| @@ -50,6 +50,10 class AccountController < ApplicationController | |||
|
|
50 | 50 | return |
|
|
51 | 51 | end |
|
|
52 | 52 | @user = @token.user |
|
|
53 | unless @user && @user.active? | |
|
|
54 | redirect_to home_url | |
|
|
55 | return | |
|
|
56 | end | |
|
|
53 | 57 | if request.post? |
|
|
54 | 58 | @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation] |
|
|
55 | 59 | if @user.save |
| @@ -186,4 +186,58 class AccountControllerTest < ActionController::TestCase | |||
|
|
186 | 186 | assert_response :success |
|
|
187 | 187 | end |
|
|
188 | 188 | end |
|
|
189 | ||
|
|
190 | def test_get_lost_password_with_token_should_display_the_password_recovery_form | |
|
|
191 | user = User.find(2) | |
|
|
192 | token = Token.create!(:action => 'recovery', :user => user) | |
|
|
193 | ||
|
|
194 | get :lost_password, :token => token.value | |
|
|
195 | assert_response :success | |
|
|
196 | assert_template 'password_recovery' | |
|
|
197 | ||
|
|
198 | assert_select 'input[type=hidden][name=token][value=?]', token.value | |
|
|
199 | end | |
|
|
200 | ||
|
|
201 | def test_get_lost_password_with_invalid_token_should_redirect | |
|
|
202 | get :lost_password, :token => "abcdef" | |
|
|
203 | assert_redirected_to '/' | |
|
|
204 | end | |
|
|
205 | ||
|
|
206 | def test_post_lost_password_with_token_should_change_the_user_password | |
|
|
207 | user = User.find(2) | |
|
|
208 | token = Token.create!(:action => 'recovery', :user => user) | |
|
|
209 | ||
|
|
210 | post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'newpass' | |
|
|
211 | assert_redirected_to '/login' | |
|
|
212 | user.reload | |
|
|
213 | assert user.check_password?('newpass') | |
|
|
214 | assert_nil Token.find_by_id(token.id), "Token was not deleted" | |
|
|
215 | end | |
|
|
216 | ||
|
|
217 | def test_post_lost_password_with_token_for_non_active_user_should_fail | |
|
|
218 | user = User.find(2) | |
|
|
219 | token = Token.create!(:action => 'recovery', :user => user) | |
|
|
220 | user.lock! | |
|
|
221 | ||
|
|
222 | post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'newpass' | |
|
|
223 | assert_redirected_to '/' | |
|
|
224 | assert ! user.check_password?('newpass') | |
|
|
225 | end | |
|
|
226 | ||
|
|
227 | def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form | |
|
|
228 | user = User.find(2) | |
|
|
229 | token = Token.create!(:action => 'recovery', :user => user) | |
|
|
230 | ||
|
|
231 | post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass' | |
|
|
232 | assert_response :success | |
|
|
233 | assert_template 'password_recovery' | |
|
|
234 | assert_not_nil Token.find_by_id(token.id), "Token was deleted" | |
|
|
235 | ||
|
|
236 | assert_select 'input[type=hidden][name=token][value=?]', token.value | |
|
|
237 | end | |
|
|
238 | ||
|
|
239 | def test_post_lost_password_with_invalid_token_should_redirect | |
|
|
240 | post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass' | |
|
|
241 | assert_redirected_to '/' | |
|
|
242 | end | |
|
|
189 | 243 | end |
General Comments 0
You need to be logged in to leave comments.
Login now