2019-07-31 22:56:46 +05:30
# frozen_string_literal: true
2017-09-10 17:25:29 +05:30
require 'spec_helper'
2020-06-23 00:09:42 +05:30
RSpec . describe PasswordsController do
2020-11-24 15:15:51 +05:30
include DeviseHelpers
2017-09-10 17:25:29 +05:30
2020-11-24 15:15:51 +05:30
before do
set_devise_mapping ( context : @request )
end
describe '#check_password_authentication_available' do
2018-03-17 18:26:18 +05:30
context 'when password authentication is disabled for the web interface and Git' do
it 'prevents a password reset' do
stub_application_setting ( password_authentication_enabled_for_web : false )
stub_application_setting ( password_authentication_enabled_for_git : false )
2017-09-10 17:25:29 +05:30
post :create
2020-03-13 15:44:24 +05:30
expect ( response ) . to have_gitlab_http_status ( :found )
2020-01-01 13:55:28 +05:30
expect ( flash [ :alert ] ) . to eq _ ( 'Password authentication is unavailable.' )
2017-09-10 17:25:29 +05:30
end
end
context 'when reset email belongs to an ldap user' do
let ( :user ) { create ( :omniauth_user , provider : 'ldapmain' , email : 'ldapuser@gitlab.com' ) }
it 'prevents a password reset' do
2019-02-15 15:39:39 +05:30
post :create , params : { user : { email : user . email } }
2017-09-10 17:25:29 +05:30
2020-01-01 13:55:28 +05:30
expect ( flash [ :alert ] ) . to eq _ ( 'Password authentication is unavailable.' )
2017-09-10 17:25:29 +05:30
end
end
end
2020-11-24 15:15:51 +05:30
describe '#update' do
render_views
context 'updating the password' do
subject do
put :update , params : {
user : {
password : password ,
password_confirmation : password_confirmation ,
reset_password_token : reset_password_token
}
}
end
let ( :password ) { User . random_password }
let ( :password_confirmation ) { password }
let ( :reset_password_token ) { user . send_reset_password_instructions }
let ( :user ) { create ( :user , password_automatically_set : true , password_expires_at : 10 . minutes . ago ) }
context 'password update is successful' do
it 'updates the password-related flags' do
subject
user . reload
expect ( response ) . to redirect_to ( new_user_session_path )
expect ( flash [ :notice ] ) . to include ( 'password has been changed successfully' )
expect ( user . password_automatically_set ) . to eq ( false )
expect ( user . password_expires_at ) . to be_nil
end
end
context 'password update is unsuccessful' do
let ( :password_confirmation ) { 'not_the_same_as_password' }
it 'does not update the password-related flags' do
subject
user . reload
expect ( response ) . to render_template ( :edit )
expect ( response . body ) . to have_content ( " Password confirmation doesn't match Password " )
expect ( user . password_automatically_set ) . to eq ( true )
expect ( user . password_expires_at ) . not_to be_nil
end
end
2021-09-04 01:27:46 +05:30
it 'sets the username and caller_id in the context' do
expect ( controller ) . to receive ( :update ) . and_wrap_original do | m , * args |
m . call ( * args )
expect ( Gitlab :: ApplicationContext . current )
. to include ( 'meta.user' = > user . username ,
'meta.caller_id' = > 'PasswordsController#update' )
end
subject
end
2020-11-24 15:15:51 +05:30
end
end
2021-12-11 22:18:48 +05:30
describe '#create' do
let ( :user ) { create ( :user ) }
subject ( :perform_request ) { post ( :create , params : { user : { email : user . email } } ) }
context 'when reCAPTCHA is disabled' do
before do
stub_application_setting ( recaptcha_enabled : false )
end
it 'successfully sends password reset when reCAPTCHA is not solved' do
perform_request
expect ( response ) . to redirect_to ( new_user_session_path )
expect ( flash [ :notice ] ) . to include 'If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.'
end
end
context 'when reCAPTCHA is enabled' do
before do
stub_application_setting ( recaptcha_enabled : true )
end
2022-07-23 23:45:48 +05:30
context 'when the reCAPTCHA is not solved' do
before do
Recaptcha . configuration . skip_verify_env . delete ( 'test' )
end
2021-12-11 22:18:48 +05:30
2022-07-23 23:45:48 +05:30
it 'displays an error' do
perform_request
expect ( response ) . to render_template ( :new )
expect ( flash [ :alert ] ) . to include _ ( 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.' )
end
2021-12-11 22:18:48 +05:30
2022-07-23 23:45:48 +05:30
it 'sets gon variables' do
Gon . clear
perform_request
expect ( response ) . to render_template ( :new )
expect ( Gon . all_variables ) . not_to be_empty
end
2021-12-11 22:18:48 +05:30
end
it 'successfully sends password reset when reCAPTCHA is solved' do
Recaptcha . configuration . skip_verify_env << 'test'
perform_request
expect ( response ) . to redirect_to ( new_user_session_path )
expect ( flash [ :notice ] ) . to include 'If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.'
end
end
end
2017-09-10 17:25:29 +05:30
end
