FIX: User can't reset password with backup codes when only security key is enabled (#27368)

This commit fixes a problem where the user will not be able to reset their password when they only have security keys and backup codes configured. This commit also makes the following changes/fixes: 1. Splits password reset system tests to `spec/system/forgot_password_spec.rb` instead of missing the system tests in `spec/system/login_spec.rb` which is mainly used to test the login flow. 2. Fixes a UX issue where the `Use backup codes` or `Use authenticator app` text is shown on the reset password form when the user does not have either backup codes or an authenticator app configured.
2025-06-03 19:39:30 +08:00 · 2024-06-06 14:30:42 +08:00
parent 4b1e017722
commit 952f69ce60
16 changed files with 363 additions and 76 deletions
--- a/spec/system/page_objects/pages/user_reset_password.rb
+++ b/spec/system/page_objects/pages/user_reset_password.rb
@ -0,0 +1,79 @@
+# frozen_string_literal: true
+module PageObjects
+  module Pages
+    class UserResetPassword < PageObjects::Pages::Base
+      def has_no_toggle_button_to_second_factor_form?
+        page.has_no_css?("#security-key .toggle-second-factor-method")
+      end
+
+      def has_no_toggle_button_in_second_factor_form?
+        page.has_no_css?("#second-factor .toggle-second-factor-method")
+      end
+
+      def has_totp_description?
+        page.find(".second-factor__description").has_text?(
+          I18n.t("js.login.second_factor_description"),
+        )
+      end
+
+      def has_backup_codes_description?
+        page.find(".second-factor__description").has_text?(
+          I18n.t("js.login.second_factor_backup_description"),
+        )
+      end
+
+      def has_logged_in_user?
+        page.has_css?(".header-dropdown-toggle.current-user")
+      end
+
+      def use_totp
+        find(".toggle-second-factor-method", text: I18n.t("js.user.second_factor.use")).click
+      end
+
+      def use_backup_codes
+        find(".toggle-second-factor-method", text: I18n.t("js.user.second_factor_backup.use")).click
+        self
+      end
+
+      def try_another_way
+        find("#security-key .toggle-second-factor-method").click
+        self
+      end
+
+      def submit_security_key
+        find("#security-key-authenticate-button").click
+        self
+      end
+
+      def fill_in_new_password(password)
+        find("#new-account-password").fill_in(with: password)
+        self
+      end
+
+      def submit_new_password
+        find(".change-password-form .btn-primary").click
+        self
+      end
+
+      def fill_in_backup_code(backup_code)
+        find("#second-factor .second-factor-token-input").fill_in(with: "iAmValidBackupCode")
+        self
+      end
+
+      def submit_backup_code
+        find(".change-password-form .btn-primary").click
+        self
+      end
+
+      def fill_in_totp(totp)
+        find("#second-factor .second-factor-token-input").fill_in(with: totp)
+        self
+      end
+
+      def submit_totp
+        find(".change-password-form .btn-primary").click
+        self
+      end
+    end
+  end
+end