Sha256: dcf6f28e74501b4b3662a1eab1f10e89c514cbeaf9b4ad8fd0b62c0499554fa5
Contents?: true
Size: 1.74 KB
Versions: 4
Compression:
Stored size: 1.74 KB
Contents
# frozen_string_literal: true
require 'test_helper'
# was the web request successful?
# was the user redirected to the right page?
# was the user successfully authenticated?
# was the correct object stored in the response?
# was the appropriate message delivered in the json payload?
class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
include OverridesControllersRoutes
describe Overrides::PasswordsController do
before do
@resource = create(:user, :confirmed)
post '/evil_user_auth/password',
params: {
email: @resource.email,
redirect_url: Faker::Internet.url
}
mail = ActionMailer::Base.deliveries.last
@resource.reload
mail_reset_token = mail.body.match(/reset_password_token=(.*)"/)[1]
mail_redirect_url = CGI.unescape(mail.body.match(/redirect_url=([^&]*)&/)[1])
get '/evil_user_auth/password/edit',
params: {
reset_password_token: mail_reset_token,
redirect_url: mail_redirect_url
}
@resource.reload
_, raw_query_string = response.location.split('?')
@query_string = Rack::Utils.parse_nested_query(raw_query_string)
end
test 'response should have success redirect status' do
assert_equal 302, response.status
end
test 'response should contain auth params + override proof' do
# TODO: remove access-token and keep uid?
assert @query_string['access-token']
assert @query_string['override_proof']
assert @query_string['reset_password']
end
test 'override proof is correct' do
assert_equal(
@query_string['override_proof'],
Overrides::PasswordsController::OVERRIDE_PROOF
)
end
end
end
Version data entries
4 entries across 4 versions & 1 rubygems