github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-31 16:38:48 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: log off all existing sessions when resetting password

Browse Source
This commit is contained in:
Sam
2015-04-15 08:57:43 +10:00
parent 6a0cce8571
commit 2a3f71a9a1
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
spec/controllers/users_controller_spec.rb
View File

@ -266,13 +266,19 @@ describe UsersController do
context 'valid token' do
it 'returns success' do
user = Fabricate(:user)
user = Fabricate(:user, auth_token: SecureRandom.hex(16))
token = user.email_tokens.create(email: user.email).token
old_token = user.auth_token
get :password_reset, token: token
put :password_reset, token: token, password: 'newpassword'
expect(response).to be_success
expect(assigns[:error]).to be_blank
user.reload
expect(user.auth_token).to_not eq old_token
expect(user.auth_token.length).to eq 32
end
end