users: refactor password reset flow.

The old password reset flow: * User requests a password reset. * Danbooru generates a password reset nonce. * Danbooru emails user a password reset confirmation link. * User follows link to password reset confirmation page. * The link contains a nonce authenticating the user. * User confirms password reset. * Danbooru resets user's password to a random string. * Danbooru emails user their new password in plaintext. The new password reset flow: * User requests a password reset. * Danbooru emails user a password reset link. * User follows link to password edit page. * The link contains a signed_user_id param authenticating the user. * User changes their own password.
2020-03-08 21:03:36 -05:00
parent f25bace766
commit 5625458f69
30 changed files with 133 additions and 395 deletions
--- a/test/unit/user_password_reset_nonce_test.rb
+++ b/test/unit/user_password_reset_nonce_test.rb
@@ -1,48 +0,0 @@
-require 'test_helper'
-
-class UserPasswordResetNonceTest < ActiveSupport::TestCase
-  context "Creating a new nonce" do
-    context "with a valid email" do
-      setup do
-        @user = FactoryBot.create(:user, :email => "aaa@b.net")
-        @nonce = FactoryBot.create(:user_password_reset_nonce, :email => @user.email)
-      end
-
-      should "validate" do
-        assert_equal([], @nonce.errors.full_messages)
-      end
-
-      should "populate the key with a random string" do
-        assert_equal(24, @nonce.key.size)
-      end
-
-      should "reset the password when reset" do
-        @nonce.user.expects(:reset_password_and_deliver_notice)
-        @nonce.reset_user!
-      end
-    end
-
-    context "with a blank email" do
-      setup do
-        @user = FactoryBot.create(:user, :email => "")
-        @nonce = UserPasswordResetNonce.new(:email => "")
-      end
-
-      should "not validate" do
-        @nonce.save
-        assert_equal(["Email can't be blank", "Email is invalid"], @nonce.errors.full_messages.sort)
-      end
-    end
-
-    context "with an invalid email" do
-      setup do
-        @nonce = UserPasswordResetNonce.new(:email => "z@z.net")
-      end
-
-      should "not validate" do
-        @nonce.save
-        assert_equal(["Email is invalid"], @nonce.errors.full_messages)
-      end
-    end
-  end
-end
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -221,12 +221,6 @@ class UserTest < ActiveSupport::TestCase
        assert_equal(["Password is too short (minimum is 5 characters)"], @user.errors.full_messages)
      end

-      should "should be reset" do
-        @user = FactoryBot.create(:user)
-        new_pass = @user.reset_password
-        assert(User.authenticate(@user.name, new_pass), "Authentication should have succeeded")
-      end
-
      should "not change the password if the password and old password are blank" do
        @user = FactoryBot.create(:user, :password => "67890")
        @user.update(password: "", old_password: "")