debian-mirror-gitlab/spec/controllers/passwords_controller_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe PasswordsController do
  include DeviseHelpers

  before do
    set_devise_mapping(context: @request)
  end

  describe '#check_password_authentication_available' do
    context 'when password authentication is disabled for the web interface and Git' do
      it 'prevents a password reset' do
        stub_application_setting(password_authentication_enabled_for_web: false)
        stub_application_setting(password_authentication_enabled_for_git: false)

        post :create

        expect(response).to have_gitlab_http_status(:found)
        expect(flash[:alert]).to eq _('Password authentication is unavailable.')
      end
    end

    context 'when reset email belongs to an ldap user' do
      let(:user) { create(:omniauth_user, provider: 'ldapmain', email: 'ldapuser@gitlab.com') }

      it 'prevents a password reset' do
        post :create, params: { user: { email: user.email } }

        expect(flash[:alert]).to eq _('Password authentication is unavailable.')
      end
    end
  end

  describe '#update' do
    render_views

    context 'updating the password' do
      subject do
        put :update, params: {
          user: {
            password: password,
            password_confirmation: password_confirmation,
            reset_password_token: reset_password_token
          }
        }
      end

      let(:password) { User.random_password }
      let(:password_confirmation) { password }
      let(:reset_password_token) { user.send_reset_password_instructions }
      let(:user) { create(:user, password_automatically_set: true, password_expires_at: 10.minutes.ago) }

      context 'password update is successful' do
        it 'updates the password-related flags' do
          subject
          user.reload

          expect(response).to redirect_to(new_user_session_path)
          expect(flash[:notice]).to include('password has been changed successfully')
          expect(user.password_automatically_set).to eq(false)
          expect(user.password_expires_at).to be_nil
        end
      end

      context 'password update is unsuccessful' do
        let(:password_confirmation) { 'not_the_same_as_password' }

        it 'does not update the password-related flags' do
          subject
          user.reload

          expect(response).to render_template(:edit)
          expect(response.body).to have_content("Password confirmation doesn't match Password")
          expect(user.password_automatically_set).to eq(true)
          expect(user.password_expires_at).not_to be_nil
        end
      end

      it 'sets the username and caller_id in the context' do
        expect(controller).to receive(:update).and_wrap_original do |m, *args|
          m.call(*args)

          expect(Gitlab::ApplicationContext.current)
            .to include('meta.user' => user.username,
                        'meta.caller_id' => 'PasswordsController#update')
        end

        subject
      end
    end
  end

  describe '#create' do
    let(:user) { create(:user) }

    subject(:perform_request) { post(:create, params: { user: { email: user.email } }) }

    context 'when reCAPTCHA is disabled' do
      before do
        stub_application_setting(recaptcha_enabled: false)
      end

      it 'successfully sends password reset when reCAPTCHA is not solved' do
        perform_request

        expect(response).to redirect_to(new_user_session_path)
        expect(flash[:notice]).to include 'If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.'
      end
    end

    context 'when reCAPTCHA is enabled' do
      before do
        stub_application_setting(recaptcha_enabled: true)
      end

      it 'displays an error when the reCAPTCHA is not solved' do
        Recaptcha.configuration.skip_verify_env.delete('test')

        perform_request

        expect(response).to render_template(:new)
        expect(flash[:alert]).to include _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
      end

      it 'successfully sends password reset when reCAPTCHA is solved' do
        Recaptcha.configuration.skip_verify_env << 'test'

        perform_request

        expect(response).to redirect_to(new_user_session_path)
        expect(flash[:notice]).to include 'If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.'
      end
    end
  end
end
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`# frozen_string_literal: true`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`require 'spec_helper'`

New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`RSpec.describe PasswordsController do`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`include DeviseHelpers`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`before do`
			`set_devise_mapping(context: @request)`
			`end`

