1 files changed, 53 insertions, 4 deletions

diff --git a/spec/controllers/passwords_controller_spec.rb b/spec/controllers/passwords_controller_spec.rb
index ba2c0c0455d..e9883107456 100644
--- a/spec/controllers/passwords_controller_spec.rb
+++ b/spec/controllers/passwords_controller_spec.rb
@@ -3,11 +3,13 @@
 require 'spec_helper'
 
 RSpec.describe PasswordsController do
-  describe '#check_password_authentication_available' do
-    before do
-      @request.env["devise.mapping"] = Devise.mappings[:user]
-    end
+  include DeviseHelpers
 
+  before do
+    set_devise_mapping(context: @request)
+  end
+
+  describe '#check_password_authentication_available' do
     context 'when password authentication is disabled for the web interface and Git' do
       it 'prevents a password reset' do
         stub_application_setting(password_authentication_enabled_for_web: false)
@@ -30,4 +32,51 @@ RSpec.describe PasswordsController do
       end
     end
   end
+
+  describe '#update' do
+    render_views
+
+    context 'updating the password' do
+      subject do
+        put :update, params: {
+          user: {
+            password: password,
+            password_confirmation: password_confirmation,
+            reset_password_token: reset_password_token
+          }
+        }
+      end
+
+      let(:password) { User.random_password }
+      let(:password_confirmation) { password }
+      let(:reset_password_token) { user.send_reset_password_instructions }
+      let(:user) { create(:user, password_automatically_set: true, password_expires_at: 10.minutes.ago) }
+
+      context 'password update is successful' do
+        it 'updates the password-related flags' do
+          subject
+          user.reload
+
+          expect(response).to redirect_to(new_user_session_path)
+          expect(flash[:notice]).to include('password has been changed successfully')
+          expect(user.password_automatically_set).to eq(false)
+          expect(user.password_expires_at).to be_nil
+        end
+      end
+
+      context 'password update is unsuccessful' do
+        let(:password_confirmation) { 'not_the_same_as_password' }
+
+        it 'does not update the password-related flags' do
+          subject
+          user.reload
+
+          expect(response).to render_template(:edit)
+          expect(response.body).to have_content("Password confirmation doesn't match Password")
+          expect(user.password_automatically_set).to eq(true)
+          expect(user.password_expires_at).not_to be_nil
+        end
+      end
+    end
+  end
 end