FIX: handle invalid password reset token
This commit is contained in:
Arpit Jalan
parent
c1cb6053b7
commit
672888f526
|
|
@ -504,8 +504,8 @@ class UsersController < ApplicationController
|
||||||
success: false,
|
success: false,
|
||||||
message: @error,
|
message: @error,
|
||||||
errors: @user&.errors&.to_hash,
|
errors: @user&.errors&.to_hash,
|
||||||
is_developer: UsernameCheckerService.is_developer?(@user.email),
|
is_developer: UsernameCheckerService.is_developer?(@user&.email),
|
||||||
admin: @user.admin?
|
admin: @user&.admin?
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
render json: {
|
render json: {
|
||||||
|
|
|
||||||
|
|
@ -303,11 +303,9 @@ describe UsersController do
|
||||||
context 'invalid token' do
|
context 'invalid token' do
|
||||||
render_views
|
render_views
|
||||||
|
|
||||||
before do
|
|
||||||
get :password_reset, params: { token: "evil_trout!" }
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'disallows login' do
|
it 'disallows login' do
|
||||||
|
get :password_reset, params: { token: "evil_trout!" }
|
||||||
|
|
||||||
expect(response).to be_success
|
expect(response).to be_success
|
||||||
|
|
||||||
expect(CGI.unescapeHTML(response.body))
|
expect(CGI.unescapeHTML(response.body))
|
||||||
|
|
@ -319,6 +317,16 @@ describe UsersController do
|
||||||
|
|
||||||
expect(session[:current_user_id]).to be_blank
|
expect(session[:current_user_id]).to be_blank
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "responds with proper error message" do
|
||||||
|
put :password_reset, params: {
|
||||||
|
token: "evil_trout!", password: "awesomeSecretPassword"
|
||||||
|
}, format: :json
|
||||||
|
|
||||||
|
expect(response).to be_success
|
||||||
|
expect(JSON.parse(response.body)["message"]).to eq(I18n.t('password_reset.no_token'))
|
||||||
|
expect(session[:current_user_id]).to be_blank
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'valid token' do
|
context 'valid token' do
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue