diff options
| author | Drew Blessing <drew@gitlab.com> | 2015-12-09 11:45:26 -0600 |
|---|---|---|
| committer | Drew Blessing <drew@gitlab.com> | 2015-12-09 18:40:37 -0600 |
| commit | f4ec906e90b2f8dbf18b359b773e3b31f5da89ff (patch) | |
| tree | fd9d5a760e8100e643e49b6e26fe9d007d004b98 /spec | |
| parent | 7b50965e9990bcb88f56b771d47514cbeb5316e5 (diff) | |
| download | gitlab-ce-f4ec906e90b2f8dbf18b359b773e3b31f5da89ff.tar.gz | |
Use devise paranoid mode and ensure the same message is returned every time
Skipped CI because it has already passed. Had to rebase due to CHANGELOG.
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/features/password_reset_spec.rb | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/spec/features/password_reset_spec.rb b/spec/features/password_reset_spec.rb index 85e70b4d47f..257d363438c 100644 --- a/spec/features/password_reset_spec.rb +++ b/spec/features/password_reset_spec.rb @@ -3,11 +3,12 @@ require 'spec_helper' feature 'Password reset', feature: true do describe 'throttling' do it 'sends reset instructions when not previously sent' do - visit root_path - forgot_password(create(:user)) + user = create(:user) + forgot_password(user) - expect(page).to have_content(I18n.t('devise.passwords.send_instructions')) + expect(page).to have_content(I18n.t('devise.passwords.send_paranoid_instructions')) expect(current_path).to eq new_user_session_path + expect(user.recently_sent_password_reset?).to be_truthy end it 'sends reset instructions when previously sent more than a minute ago' do @@ -15,26 +16,25 @@ feature 'Password reset', feature: true do user.send_reset_password_instructions user.update_attribute(:reset_password_sent_at, 5.minutes.ago) - visit root_path - forgot_password(user) - - expect(page).to have_content(I18n.t('devise.passwords.send_instructions')) + expect{ forgot_password(user) }.to change{ user.reset_password_sent_at } + expect(page).to have_content(I18n.t('devise.passwords.send_paranoid_instructions')) expect(current_path).to eq new_user_session_path end - it "throttles multiple resets in a short timespan" do + it 'throttles multiple resets in a short timespan' do user = create(:user) user.send_reset_password_instructions + # Reload because PG handles datetime less precisely than Ruby/Rails + user.reload - visit root_path - forgot_password(user) - - expect(page).to have_content(I18n.t('devise.passwords.recently_reset')) - expect(current_path).to eq new_user_password_path + expect{ forgot_password(user) }.not_to change{ user.reset_password_sent_at } + expect(page).to have_content(I18n.t('devise.passwords.send_paranoid_instructions')) + expect(current_path).to eq new_user_session_path end end def forgot_password(user) + visit root_path click_on 'Forgot your password?' fill_in 'Email', with: user.email click_button 'Reset password' |