require 'test_helper'
module Workarea
module Storefront
class PasswordsSystemTest < Workarea::SystemTest
setup :set_customer_email
setup :set_admin_email
setup :set_password
setup :set_customer_user
setup :set_admin_user
def set_customer_email
@customer_email = 'test@workarea.com'
end
def set_admin_email
@admin_email = 'test-admin@workarea.com'
end
def set_password
@password = 'P@ssw0rd!!'
end
def set_customer_user
@customer_user = create_user(email: @customer_email, password: 'W3bl1nc!')
end
def set_admin_user
create_user(
email: @admin_email,
password: 'W3bl1nc!',
admin: true
)
end
def test_customer_resetting_a_password
visit storefront.forgot_password_path
within '#forgot_password_form' do
fill_in 'email', with: 'bogus@email.com'
click_button t('workarea.storefront.forms.send')
end
assert(page.has_content?(t('workarea.storefront.flash_messages.password_reset_email_sent', email: 'bogus@email.com')))
within '#forgot_password_form' do
fill_in 'email', with: @customer_email
click_button t('workarea.storefront.forms.send')
end
# User comes back from a link in an email
token = User::PasswordReset.first.token
visit storefront.reset_password_path(token)
within '#reset_password_form' do
fill_in 'password', with: @password
click_button t('workarea.storefront.users.reset_password')
end
assert_current_path(storefront.login_path)
assert(page.has_content?('Success'))
within '#login_form' do
fill_in 'email', with: @customer_email
fill_in 'password', with: @password
click_button t('workarea.storefront.users.login')
end
assert(page.has_content?('Success'))
end
def test_admin_resetting_a_password
visit storefront.forgot_password_path
within '#forgot_password_form' do
fill_in 'email', with: @admin_email
click_button t('workarea.storefront.forms.send')
end
token = User::PasswordReset.first.token
visit storefront.reset_password_path(token)
within '#reset_password_form' do
fill_in 'password', with: @password
click_button t('workarea.storefront.users.reset_password')
end
assert_current_path(storefront.login_path)
assert(page.has_content?('Success'))
delivery = ActionMailer::Base.deliveries.last
assert_includes(delivery.subject, t('workarea.storefront.email.password_reset.subject'))
assert_includes(delivery.to, @admin_email)
assert_includes(delivery.html_part.body, token)
within '#login_form' do
fill_in 'email', with: @admin_email
fill_in 'password', with: @password
click_button t('workarea.storefront.users.login')
end
assert_current_path(admin.root_path)
end
def test_admin_forcing_password_resets
Workarea.with_config do |config|
config.password_lifetime = 1.second
sleep(1)
# sign in for the first time
visit storefront.login_path
within '#login_form' do
fill_in 'email', with: @admin_email
fill_in 'password', with: 'W3bl1nc!'
click_button t('workarea.storefront.users.login')
end
assert_current_path(storefront.change_password_path)
# sign out
reset_session!
visit storefront.login_path
# sign in again
within '#login_form' do
fill_in 'email', with: @admin_email
fill_in 'password', with: 'W3bl1nc!'
click_button t('workarea.storefront.users.login')
end
assert_current_path(storefront.change_password_path)
# disallow all other page movement
visit storefront.root_path
assert_current_path(storefront.change_password_path)
config.password_lifetime = 1.hour
fill_in 'old_password', with: 'W3bl1nc!'
fill_in 'password', with: @password
click_button t('workarea.storefront.users.change_password')
assert_current_path(storefront.users_account_path)
click_link t('workarea.storefront.users.logout')
visit storefront.login_path
within '#login_form' do
fill_in 'email', with: @admin_email
fill_in 'password', with: @password
click_button t('workarea.storefront.users.login')
end
assert_current_path(admin.root_path)
end
end
end
end
end