2020-07-28 22:56:26 +02:00
|
|
|
defmodule PhilomenaWeb.PasswordControllerTest do
|
|
|
|
use PhilomenaWeb.ConnCase, async: true
|
|
|
|
|
|
|
|
alias Philomena.Users
|
|
|
|
alias Philomena.Repo
|
2023-05-18 16:23:17 +02:00
|
|
|
alias Phoenix.Flash
|
2020-07-28 22:56:26 +02:00
|
|
|
import Philomena.UsersFixtures
|
|
|
|
|
|
|
|
setup do
|
|
|
|
%{user: confirmed_user_fixture()}
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "GET /passwords/new" do
|
|
|
|
test "renders the reset password page", %{conn: conn} do
|
2024-06-06 22:28:35 +02:00
|
|
|
conn = get(conn, ~p"/passwords/new")
|
2020-07-28 22:56:26 +02:00
|
|
|
html_response(conn, 200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "POST /passwords" do
|
|
|
|
@tag :capture_log
|
|
|
|
test "sends a new reset password token", %{conn: conn, user: user} do
|
|
|
|
conn =
|
2024-06-06 22:28:35 +02:00
|
|
|
post(conn, ~p"/passwords", %{
|
2020-07-28 22:56:26 +02:00
|
|
|
"user" => %{"email" => user.email}
|
|
|
|
})
|
|
|
|
|
|
|
|
assert redirected_to(conn) == "/"
|
2023-05-18 16:23:17 +02:00
|
|
|
assert Flash.get(conn.assigns.flash, :info) =~ "If your email is in our system"
|
2020-07-28 22:56:26 +02:00
|
|
|
assert Repo.get_by!(Users.UserToken, user_id: user.id).context == "reset_password"
|
|
|
|
end
|
|
|
|
|
|
|
|
test "does not send reset password token if email is invalid", %{conn: conn} do
|
|
|
|
conn =
|
2024-06-06 22:28:35 +02:00
|
|
|
post(conn, ~p"/passwords", %{
|
2020-07-28 22:56:26 +02:00
|
|
|
"user" => %{"email" => "unknown@example.com"}
|
|
|
|
})
|
|
|
|
|
|
|
|
assert redirected_to(conn) == "/"
|
2023-05-18 16:23:17 +02:00
|
|
|
assert Flash.get(conn.assigns.flash, :info) =~ "If your email is in our system"
|
2020-07-28 22:56:26 +02:00
|
|
|
assert Repo.all(Users.UserToken) == []
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "GET /passwords/:token" do
|
|
|
|
setup %{user: user} do
|
|
|
|
token =
|
|
|
|
extract_user_token(fn url ->
|
|
|
|
Users.deliver_user_reset_password_instructions(user, url)
|
|
|
|
end)
|
|
|
|
|
|
|
|
%{token: token}
|
|
|
|
end
|
|
|
|
|
|
|
|
test "renders reset password", %{conn: conn, token: token} do
|
2024-06-06 22:28:35 +02:00
|
|
|
conn = get(conn, ~p"/passwords/#{token}/edit")
|
2020-07-28 22:56:26 +02:00
|
|
|
html_response(conn, 200)
|
|
|
|
end
|
|
|
|
|
|
|
|
test "does not render reset password with invalid token", %{conn: conn} do
|
2024-06-06 22:28:35 +02:00
|
|
|
conn = get(conn, ~p"/passwords/oops/edit")
|
2020-07-28 22:56:26 +02:00
|
|
|
assert redirected_to(conn) == "/"
|
2023-05-18 16:23:17 +02:00
|
|
|
|
|
|
|
assert Flash.get(conn.assigns.flash, :error) =~
|
|
|
|
"Reset password link is invalid or it has expired"
|
2020-07-28 22:56:26 +02:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "PUT /passwords/:token" do
|
|
|
|
setup %{user: user} do
|
|
|
|
token =
|
|
|
|
extract_user_token(fn url ->
|
|
|
|
Users.deliver_user_reset_password_instructions(user, url)
|
|
|
|
end)
|
|
|
|
|
|
|
|
%{token: token}
|
|
|
|
end
|
|
|
|
|
|
|
|
test "resets password once", %{conn: conn, user: user, token: token} do
|
|
|
|
conn =
|
2024-06-06 22:28:35 +02:00
|
|
|
put(conn, ~p"/passwords/#{token}", %{
|
2020-07-28 22:56:26 +02:00
|
|
|
"user" => %{
|
|
|
|
"password" => "new valid password",
|
|
|
|
"password_confirmation" => "new valid password"
|
|
|
|
}
|
|
|
|
})
|
|
|
|
|
2024-06-06 22:28:35 +02:00
|
|
|
assert redirected_to(conn) == ~p"/sessions/new"
|
2020-07-28 22:56:26 +02:00
|
|
|
refute get_session(conn, :user_token)
|
2023-05-18 16:23:17 +02:00
|
|
|
assert Flash.get(conn.assigns.flash, :info) =~ "Password reset successfully"
|
2020-07-28 22:56:26 +02:00
|
|
|
assert Users.get_user_by_email_and_password(user.email, "new valid password", & &1)
|
|
|
|
end
|
|
|
|
|
|
|
|
test "does not reset password on invalid data", %{conn: conn, token: token} do
|
|
|
|
conn =
|
2024-06-06 22:28:35 +02:00
|
|
|
put(conn, ~p"/passwords/#{token}", %{
|
2020-07-28 22:56:26 +02:00
|
|
|
"user" => %{
|
|
|
|
"password" => "too short",
|
|
|
|
"password_confirmation" => "does not match"
|
|
|
|
}
|
|
|
|
})
|
|
|
|
|
|
|
|
response = html_response(conn, 200)
|
|
|
|
assert response =~ "should be at least 12 character"
|
|
|
|
assert response =~ "does not match password"
|
|
|
|
end
|
|
|
|
|
|
|
|
test "does not reset password with invalid token", %{conn: conn} do
|
2024-06-06 22:28:35 +02:00
|
|
|
conn = put(conn, ~p"/passwords/oops")
|
2020-07-28 22:56:26 +02:00
|
|
|
assert redirected_to(conn) == "/"
|
2023-05-18 16:23:17 +02:00
|
|
|
|
|
|
|
assert Flash.get(conn.assigns.flash, :error) =~
|
|
|
|
"Reset password link is invalid or it has expired"
|
2020-07-28 22:56:26 +02:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|