github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-30 15:28:37 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: handle invalid password reset token

Browse Source
This commit is contained in:
Arpit Jalan
2018-01-09 23:31:59 +05:30
parent c1cb6053b7
commit 672888f526
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
spec/controllers/users_controller_spec.rb
View File

@ -303,11 +303,9 @@ describe UsersController do
context 'invalid token' do
render_views
before do
get :password_reset, params: { token: "evil_trout!" }
end
it 'disallows login' do
get :password_reset, params: { token: "evil_trout!" }
expect(response).to be_success
expect(CGI.unescapeHTML(response.body))
@ -319,6 +317,16 @@ describe UsersController do
expect(session[:current_user_id]).to be_blank
end
it "responds with proper error message" do
put :password_reset, params: {
token: "evil_trout!", password: "awesomeSecretPassword"
}, format: :json
expect(response).to be_success
expect(JSON.parse(response.body)["message"]).to eq(I18n.t('password_reset.no_token'))
expect(session[:current_user_id]).to be_blank
end
end
context 'valid token' do