2022-01-01 13:38:12 +00:00
|
|
|
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
|
2021-07-02 06:54:23 +00:00
|
|
|
|
|
|
|
require 'rails_helper'
|
|
|
|
|
|
|
|
RSpec.describe 'Password Reset', type: :system do
|
2022-03-09 12:38:42 +00:00
|
|
|
context 'when logged in already' do
|
|
|
|
before do
|
|
|
|
visit 'password_reset'
|
|
|
|
end
|
2021-07-02 06:54:23 +00:00
|
|
|
|
2022-03-09 12:38:42 +00:00
|
|
|
it 'logged in user cannot open password reset' do
|
|
|
|
expect(page).to have_no_text 'password'
|
|
|
|
end
|
2021-07-02 06:54:23 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'when not logged in', authenticated_as: false do
|
2022-03-09 12:38:42 +00:00
|
|
|
def request_reset
|
|
|
|
visit 'password_reset'
|
|
|
|
fill_in 'username', with: username
|
2021-07-02 06:54:23 +00:00
|
|
|
click '.reset_password .btn--primary'
|
2022-03-09 12:38:42 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
freeze_time
|
|
|
|
request_reset
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with non-existant user' do
|
|
|
|
let(:username) { 'nonexisting' }
|
2021-07-02 06:54:23 +00:00
|
|
|
|
2022-03-09 12:38:42 +00:00
|
|
|
it 'pretends to proceed' do
|
|
|
|
expect(page).to have_text 'sent password reset instructions'
|
|
|
|
end
|
2021-07-02 06:54:23 +00:00
|
|
|
end
|
|
|
|
|
2022-03-09 12:38:42 +00:00
|
|
|
context 'with existing user' do
|
|
|
|
let(:user) { create(:agent) }
|
|
|
|
let(:username) { user.email }
|
|
|
|
let(:generated_tokens) { Token.where(action: 'PasswordReset', user_id: user.id) }
|
2021-07-02 06:54:23 +00:00
|
|
|
|
2022-03-09 12:38:42 +00:00
|
|
|
it 'proceeds' do
|
|
|
|
expect(page).to have_text 'sent password reset instructions'
|
|
|
|
end
|
2021-07-02 06:54:23 +00:00
|
|
|
|
2022-03-09 12:38:42 +00:00
|
|
|
it 'creates a token' do
|
|
|
|
expect(generated_tokens.count).to eq 1
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'token will expire' do
|
|
|
|
expect(generated_tokens.first.persistent).to be false
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when submitting multiple times' do
|
|
|
|
before do
|
|
|
|
refresh
|
|
|
|
request_reset # a second time now
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'proceeds' do
|
|
|
|
expect(page).to have_text 'sent password reset instructions'
|
|
|
|
end
|
2021-07-02 06:54:23 +00:00
|
|
|
|
2022-03-09 12:38:42 +00:00
|
|
|
it 'discards the previous token' do
|
|
|
|
expect(generated_tokens.count).to eq 1
|
|
|
|
end
|
|
|
|
end
|
2021-07-02 06:54:23 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|