diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-07-07 18:27:34 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2012-07-07 18:27:34 +0000 |
| commit | 193b571e67c17a4de1a0b6128b35ea7c7c620ba6 (patch) | |
| tree | 206f6eb091aa7b5a7f4f7a53abd453af44deeedf | |
| parent | a1d0acd632d70d1b279501de1220ca2df5ebb63e (diff) | |
| download | redmine-193b571e67c17a4de1a0b6128b35ea7c7c620ba6.tar.gz redmine-193b571e67c17a4de1a0b6128b35ea7c7c620ba6.zip | |
Code cleanup.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9943 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/account_controller.rb | 16 | ||||
| -rw-r--r-- | test/functional/account_controller_test.rb | 41 |
2 files changed, 52 insertions, 5 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 7d57b45da..c9cefe8c7 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -63,11 +63,17 @@ class AccountController < ApplicationController return else if request.post? - user = User.find_by_mail(params[:mail]) - # user not found in db - (flash.now[:error] = l(:notice_account_unknown_email); return) unless user - # user uses an external authentification - (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id + user = User.find_by_mail(params[:mail].to_s) + # user not found or not active + unless user && user.active? + flash.now[:error] = l(:notice_account_unknown_email) + return + end + # user cannot change its password + unless user.change_password_allowed? + flash.now[:error] = l(:notice_can_t_change_password) + return + end # create a new token for password recovery token = Token.new(:user => user, :action => "recovery") if token.save diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb index 923c77124..a30b3ba01 100644 --- a/test/functional/account_controller_test.rb +++ b/test/functional/account_controller_test.rb @@ -141,4 +141,45 @@ class AccountControllerTest < ActionController::TestCase end end end + + def test_get_lost_password_should_display_lost_password_form + get :lost_password + assert_response :success + assert_select 'input[name=mail]' + end + + def test_lost_password_for_active_user_should_create_a_token + assert_difference 'ActionMailer::Base.deliveries.size' do + assert_difference 'Token.count' do + with_settings :host_name => 'mydomain.foo', :protocol => 'http' do + post :lost_password, :mail => 'JSmith@somenet.foo' + assert_redirected_to '/login' + end + end + end + + token = Token.order('id DESC').first + assert_equal User.find(2), token.user + assert_equal 'recovery', token.action + + assert_select_email do + assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}" + end + end + + def test_lost_password_for_unknown_user_should_fail + assert_no_difference 'Token.count' do + post :lost_password, :mail => 'invalid@somenet.foo' + assert_response :success + end + end + + def test_lost_password_for_non_active_user_should_fail + assert User.find(2).lock! + + assert_no_difference 'Token.count' do + post :lost_password, :mail => 'JSmith@somenet.foo' + assert_response :success + end + end end |