2023-02-19 14:01:25 +00:00 · 2023-02-19 13:28:27 +00:00 · 2023-02-19 14:00:32 +00:00
3 changed files with 63 additions and 7 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -33,10 +33,12 @@ class User < ApplicationRecord
  end
  def reset_password(new_password, new_password_confirmation)
-    if new_password == new_password_confirmation && ::Devise.ldap_update_password
+    self.password = new_password
-      Devise::LDAP::Adapter.update_password(login_with, new_password)
+    self.password_confirmation = new_password_confirmation
-    end
+    return false unless valid?
-    clear_reset_password_token if valid?
+
    Devise::LDAP::Adapter.update_password(login_with, new_password)
    clear_reset_password_token
    save
  end
--- a/app/views/devise/passwords/edit.html.erb
+++ b/app/views/devise/passwords/edit.html.erb
@ -11,7 +11,7 @@
      <%= f.label :password, "New password" %>
    </p>
    <p>
-      <%= f.password_field :password, autofocus: true, autocomplete: "new-password" %>
+      <%= f.password_field :password, autofocus: true, autocomplete: "new-password", class: "w-full" %>
      <% if @minimum_password_length %>
        <br><em class="text-sm text-gray-500">(<%= @minimum_password_length %> characters minimum)</em>
      <% end %>
@ -20,10 +20,10 @@
      <%= f.label :password_confirmation, "Confirm new password" %>
    </p>
    <p>
-      <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
+      <%= f.password_field :password_confirmation, autocomplete: "new-password", class: "w-full" %>
    </p>
    <p class="mt-8">
-      <%= f.submit "Change my password", class: 'btn-md btn-blue' %>
+      <%= f.submit "Change my password", class: 'btn-md btn-blue w-full' %>
    </p>
  <% end %>
--- a/spec/features/devise/password_reset.rb
+++ b/spec/features/devise/password_reset.rb
@ -0,0 +1,54 @@
 require 'rails_helper'
 RSpec.describe 'Password reset', type: :feature do
  let(:user) { create :user }
  before do
    login_as user, :scope => :user
  end
  scenario 'Send password reset email' do
    expect(user.reset_password_token).to be_nil
    visit settings_account_path
    click_button "Send me a password reset link"
    expect(page).to have_content 'Please check your inbox'
    expect(user.reload.reset_password_token).to be_a(String)
  end
  describe "Password reset form" do
    # Generate a raw reset token, since the stored one is only a digest
    let(:token) { user.send(:set_reset_password_token) }
    before do
      logout
    end
    scenario "Submit with invalid passwords" do
      expect(Devise::LDAP::Adapter).not_to receive(:update_password)
      visit edit_user_password_path(reset_password_token: token)
      fill_in :user_password, with: 'nice try'
      fill_in :user_password_confirmation, with: 'nice try o'
      click_button 'Change my password'
      expect(page).to have_content 'Password is too short'
      fill_in :user_password, with: 'a new password'
      fill_in :user_password_confirmation, with: 'a new password with a typo'
      click_button 'Change my password'
      expect(page).to have_content 'Password confirmation doesn\'t match'
    end
    scenario "Submit with valid passwords" do
      expect(Devise::LDAP::Adapter).to receive(:update_password)
        .with(user.cn, 'catch me if you can').and_return(true)
      visit edit_user_password_path(reset_password_token: token)
      fill_in :user_password, with: 'catch me if you can'
      fill_in :user_password_confirmation, with: 'catch me if you can'
      click_button 'Change my password'
      expect(page).to have_content 'Your password has been changed successfully'
      expect(user.reload.reset_password_token).to be_nil
    end
  end
 end