kosmos/akkounts
kosmos/akkounts
8
1
Fork 0
Code Issues 19 Pull Requests 1 Actions Packages Releases 12 Activity

Fix password validation during password reset

Browse Source 
fixes #28
This commit is contained in:
Râu Cao 2023-02-19 15:50:19 +08:00
parent b9259958f4
commit b67d6139ac
Signed by: raucao
GPG Key ID: 15E65F399D084BA9
2 changed files with 37 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/models/user.rb
View File

@ -33,10 +33,12 @@ class User < ApplicationRecord
end end
def reset_password(new_password, new_password_confirmation) def reset_password(new_password, new_password_confirmation)
if new_password == new_password_confirmation && ::Devise.ldap_update_password self.password = new_password
self.password_confirmation = new_password_confirmation
return false unless valid?
Devise::LDAP::Adapter.update_password(login_with, new_password) Devise::LDAP::Adapter.update_password(login_with, new_password)
end clear_reset_password_token
clear_reset_password_token if valid?
save save
end end

30
spec/features/devise/password_reset.rb
View File

@ -16,17 +16,39 @@ RSpec.describe 'Password reset', type: :feature do
expect(user.reload.reset_password_token).to be_a(String) expect(user.reload.reset_password_token).to be_a(String)
end end
scenario "Reset password" do describe "Password reset form" do
# Generate a raw reset token, since the stored one is only a digest # Generate a raw reset token, since the stored one is only a digest
token = user.send(:set_reset_password_token) let(:token) { user.send(:set_reset_password_token) }
before do
logout logout
end
scenario "Submit with invalid passwords" do
expect(Devise::LDAP::Adapter).not_to receive(:update_password)
visit edit_user_password_path(reset_password_token: token) visit edit_user_password_path(reset_password_token: token)
expect(page).to have_content 'Change your password' fill_in :user_password, with: 'nice try'
fill_in :user_password_confirmation, with: 'nice try o'
click_button 'Change my password'
expect(page).to have_content 'Password is too short'
fill_in :user_password, with: 'a new password' fill_in :user_password, with: 'a new password'
fill_in :user_password_confirmation, with: 'a new password with a typo' fill_in :user_password_confirmation, with: 'a new password with a typo'
click_button 'Change my password' click_button 'Change my password'
expect(page).to have_content 'Password confirmation doesn\'t match'
end
expect(page).to have_content 'Confirmation does not match' scenario "Submit with valid passwords" do
expect(Devise::LDAP::Adapter).to receive(:update_password)
.with(user.cn, 'catch me if you can').and_return(true)
visit edit_user_password_path(reset_password_token: token)
fill_in :user_password, with: 'catch me if you can'
fill_in :user_password_confirmation, with: 'catch me if you can'
click_button 'Change my password'
expect(page).to have_content 'Your password has been changed successfully'
expect(user.reload.reset_password_token).to be_nil
end
end end
end end