FIX: regression, forgot password broken

also... mocks were invented by the devil
2014-07-02 13:06:55 +10:00 · 2014-07-02 13:06:55 +10:00 · 5a0aed2bfa
parent 58ada6f847
commit 5a0aed2bfa
2 changed files with 20 additions and 24 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -200,7 +200,15 @@ class UsersController < ApplicationController
    expires_now()

    @user = EmailToken.confirm(params[:token])
-    if @user.blank?
+
+    if @user
+      session[params[:token]] = @user.id
+    else
+      user_id = session[params[:token]]
+      @user = User.find(user_id) if user_id
+    end
+
+    if !@user
      flash[:error] = I18n.t('password_reset.no_token')
    elsif request.put?
      raise Discourse::InvalidParameters.new(:password) unless params[:password].present?
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -214,46 +214,34 @@ describe UsersController do
    let(:user) { Fabricate(:user) }

    context "you can view it even if login is required" do
-      before do
-        SiteSetting.stubs(:login_required).returns(true)
-        get :password_reset, token: 'asdfasdf'
-      end
-
      it "returns success" do
+        SiteSetting.login_required = true
+        get :password_reset, token: 'asdfasdf'
        response.should be_success
      end
    end

    context 'invalid token' do
      before do
-        EmailToken.expects(:confirm).with('asdfasdf').returns(nil)
-        get :password_reset, token: 'asdfasdf'
+        get :password_reset, token: SecureRandom.hex
      end

-      it 'return success' do
+      it 'disallows login' do
+        flash[:error].should be_present
+        session[:current_user_id].should be_blank
        response.should be_success
      end

-      it 'sets a flash error' do
-        flash[:error].should be_present
-      end
-
-      it "doesn't log in the user" do
-        session[:current_user_id].should be_blank
-      end
    end

    context 'valid token' do
-      before do
-        EmailToken.expects(:confirm).with('asdfasdf').returns(user)
-        put :password_reset, token: 'asdfasdf', password: 'newpassword'
-      end
-
      it 'returns success' do
-        response.should be_success
-      end
+        user = Fabricate(:user)
+        token = user.email_tokens.create(email: user.email).token

-      it "doesn't set an error" do
+        get :password_reset, token: token
+        put :password_reset, token: token, password: 'newpassword'
+        response.should be_success
        flash[:error].should be_blank
      end
    end