diff options
| author | Go MAEDA <maeda@farend.jp> | 2018-10-28 05:59:11 +0000 |
|---|---|---|
| committer | Go MAEDA <maeda@farend.jp> | 2018-10-28 05:59:11 +0000 |
| commit | 57a4fedd346a50d36760d689a4bcaa8e17f71d3c (patch) | |
| tree | 895f907a0a12f01caeb21eba377ebfbbad974060 /test/integration/account_test.rb | |
| parent | 9a53b68b73a7d39d45f74c17c1e3ddc6ff51bc87 (diff) | |
| download | redmine-57a4fedd346a50d36760d689a4bcaa8e17f71d3c.tar.gz redmine-57a4fedd346a50d36760d689a4bcaa8e17f71d3c.zip | |
Handles the case when an expired token is in the users session (#29781).
Patch by Jens Krämer.
git-svn-id: http://svn.redmine.org/redmine/trunk@17601 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'test/integration/account_test.rb')
| -rw-r--r-- | test/integration/account_test.rb | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/test/integration/account_test.rb b/test/integration/account_test.rb index a3a1ecb2e..4f0a45156 100644 --- a/test/integration/account_test.rb +++ b/test/integration/account_test.rb @@ -146,6 +146,61 @@ class AccountTest < Redmine::IntegrationTest assert_equal false, Token.exists?(token.id), "Password recovery token was not deleted" end + def test_lost_password_expired_token + Token.delete_all + + get "/account/lost_password" + assert_response :success + assert_select 'input[name=mail]' + + post "/account/lost_password", :params => { + :mail => 'jSmith@somenet.foo' + } + assert_redirected_to "/login" + + token = Token.first + assert_equal 'recovery', token.action + assert_equal 'jsmith@somenet.foo', token.user.mail + refute token.expired? + + get "/account/lost_password", :params => { + :token => token.value + } + assert_redirected_to '/account/lost_password' + + follow_redirect! + assert_response :success + + # suppose the user forgets to continue the process and the token expires. + token.update_column :created_on, 1.week.ago + assert token.expired? + + assert_select 'input[type=hidden][name=token][value=?]', token.value + assert_select 'input[name=new_password]' + assert_select 'input[name=new_password_confirmation]' + + post "/account/lost_password", :params => { + :token => token.value, :new_password => 'newpass123', + :new_password_confirmation => 'newpass123' + } + + assert_redirected_to "/account/lost_password" + assert_equal 'This password recovery link has expired, please try again.', flash[:error] + follow_redirect! + assert_response :success + + post "/account/lost_password", :params => { + :mail => 'jSmith@somenet.foo' + } + assert_redirected_to "/login" + + # should have a new token now + token = Token.last + assert_equal 'recovery', token.action + assert_equal 'jsmith@somenet.foo', token.user.mail + refute token.expired? + end + def test_user_with_must_change_passwd_should_be_forced_to_change_its_password User.find_by_login('jsmith').update_attribute :must_change_passwd, true |