diff --git a/spec/controllers/internal_users_controller_spec.rb b/spec/controllers/internal_users_controller_spec.rb index d922eb94..a2f5a6c0 100644 --- a/spec/controllers/internal_users_controller_spec.rb +++ b/spec/controllers/internal_users_controller_spec.rb @@ -163,6 +163,49 @@ describe InternalUsersController do expect_template(:edit) end + describe 'GET #forgot_password' do + context 'when no user is logged in' do + before(:each) do + expect(controller).to receive(:current_user).and_return(nil) + get :forgot_password + end + + expect_status(200) + expect_template(:forgot_password) + end + + context 'when a user is already logged in' do + before(:each) do + expect(controller).to receive(:current_user).and_return(user) + get :forgot_password + end + + expect_redirect(:root) + end + end + + describe 'POST #forgot_password' do + context 'with an email address' do + let(:request) { proc { post :forgot_password, email: user.email } } + before(:each) { request.call } + + it 'delivers instructions to reset the password' do + expect(InternalUser).to receive(:find_by).and_return(user) + expect(user).to receive(:deliver_reset_password_instructions!) + request.call + end + + expect_redirect(:root) + end + + context 'without an email address' do + before(:each) { post :forgot_password } + + expect_status(200) + expect_template(:forgot_password) + end + end + describe 'GET #index' do before(:each) do allow(controller).to receive(:current_user).and_return(user) @@ -185,6 +228,65 @@ describe InternalUsersController do expect_template(:new) end + describe 'GET #reset_password' do + let(:user) { users.first } + + context 'without a valid password reset token' do + before(:each) { get :reset_password, id: user.id } + + expect_redirect + end + + context 'with a valid password reset token' do + before(:each) do + user.deliver_reset_password_instructions! + get :reset_password, id: user.id, token: user.reset_password_token + end + + expect_assigns(user: :user) + expect_status(200) + expect_template(:reset_password) + end + end + + describe 'PUT #reset_password' do + let(:user) { users.first } + before(:each) { user.deliver_reset_password_instructions! } + + context 'without a valid password reset token' do + before(:each) { put :reset_password, id: user.id } + + expect_redirect(:root) + end + + context 'with a valid password reset token' do + let(:password) { 'foo' } + + context 'with a matching password confirmation' do + let(:request) { proc { put :reset_password, internal_user: {password: password, password_confirmation: password}, id: user.id, token: user.reset_password_token } } + before(:each) { request.call } + + expect_assigns(user: :user) + + it 'changes the password' do + expect(InternalUser.authenticate(user.email, password)).to eq(user) + end + + expect_redirect { Rails.application.routes.url_helpers.send(:sign_in_path) } + end + + context 'without a matching password confirmation' do + before(:each) do + put :reset_password, internal_user: {password: password, password_confirmation: ''}, id: users.first.id, token: user.reset_password_token + end + + expect_assigns(user: :user) + expect_status(200) + expect_template(:reset_password) + end + end + end + describe 'GET #show' do before(:each) do allow(controller).to receive(:current_user).and_return(user)