?('newpass') | |||
|
|
225 | end | |||
|
|
226 | ||||
|
|
227 | def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form | |||
|
|
228 | user = User.find(2) | |||
|
|
229 | token = Token.create!(:action => 'recovery', :user => user) | |||
|
|
230 | ||||
|
|
231 | post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass' | |||
|
|
232 | assert_response :success | |||
|
|
233 | assert_template 'password_recovery' | |||
|
|
234 | assert_not_nil Token.find_by_id(token.id), "Token was deleted" | |||
|
|
235 | ||||
|
|
236 | assert_select 'input[type=hidden][name=token][value=?]', token.value | |||
|
|
237 | end | |||
|
|
238 | ||||
|
|
239 | def test_post_lost_password_with_invalid_token_should_redirect | |||
|
|
240 | post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass' | |||
|
|
241 | assert_redirected_to '/' | |||
|
|
242 | end | |||
| 189 | end |
|
243 | end | |
General Comments 0
You need to be logged in to leave comments.
Login now