debian-mirror-gitlab/spec/features/profiles/password_spec.rb

151 lines
4.2 KiB
Ruby
Raw Normal View History

2019-10-12 21:52:04 +05:30
# frozen_string_literal: true
2016-09-13 17:45:13 +05:30
require 'spec_helper'
2020-06-23 00:09:42 +05:30
RSpec.describe 'Profile > Password' do
2018-03-27 19:54:05 +05:30
let(:user) { create(:user) }
def fill_passwords(password, confirmation)
fill_in 'New password', with: password
fill_in 'Password confirmation', with: confirmation
click_button 'Save password'
end
2017-09-10 17:25:29 +05:30
context 'Password authentication enabled' do
let(:user) { create(:user, password_automatically_set: true) }
2016-09-13 17:45:13 +05:30
2017-09-10 17:25:29 +05:30
before do
sign_in(user)
visit edit_profile_password_path
end
2016-09-13 17:45:13 +05:30
2017-09-10 17:25:29 +05:30
context 'User with password automatically set' do
describe 'User puts different passwords in the field and in the confirmation' do
it 'shows an error message' do
fill_passwords('mypassword', 'mypassword2')
2016-09-13 17:45:13 +05:30
2017-09-10 17:25:29 +05:30
page.within('.alert-danger') do
expect(page).to have_content("Password confirmation doesn't match Password")
end
end
it 'does not contain the current password field after an error' do
fill_passwords('mypassword', 'mypassword2')
2016-09-13 17:45:13 +05:30
2017-09-10 17:25:29 +05:30
expect(page).to have_no_field('user[current_password]')
2016-09-13 17:45:13 +05:30
end
end
2017-09-10 17:25:29 +05:30
describe 'User puts the same passwords in the field and in the confirmation' do
it 'shows a success message' do
fill_passwords('mypassword', 'mypassword')
2016-09-13 17:45:13 +05:30
2017-09-10 17:25:29 +05:30
page.within('.flash-notice') do
2020-10-24 23:57:45 +05:30
expect(page).to have_content('Password was successfully updated. Please sign in again.')
2017-09-10 17:25:29 +05:30
end
end
2016-09-13 17:45:13 +05:30
end
end
2017-09-10 17:25:29 +05:30
end
2016-09-13 17:45:13 +05:30
2017-09-10 17:25:29 +05:30
context 'Password authentication unavailable' do
before do
gitlab_sign_in(user)
end
2016-09-13 17:45:13 +05:30
2017-09-10 17:25:29 +05:30
context 'Regular user' do
let(:user) { create(:user) }
2018-03-17 18:26:18 +05:30
it 'renders 404 when password authentication is disabled for the web interface and Git' do
stub_application_setting(password_authentication_enabled_for_web: false)
stub_application_setting(password_authentication_enabled_for_git: false)
2017-09-10 17:25:29 +05:30
visit edit_profile_password_path
2020-03-13 15:44:24 +05:30
expect(page).to have_gitlab_http_status(:not_found)
2017-09-10 17:25:29 +05:30
end
end
context 'LDAP user' do
let(:user) { create(:omniauth_user, provider: 'ldapmain') }
it 'renders 404' do
visit edit_profile_password_path
2020-03-13 15:44:24 +05:30
expect(page).to have_gitlab_http_status(:not_found)
2016-09-13 17:45:13 +05:30
end
end
end
2018-03-27 19:54:05 +05:30
context 'Change passowrd' do
before do
sign_in(user)
visit(edit_profile_password_path)
end
it 'does not change user passowrd without old one' do
page.within '.update-password' do
fill_passwords('22233344', '22233344')
end
page.within '.flash-container' do
expect(page).to have_content 'You must provide a valid current password'
end
end
it 'does not change password with invalid old password' do
page.within '.update-password' do
fill_in 'user_current_password', with: 'invalid'
fill_passwords('password', 'confirmation')
end
page.within '.flash-container' do
expect(page).to have_content 'You must provide a valid current password'
end
end
it 'changes user password' do
page.within '.update-password' do
fill_in "user_current_password", with: user.password
fill_passwords('22233344', '22233344')
end
expect(current_path).to eq new_user_session_path
end
end
context 'when password is expired' do
before do
sign_in(user)
2021-04-29 21:17:54 +05:30
user.update!(password_expires_at: 1.hour.ago)
2018-03-27 19:54:05 +05:30
user.identities.delete
expect(user.ldap_user?).to eq false
end
it 'needs change user password' do
visit edit_profile_password_path
expect(current_path).to eq new_profile_password_path
fill_in :user_current_password, with: user.password
fill_in :user_password, with: '12345678'
fill_in :user_password_confirmation, with: '12345678'
click_button 'Set new password'
expect(current_path).to eq new_user_session_path
end
context 'when global require_two_factor_authentication is enabled' do
it 'needs change user password' do
stub_application_setting(require_two_factor_authentication: true)
visit profile_path
expect(current_path).to eq new_profile_password_path
end
end
end
2016-09-13 17:45:13 +05:30
end