diff options
Diffstat (limited to 'spec/features/password_reset_spec.rb')
-rw-r--r-- | spec/features/password_reset_spec.rb | 43 |
1 files changed, 36 insertions, 7 deletions
diff --git a/spec/features/password_reset_spec.rb b/spec/features/password_reset_spec.rb index abf66f2356d..ce7a66a0da9 100644 --- a/spec/features/password_reset_spec.rb +++ b/spec/features/password_reset_spec.rb @@ -1,13 +1,44 @@ require 'spec_helper' feature 'Password reset', feature: true do - describe 'with two-factor authentication' do - let(:user) { create(:user, :two_factor) } + describe 'throttling' do + it 'sends reset instructions when not previously sent' do + visit root_path + forgot_password(create(:user)) + + expect(page).to have_content(I18n.t('devise.passwords.send_instructions')) + expect(current_path).to eq new_user_session_path + end + it 'sends reset instructions when previously sent more than a minute ago' do + user = create(:user) + user.send_reset_password_instructions + user.update_attribute(:reset_password_sent_at, 5.minutes.ago) + + visit root_path + forgot_password(user) + + expect(page).to have_content(I18n.t('devise.passwords.send_instructions')) + expect(current_path).to eq new_user_session_path + end + + it "throttles multiple resets in a short timespan" do + user = create(:user) + user.send_reset_password_instructions + + visit root_path + forgot_password(user) + + expect(page).to have_content("Instructions about how to reset your password have already been sent recently. Please wait a few minutes to try again.") + expect(current_path).to eq new_user_password_path + end + end + + describe 'with two-factor authentication' do it 'requires login after password reset' do visit root_path - forgot_password + forgot_password(create(:user, :two_factor)) reset_password expect(page).to have_content("Your password was changed successfully.") @@ -17,12 +48,10 @@ feature 'Password reset', feature: true do end describe 'without two-factor authentication' do - let(:user) { create(:user) } - it 'requires login after password reset' do visit root_path - forgot_password + forgot_password(create(:user)) reset_password expect(page).to have_content("Your password was changed successfully.") @@ -30,7 +59,7 @@ feature 'Password reset', feature: true do end end - def forgot_password + def forgot_password(user) click_on 'Forgot your password?' fill_in 'Email', with: user.email click_button 'Reset password' |