diff --git a/app/models/user.rb b/app/models/user.rb index 660d53c..a627661 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -33,10 +33,12 @@ class User < ApplicationRecord end def reset_password(new_password, new_password_confirmation) - if new_password == new_password_confirmation && ::Devise.ldap_update_password - Devise::LDAP::Adapter.update_password(login_with, new_password) - end - clear_reset_password_token if valid? + self.password = new_password + self.password_confirmation = new_password_confirmation + return false unless valid? + + Devise::LDAP::Adapter.update_password(login_with, new_password) + clear_reset_password_token save end diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb index adc8816..42375fe 100644 --- a/app/views/devise/passwords/edit.html.erb +++ b/app/views/devise/passwords/edit.html.erb @@ -11,7 +11,7 @@ <%= f.label :password, "New password" %>

- <%= f.password_field :password, autofocus: true, autocomplete: "new-password" %> + <%= f.password_field :password, autofocus: true, autocomplete: "new-password", class: "w-full" %> <% if @minimum_password_length %>
(<%= @minimum_password_length %> characters minimum) <% end %> @@ -20,10 +20,10 @@ <%= f.label :password_confirmation, "Confirm new password" %>

- <%= f.password_field :password_confirmation, autocomplete: "new-password" %> + <%= f.password_field :password_confirmation, autocomplete: "new-password", class: "w-full" %>

- <%= f.submit "Change my password", class: 'btn-md btn-blue' %> + <%= f.submit "Change my password", class: 'btn-md btn-blue w-full' %>

<% end %> diff --git a/spec/features/devise/password_reset.rb b/spec/features/devise/password_reset.rb new file mode 100644 index 0000000..c12396c --- /dev/null +++ b/spec/features/devise/password_reset.rb @@ -0,0 +1,54 @@ +require 'rails_helper' + +RSpec.describe 'Password reset', type: :feature do + let(:user) { create :user } + + before do + login_as user, :scope => :user + end + + scenario 'Send password reset email' do + expect(user.reset_password_token).to be_nil + + visit settings_account_path + click_button "Send me a password reset link" + expect(page).to have_content 'Please check your inbox' + expect(user.reload.reset_password_token).to be_a(String) + end + + describe "Password reset form" do + # Generate a raw reset token, since the stored one is only a digest + let(:token) { user.send(:set_reset_password_token) } + + before do + logout + end + + scenario "Submit with invalid passwords" do + expect(Devise::LDAP::Adapter).not_to receive(:update_password) + + visit edit_user_password_path(reset_password_token: token) + fill_in :user_password, with: 'nice try' + fill_in :user_password_confirmation, with: 'nice try o' + click_button 'Change my password' + expect(page).to have_content 'Password is too short' + + fill_in :user_password, with: 'a new password' + fill_in :user_password_confirmation, with: 'a new password with a typo' + click_button 'Change my password' + expect(page).to have_content 'Password confirmation doesn\'t match' + end + + scenario "Submit with valid passwords" do + expect(Devise::LDAP::Adapter).to receive(:update_password) + .with(user.cn, 'catch me if you can').and_return(true) + + visit edit_user_password_path(reset_password_token: token) + fill_in :user_password, with: 'catch me if you can' + fill_in :user_password_confirmation, with: 'catch me if you can' + click_button 'Change my password' + expect(page).to have_content 'Your password has been changed successfully' + expect(user.reload.reset_password_token).to be_nil + end + end +end