users: refactor password reset flow.

The old password reset flow: * User requests a password reset. * Danbooru generates a password reset nonce. * Danbooru emails user a password reset confirmation link. * User follows link to password reset confirmation page. * The link contains a nonce authenticating the user. * User confirms password reset. * Danbooru resets user's password to a random string. * Danbooru emails user their new password in plaintext. The new password reset flow: * User requests a password reset. * Danbooru emails user a password reset link. * User follows link to password edit page. * The link contains a signed_user_id param authenticating the user. * User changes their own password.
2020-03-08 21:03:36 -05:00
parent f25bace766
commit 5625458f69
30 changed files with 133 additions and 395 deletions
--- a/test/functional/password_resets_controller_test.rb
+++ b/test/functional/password_resets_controller_test.rb
@@ -0,0 +1,25 @@
+require 'test_helper'
+
+class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
+  context "The passwords resets controller" do
+    setup do
+      @user = create(:user)
+    end
+
+    context "show action" do
+      should "work" do
+        get password_reset_path
+        assert_response :success
+      end
+    end
+
+    context "create action" do
+      should "work" do
+        post password_reset_path, params: { user: { name: @user.name } }
+
+        assert_redirected_to new_session_path
+        assert_enqueued_email_with UserMailer, :password_reset, args: [@user]
+      end
+    end
+  end
+end