htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed broken password confirmation on password reset

Browse Source
This commit is contained in:
Hauke Klement
2015-02-23 16:19:06 +01:00
parent dafeb3a706
commit e8d7f172b9
2 changed files with 40 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/models/internal_user.rb
View File

@ -6,10 +6,15 @@ class InternalUser < ActiveRecord::Base
has_and_belongs_to_many :teams has_and_belongs_to_many :teams
validates :email, presence: true, uniqueness: true validates :email, presence: true, uniqueness: true
validates :password, confirmation: true, on: :update, presence: true, unless: :activated? validates :password, confirmation: true, if: :password_void?, on: :update, presence: true
validates :role, inclusion: {in: ROLES} validates :role, inclusion: {in: ROLES}
def activated? def activated?
activation_state == 'active' activation_state == 'active'
end end
def password_void?
activation_token? || reset_password_token?
end
private :password_void?
end end

48
spec/models/internal_user_spec.rb
View File

@ -13,21 +13,13 @@ describe InternalUser do
expect(user.errors[:email]).to be_present expect(user.errors[:email]).to be_present
end end
context 'when activated' do
let(:user) { FactoryGirl.create(:teacher, activation_state: 'active') }
it 'does not validate the confirmation of the password' do
user.update(password: password, password_confirmation: '')
expect(user.errors[:password_confirmation]).not_to be_present
end
it 'does not validate the presence of a password' do
expect(user.errors[:password]).not_to be_present
end
end
context 'when not activated' do context 'when not activated' do
let(:user) { described_class.create(FactoryGirl.attributes_for(:teacher, activation_state: 'pending', password: nil)) } let(:user) { FactoryGirl.create(:teacher) }
before(:each) do
user.send(:setup_activation)
user.send(:send_activation_needed_email!)
end
it 'validates the confirmation of the password' do it 'validates the confirmation of the password' do
user.update(password: password, password_confirmation: '') user.update(password: password, password_confirmation: '')
@ -40,6 +32,34 @@ describe InternalUser do
end end
end end
context 'with a pending password reset' do
let(:user) { FactoryGirl.create(:teacher) }
before(:each) { user.deliver_reset_password_instructions! }
it 'validates the confirmation of the password' do
user.update(password: password, password_confirmation: '')
expect(user.errors[:password_confirmation]).to be_present
end
it 'validates the presence of a password' do
user.update(name: Forgery(:name).full_name)
expect(user.errors[:password]).to be_present
end
end
context 'when complete' do
let(:user) { FactoryGirl.create(:teacher, activation_state: 'active') }
it 'does not validate the confirmation of the password' do
user.update(password: password, password_confirmation: '')
expect(user.errors[:password_confirmation]).not_to be_present
end
it 'does not validate the presence of a password' do
expect(user.errors[:password]).not_to be_present
end
end
it 'validates the domain of the role' do it 'validates the domain of the role' do
user.update(role: 'Foo') user.update(role: 'Foo')
expect(user.errors[:role]).to be_present expect(user.errors[:role]).to be_present