			`describe '#check_password_authentication_available' do`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`context 'when password authentication is disabled for the web interface and Git' do`
			`it 'prevents a password reset' do`
			`stub_application_setting(password_authentication_enabled_for_web: false)`
			`stub_application_setting(password_authentication_enabled_for_git: false)`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
			`post :create`

New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`expect(response).to have_gitlab_http_status(:found)`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`expect(flash[:alert]).to eq _('Password authentication is unavailable.')`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`end`
			`end`

			`context 'when reset email belongs to an ldap user' do`
			`let(:user) { create(:omniauth_user, provider: 'ldapmain', email: 'ldapuser@gitlab.com') }`

			`it 'prevents a password reset' do`
New upstream version 11.7.5 2019-02-15 15:39:39 +05:30			`post :create, params: { user: { email: user.email } }`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`expect(flash[:alert]).to eq _('Password authentication is unavailable.')`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`end`
			`end`
			`end`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30
			`describe '#update' do`
			`render_views`

			`context 'updating the password' do`
			`subject do`
			`put :update, params: {`
			`user: {`
			`password: password,`
			`password_confirmation: password_confirmation,`
			`reset_password_token: reset_password_token`
			`}`
			`}`
			`end`

			`let(:password) { User.random_password }`
			`let(:password_confirmation) { password }`
			`let(:reset_password_token) { user.send_reset_password_instructions }`
			`let(:user) { create(:user, password_automatically_set: true, password_expires_at: 10.minutes.ago) }`

			`context 'password update is successful' do`
			`it 'updates the password-related flags' do`
			`subject`
			`user.reload`

			`expect(response).to redirect_to(new_user_session_path)`
			`expect(flash[:notice]).to include('password has been changed successfully')`
			`expect(user.password_automatically_set).to eq(false)`
			`expect(user.password_expires_at).to be_nil`
			`end`
			`end`

			`context 'password update is unsuccessful' do`
			`let(:password_confirmation) { 'not_the_same_as_password' }`

			`it 'does not update the password-related flags' do`
			`subject`
			`user.reload`

			`expect(response).to render_template(:edit)`
			`expect(response.body).to have_content("Password confirmation doesn't match Password")`
			`expect(user.password_automatically_set).to eq(true)`
			`expect(user.password_expires_at).not_to be_nil`
			`end`
			`end`
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30
			`it 'sets the username and caller_id in the context' do`
			`expect(controller).to receive(:update).and_wrap_original do \|m, *args\|`
			`m.call(*args)`

			`expect(Gitlab::ApplicationContext.current)`
			`.to include('meta.user' => user.username,`
			`'meta.caller_id' => 'PasswordsController#update')`
			`end`

			`subject`
			`end`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`end`
			`end`
New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30
			`describe '#create' do`
			`let(:user) { create(:user) }`

			`subject(:perform_request) { post(:create, params: { user: { email: user.email } }) }`

			`context 'when reCAPTCHA is disabled' do`
			`before do`
			`stub_application_setting(recaptcha_enabled: false)`
			`end`

			`it 'successfully sends password reset when reCAPTCHA is not solved' do`
			`perform_request`

			`expect(response).to redirect_to(new_user_session_path)`
			`expect(flash[:notice]).to include 'If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.'`
			`end`
			`end`

			`context 'when reCAPTCHA is enabled' do`
			`before do`
			`stub_application_setting(recaptcha_enabled: true)`
			`end`

			`it 'displays an error when the reCAPTCHA is not solved' do`
			`Recaptcha.configuration.skip_verify_env.delete('test')`

			`perform_request`

			`expect(response).to render_template(:new)`
New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30			`expect(flash[:alert]).to include _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')`
New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30			`end`

			`it 'successfully sends password reset when reCAPTCHA is solved' do`
			`Recaptcha.configuration.skip_verify_env << 'test'`

			`perform_request`

			`expect(response).to redirect_to(new_user_session_path)`
			`expect(flash[:notice]).to include 'If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.'`
			`end`
			`end`
			`end`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`end`