From c11f5a23fee248fe12236585c6638d104e8fd80d Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sun, 8 Jul 2012 07:36:58 +0000
Subject: [PATCH] Code cleanup.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9946 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/account_controller.rb      |  4 ++
 test/functional/account_controller_test.rb | 54 ++++++++++++++++++++++
 2 files changed, 58 insertions(+)

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index c9cefe8c7..dec06541b 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -50,6 +50,10 @@ class AccountController < ApplicationController
         return
       end
       @user = @token.user
+      unless @user && @user.active?
+        redirect_to home_url
+        return
+      end
       if request.post?
         @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
         if @user.save
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index 2c1310695..f48e4b3a6 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -186,4 +186,58 @@ class AccountControllerTest < ActionController::TestCase
       assert_response :success
     end
   end
+
+  def test_get_lost_password_with_token_should_display_the_password_recovery_form
+    user = User.find(2)
+    token = Token.create!(:action => 'recovery', :user => user)
+
+    get :lost_password, :token => token.value
+    assert_response :success
+    assert_template 'password_recovery'
+
+    assert_select 'input[type=hidden][name=token][value=?]', token.value
+  end
+
+  def test_get_lost_password_with_invalid_token_should_redirect
+    get :lost_password, :token => "abcdef"
+    assert_redirected_to '/'
+  end
+
+  def test_post_lost_password_with_token_should_change_the_user_password
+    user = User.find(2)
+    token = Token.create!(:action => 'recovery', :user => user)
+
+    post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'newpass'
+    assert_redirected_to '/login'
+    user.reload
+    assert user.check_password?('newpass')
+    assert_nil Token.find_by_id(token.id), "Token was not deleted"
+  end
+
+  def test_post_lost_password_with_token_for_non_active_user_should_fail
+    user = User.find(2)
+    token = Token.create!(:action => 'recovery', :user => user)
+    user.lock!
+
+    post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'newpass'
+    assert_redirected_to '/'
+    assert ! user.check_password?('newpass')
+  end
+
+  def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form
+    user = User.find(2)
+    token = Token.create!(:action => 'recovery', :user => user)
+
+    post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass'
+    assert_response :success
+    assert_template 'password_recovery'
+    assert_not_nil Token.find_by_id(token.id), "Token was deleted"
+
+    assert_select 'input[type=hidden][name=token][value=?]', token.value
+  end
+
+  def test_post_lost_password_with_invalid_token_should_redirect
+    post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass'
+    assert_redirected_to '/'
+  end
 end
-- 
2.39.5