Fix password validation during password reset #83
@ -33,10 +33,12 @@ class User < ApplicationRecord
|
||||
end
|
||||
|
||||
def reset_password(new_password, new_password_confirmation)
|
||||
if new_password == new_password_confirmation && ::Devise.ldap_update_password
|
||||
self.password = new_password
|
||||
self.password_confirmation = new_password_confirmation
|
||||
return false unless valid?
|
||||
|
||||
Devise::LDAP::Adapter.update_password(login_with, new_password)
|
||||
|
|
||||
end
|
||||
clear_reset_password_token if valid?
|
||||
clear_reset_password_token
|
||||
save
|
||||
end
|
||||
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
<%= f.label :password, "New password" %>
|
||||
</p>
|
||||
<p>
|
||||
<%= f.password_field :password, autofocus: true, autocomplete: "new-password" %>
|
||||
<%= f.password_field :password, autofocus: true, autocomplete: "new-password", class: "w-full" %>
|
||||
<% if @minimum_password_length %>
|
||||
<br><em class="text-sm text-gray-500">(<%= @minimum_password_length %> characters minimum)</em>
|
||||
<% end %>
|
||||
@ -20,10 +20,10 @@
|
||||
<%= f.label :password_confirmation, "Confirm new password" %>
|
||||
</p>
|
||||
<p>
|
||||
<%= f.password_field :password_confirmation, autocomplete: "new-password" %>
|
||||
<%= f.password_field :password_confirmation, autocomplete: "new-password", class: "w-full" %>
|
||||
</p>
|
||||
<p class="mt-8">
|
||||
<%= f.submit "Change my password", class: 'btn-md btn-blue' %>
|
||||
<%= f.submit "Change my password", class: 'btn-md btn-blue w-full' %>
|
||||
</p>
|
||||
<% end %>
|
||||
|
||||
|
||||
54
spec/features/devise/password_reset.rb
Normal file
54
spec/features/devise/password_reset.rb
Normal file
@ -0,0 +1,54 @@
|
||||
require 'rails_helper'
|
||||
|
||||
RSpec.describe 'Password reset', type: :feature do
|
||||
let(:user) { create :user }
|
||||
|
||||
before do
|
||||
login_as user, :scope => :user
|
||||
end
|
||||
|
||||
scenario 'Send password reset email' do
|
||||
expect(user.reset_password_token).to be_nil
|
||||
|
||||
visit settings_account_path
|
||||
click_button "Send me a password reset link"
|
||||
expect(page).to have_content 'Please check your inbox'
|
||||
expect(user.reload.reset_password_token).to be_a(String)
|
||||
end
|
||||
|
||||
describe "Password reset form" do
|
||||
# Generate a raw reset token, since the stored one is only a digest
|
||||
let(:token) { user.send(:set_reset_password_token) }
|
||||
|
||||
before do
|
||||
logout
|
||||
end
|
||||
|
||||
scenario "Submit with invalid passwords" do
|
||||
expect(Devise::LDAP::Adapter).not_to receive(:update_password)
|
||||
|
||||
visit edit_user_password_path(reset_password_token: token)
|
||||
fill_in :user_password, with: 'nice try'
|
||||
fill_in :user_password_confirmation, with: 'nice try o'
|
||||
click_button 'Change my password'
|
||||
expect(page).to have_content 'Password is too short'
|
||||
|
||||
fill_in :user_password, with: 'a new password'
|
||||
fill_in :user_password_confirmation, with: 'a new password with a typo'
|
||||
click_button 'Change my password'
|
||||
expect(page).to have_content 'Password confirmation doesn\'t match'
|
||||
end
|
||||
|
||||
scenario "Submit with valid passwords" do
|
||||
expect(Devise::LDAP::Adapter).to receive(:update_password)
|
||||
.with(user.cn, 'catch me if you can').and_return(true)
|
||||
|
||||
visit edit_user_password_path(reset_password_token: token)
|
||||
fill_in :user_password, with: 'catch me if you can'
|
||||
fill_in :user_password_confirmation, with: 'catch me if you can'
|
||||
click_button 'Change my password'
|
||||
expect(page).to have_content 'Your password has been changed successfully'
|
||||
expect(user.reload.reset_password_token).to be_nil
|
||||
end
|
||||
end
|
||||
end
|
||||
Loading…
x
Reference in New Issue
Block a user
can this fail somehow? do we need to catch some error here?
Hopefully never, but we have #14 and kosmos/chef#436 open to set up exception tracking.