github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-06 13:06:56 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Reset password link broken for non-staff user in confirm session dialog (#32765)

Browse Source
This commit is contained in:
Alan Guo Xiang Tan
2025-05-16 15:09:03 +08:00
committed by GitHub
parent 672007549b
commit 7820dd2b8f
5 changed files with 42 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/assets/javascripts/discourse/app/components/dialog-messages/confirm-session.gjs
View File

@ -93,10 +93,7 @@ export default class ConfirmSession extends Component {
@action @action
async sendPasswordResetEmail() { async sendPasswordResetEmail() {
try { try {
const result = await ajax("/session/forgot_password.json", { const result = await this.currentUser.changePassword();
data: { login: this.currentUser.username },
type: "POST",
});
if (result.success) { if (result.success) {
this.errorMessage = null; this.errorMessage = null;

3
app/assets/javascripts/discourse/app/models/user.js
View File

@ -585,8 +585,7 @@ export default class User extends RestModel.extend(Evented) {
} }
changePassword() { changePassword() {
return ajax("/session/forgot_password", { return ajax("/session/forgot_password.json", {
dataType: "json",
data: { login: this.email || this.username }, data: { login: this.email || this.username },
type: "POST", type: "POST",
}); });

22
spec/system/page_objects/modals/confirm_session.rb Normal file
View File

@ -0,0 +1,22 @@
# frozen_string_literal: true
module PageObjects
module Modals
class ConfirmSession < PageObjects::Pages::Base
def click_forgot_password
find(".confirm-session .confirm-session__reset-btn").click
self
end
def has_forgot_password_email_sent?
has_css?(".confirm-session .confirm-session__reset-email-sent")
end
def submit_password(password)
find(".confirm-session input#password").fill_in(with: password)
find(".confirm-session .btn-primary:not([disabled])").click
self
end
end
end
end

10
spec/system/page_objects/pages/user_preferences_security.rb
View File

@ -8,10 +8,14 @@ module PageObjects
self self
end end
def visit_second_factor(user, password) def click_manage_2fa_authentication
click_button "Manage Two-Factor Authentication" click_button "Manage Two-Factor Authentication"
find(".confirm-session input#password").fill_in(with: password) PageObjects::Modals::ConfirmSession.new
find(".confirm-session .btn-primary:not([disabled])").click end
def visit_second_factor(user, password)
click_manage_2fa_authentication.submit_password(password)
expect(page).to have_current_path("/u/#{user.username}/preferences/second-factor") expect(page).to have_current_path("/u/#{user.username}/preferences/second-factor")
self self
end end

13
spec/system/user_page/user_preferences_security_spec.rb
View File

@ -21,8 +21,17 @@ describe "User preferences | Security", type: :system do
shared_examples "security keys" do shared_examples "security keys" do
it "adds a 2FA security key and logs in with it" do it "adds a 2FA security key and logs in with it" do
with_virtual_authenticator do with_virtual_authenticator do
user_preferences_security_page.visit(user) confirm_session_modal =
user_preferences_security_page.visit_second_factor(user, password) user_preferences_security_page
.visit(user)
.click_manage_2fa_authentication
.click_forgot_password
expect(confirm_session_modal).to have_forgot_password_email_sent
confirm_session_modal.submit_password(password)
expect(page).to have_current_path("/u/#{user.username}/preferences/second-factor")
find(".security-key .new-security-key").click find(".security-key .new-security-key").click
expect(user_preferences_security_page).to have_css("input#security-key-name") expect(user_preferences_security_page).to have_css("input#security-key-name")