/
main_app_spec.rb
154 lines (123 loc) · 4.44 KB
/
main_app_spec.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
ENV['RACK_ENV'] = 'test'
Thread.abort_on_exception=true
require 'spec_helper'
require 'json'
require 'uri'
require 'rspec'
require 'rack/test'
require './apps/main.rb'
require './models.rb'
require './persistence.rb'
describe 'Main App' do
include Rack::Test::Methods
include Models
def app
MainApp
end
it "has a working index page" do
get '/'
expect(last_response).to be_ok
end
it "has a working 'request password reset' page" do
get '/request_password_reset'
expect(last_response).to be_ok
end
it "allows users to reset password" do
user = FactoryBot.create(:user)
new_password = "password5"
expect(user.password).to_not be_nil
expect(new_password).to_not eq(user.password)
# Request Reset
post '/request_password_reset', {
:email => user.email
}
expect(last_response).to be_ok
expect(EmailJob.where(:to => user.email.downcase).count).to eq(1)
expect(PasswordResetRequest.count(:email => user.email.downcase)).to eq(1)
code = PasswordResetRequest.first(:email => user.email.downcase).code
# GET reset page
reset_password_url = "/reset_password?" + URI.encode_www_form([["email", user.email], ["code", code]])
get reset_password_url
expect(last_response).to be_ok
# Reset
post '/reset_password', {
:email => user.email,
:code => code,
:password => new_password,
:confirm_password => new_password
}
expect(last_response).to be_ok
updated_user = User.first(:email => user.email)
expect(updated_user.password_hash).to_not eq(user.password_hash)
expect(updated_user.password_salt).to_not eq(user.password_salt)
expect(EmailJob.where(:to => user.email.downcase).count).to eq(2)
expect(PasswordResetRequest.count(:email => user.email.downcase)).to eq(0)
end
it "handles /request_password_reset errors" do
invalid_email = FactoryBot.attributes_for(:user)[:email]
# Illegal - empty email field
post '/request_password_reset', {
:email => nil
}
expect(last_response).to be_ok
expect(EmailJob.where(:to => '').count).to eq(0)
expect(PasswordResetRequest.where(:email => '').count).to eq(0)
# Illegal - non-registered user
post '/request_password_reset', {
:email => invalid_email
}
expect(last_response).to be_ok
expect(EmailJob.where(:to => invalid_email.downcase).count).to eq(0)
expect(PasswordResetRequest.where(:email => invalid_email.downcase).count).to eq(0)
end
it "handles /reset_password errors" do
user = FactoryBot.create(:user)
# Request Reset
post '/request_password_reset', {
:email => user.email
}
expect(last_response).to be_ok
# There's another test that checks to see if reset request is OK
code = PasswordResetRequest.first(:email => user.email.downcase).code
# Invalid GET - no params
get "/reset_password"
expect(last_response).to be_redirect
# Invalid GET - no email
get "/reset_password?#{URI.encode_www_form([["code", code]])}"
expect(last_response).to be_redirect
expect(PasswordResetRequest.count(:email => user.email.downcase)).to eq(1)
# Invalid GET - no code
get "/reset_password?#{URI.encode_www_form([["email", user.email]])}"
expect(last_response).to be_redirect
expect(PasswordResetRequest.count(:email => user.email.downcase)).to eq(1)
# Invalid GET - wrong code
get "/reset_password?#{URI.encode_www_form([['email', user.email], ['code', code.reverse]])}"
expect(last_response).to be_redirect
expect(PasswordResetRequest.count(:email => user.email.downcase)).to eq(1)
# Invalid POST - no email
post '/reset_password', {
:code => code,
:password => 'password',
:confirm_password => 'password'
}
expect(last_response).to_not be_ok
expect(PasswordResetRequest.count(:email => user.email.downcase)).to eq(1)
# Invalid POST - no code
post '/reset_password', {
:email => user.email,
:password => 'password',
:confirm_password => 'password'
}
expect(last_response).to_not be_ok
expect(PasswordResetRequest.count(:email => user.email.downcase)).to eq(1)
# Invalid POST - password mismatch
post '/reset_password', {
:email => user.email,
:code => code,
:password => 'new password',
:confirm_password => 'different password'
}
expect(last_response).to be_ok
expect(PasswordResetRequest.count(:email => user.email.downcase)).to eq(1)
end
end