From ec9f9c26a8079610b43c64f4ea8ba4027566b44e Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sun, 5 Mar 2017 09:16:33 +0000
Subject: [PATCH] Adds tests for #25253.

git-svn-id: http://svn.redmine.org/redmine/trunk@16375 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 test/functional/account_controller_test.rb | 28 ++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index 7bb6ab576..01affec56 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -438,6 +438,34 @@ class AccountControllerTest < Redmine::ControllerTest
     assert_select 'input[type=hidden][name=token][value=?]', token.value
   end
 
+  def test_post_lost_password_with_token_should_not_accept_same_password_if_user_must_change_password
+    user = User.find(2)
+    user.password = "originalpassword"
+    user.must_change_passwd = true
+    user.save!
+    token = Token.create!(:action => 'recovery', :user => user)
+
+    post :lost_password, :token => token.value, :new_password => 'originalpassword', :new_password_confirmation => 'originalpassword'
+    assert_response :success
+    assert_not_nil Token.find_by_id(token.id), "Token was deleted"
+
+    assert_select '.flash', :text => /The new password must be different/
+    assert_select 'input[type=hidden][name=token][value=?]', token.value
+  end
+
+  def test_post_lost_password_with_token_should_reset_must_change_password
+    user = User.find(2)
+    user.password = "originalpassword"
+    user.must_change_passwd = true
+    user.save!
+    token = Token.create!(:action => 'recovery', :user => user)
+
+    post :lost_password, :token => token.value, :new_password => 'newpassword', :new_password_confirmation => 'newpassword'
+    assert_redirected_to '/login'
+
+    assert_equal false, user.reload.must_change_passwd
+  end
+
   def test_post_lost_password_with_invalid_token_should_redirect
     post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass'
     assert_redirected_to '/'
-- 
2.39.5