FIX: Reset password link broken for non-staff user in confirm session dialog (#32765)

2025-06-06 13:06:56 +08:00 · 2025-05-16 15:09:03 +08:00
parent 672007549b
commit 7820dd2b8f
5 changed files with 42 additions and 11 deletions
--- a/app/assets/javascripts/discourse/app/components/dialog-messages/confirm-session.gjs
+++ b/app/assets/javascripts/discourse/app/components/dialog-messages/confirm-session.gjs
@ -93,10 +93,7 @@ export default class ConfirmSession extends Component {
  @action
  async sendPasswordResetEmail() {
    try {
-      const result = await ajax("/session/forgot_password.json", {
-        data: { login: this.currentUser.username },
-        type: "POST",
-      });
+      const result = await this.currentUser.changePassword();

      if (result.success) {
        this.errorMessage = null;
--- a/app/assets/javascripts/discourse/app/models/user.js
+++ b/app/assets/javascripts/discourse/app/models/user.js
@ -585,8 +585,7 @@ export default class User extends RestModel.extend(Evented) {
  }

  changePassword() {
-    return ajax("/session/forgot_password", {
-      dataType: "json",
+    return ajax("/session/forgot_password.json", {
      data: { login: this.email || this.username },
      type: "POST",
    });
--- a/spec/system/page_objects/modals/confirm_session.rb
+++ b/spec/system/page_objects/modals/confirm_session.rb
@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module PageObjects
+  module Modals
+    class ConfirmSession < PageObjects::Pages::Base
+      def click_forgot_password
+        find(".confirm-session .confirm-session__reset-btn").click
+        self
+      end
+
+      def has_forgot_password_email_sent?
+        has_css?(".confirm-session .confirm-session__reset-email-sent")
+      end
+
+      def submit_password(password)
+        find(".confirm-session input#password").fill_in(with: password)
+        find(".confirm-session .btn-primary:not([disabled])").click
+        self
+      end
+    end
+  end
+end
--- a/spec/system/page_objects/pages/user_preferences_security.rb
+++ b/spec/system/page_objects/pages/user_preferences_security.rb
@ -8,10 +8,14 @@ module PageObjects
        self
      end

-      def visit_second_factor(user, password)
+      def click_manage_2fa_authentication
        click_button "Manage Two-Factor Authentication"
-        find(".confirm-session input#password").fill_in(with: password)
-        find(".confirm-session .btn-primary:not([disabled])").click
+        PageObjects::Modals::ConfirmSession.new
+      end
+
+      def visit_second_factor(user, password)
+        click_manage_2fa_authentication.submit_password(password)
+
        expect(page).to have_current_path("/u/#{user.username}/preferences/second-factor")
        self
      end
--- a/spec/system/user_page/user_preferences_security_spec.rb
+++ b/spec/system/user_page/user_preferences_security_spec.rb
@ -21,8 +21,17 @@ describe "User preferences | Security", type: :system do
  shared_examples "security keys" do
    it "adds a 2FA security key and logs in with it" do
      with_virtual_authenticator do
-        user_preferences_security_page.visit(user)
-        user_preferences_security_page.visit_second_factor(user, password)
+        confirm_session_modal =
+          user_preferences_security_page
+            .visit(user)
+            .click_manage_2fa_authentication
+            .click_forgot_password
+
+        expect(confirm_session_modal).to have_forgot_password_email_sent
+
+        confirm_session_modal.submit_password(password)
+
+        expect(page).to have_current_path("/u/#{user.username}/preferences/second-factor")

        find(".security-key .new-security-key").click
        expect(user_preferences_security_page).to have_css("input#security-key-name")