Convert auth/passwords spec controller->system/request (#33790)

2025-01-31 03:08:56 -05:00 · 2025-01-31 03:08:56 -05:00 · c5cd9bda48
commit c5cd9bda48
parent 7c03327a17
3 changed files with 117 additions and 102 deletions
--- a/spec/system/auth/passwords_spec.rb
+++ b/spec/system/auth/passwords_spec.rb
@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Auth Passwords' do
+  let(:user) { Fabricate :user }
+  let!(:session_activation) { Fabricate(:session_activation, user: user) }
+  let!(:access_token) { Fabricate(:access_token, resource_owner_id: user.id) }
+  let!(:web_push_subscription) { Fabricate(:web_push_subscription, access_token: access_token) }
+
+  describe 'Resetting a password', :inline_jobs do
+    let(:new_password) { 'New.Pass.123' }
+
+    before { allow(Devise).to receive(:pam_authentication).and_return(false) } # Avoid the "seamless external" path
+
+    it 'initiates reset, sends link, resets password from form, clears data' do
+      visit new_user_password_path
+      expect(page)
+        .to have_title(I18n.t('auth.reset_password'))
+
+      submit_email_reset
+      expect(page)
+        .to have_title(I18n.t('auth.set_new_password'))
+
+      set_new_password
+      expect(page)
+        .to have_title(I18n.t('auth.login'))
+
+      # Change password
+      expect(User.find(user.id))
+        .to be_present
+        .and be_valid_password(new_password)
+
+      # Deactivate session
+      expect(user_session_count)
+        .to eq(0)
+      expect { session_activation.reload }
+        .to raise_error(ActiveRecord::RecordNotFound)
+
+      # Revoke tokens
+      expect(user_token_count)
+        .to eq(0)
+
+      # Remove push subs
+      expect(push_subs_count)
+        .to eq(0)
+      expect { web_push_subscription.reload }
+        .to raise_error(ActiveRecord::RecordNotFound)
+    end
+
+    def submit_email_reset
+      fill_in 'user_email', with: user.email
+      click_on I18n.t('auth.reset_password')
+      open_last_email
+      visit_in_email(I18n.t('devise.mailer.reset_password_instructions.action'))
+    end
+
+    def set_new_password
+      fill_in 'user_password', with: new_password
+      fill_in 'user_password_confirmation', with: new_password
+      click_on I18n.t('auth.set_new_password')
+    end
+
+    def user_session_count
+      user
+        .session_activations
+        .count
+    end
+
+    def user_token_count
+      Doorkeeper::AccessToken
+        .active_for(user)
+        .count
+    end
+
+    def push_subs_count
+      Web::PushSubscription
+        .where(user: user)
+        .or(Web::PushSubscription.where(access_token: access_token))
+        .count
+    end
+  end
+end