From 7b06abd4c2eadb440e275f8eac31575c938eae13 Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Tue, 1 May 2018 14:18:56 +1000
Subject: [PATCH] Fix initial password setting

---
 .../admin/manager_invitations_controller.rb   |  2 ++
 .../consumer/confirm_invitation_spec.rb       | 35 +++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 spec/features/consumer/confirm_invitation_spec.rb

diff --git a/app/controllers/admin/manager_invitations_controller.rb b/app/controllers/admin/manager_invitations_controller.rb
index b0da06b281..5849aa2880 100644
--- a/app/controllers/admin/manager_invitations_controller.rb
+++ b/app/controllers/admin/manager_invitations_controller.rb
@@ -30,6 +30,8 @@ module Admin
       password = Devise.friendly_token
       new_user = Spree::User.create(email: @email, unconfirmed_email: @email, password: password)
       new_user.reset_password_token = Devise.friendly_token
+      # Same time as used in Devise's lib/devise/models/recoverable.rb.
+      new_user.reset_password_sent_at = Time.now.utc
       new_user.save!
 
       @enterprise.users << new_user
diff --git a/spec/features/consumer/confirm_invitation_spec.rb b/spec/features/consumer/confirm_invitation_spec.rb
new file mode 100644
index 0000000000..fb9a898cc7
--- /dev/null
+++ b/spec/features/consumer/confirm_invitation_spec.rb
@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+feature "Confirm invitation" do
+  include UIComponentHelper # for be_logged_in_as
+
+  describe "confirm email" do
+    let(:email) { "test@example.org" }
+    let(:user) { Spree::User.create(email: email, unconfirmed_email: email, password: "secret") }
+
+    before do
+      user.reset_password_token = Devise.friendly_token
+      user.reset_password_sent_at = Time.now.utc
+      user.save!
+    end
+
+    it "confirms the email address" do
+      visit spree.spree_user_confirmation_url(confirmation_token: user.confirmation_token)
+      expect(user.reload.confirmed?).to be true
+    end
+
+    it "redirects to set a password" do
+      visit spree.spree_user_confirmation_url(confirmation_token: user.confirmation_token)
+      expect(page).to have_text "Change my password"
+    end
+
+    it "allows you to set a password" do
+      visit spree.spree_user_confirmation_url(confirmation_token: user.confirmation_token)
+      fill_in "Password", with: "my secret"
+      fill_in "Password Confirmation", with: "my secret"
+      click_button
+      expect(page).to have_no_text "Reset password token has expired"
+      expect(page).to be_logged_in_as user
+    end
+  end
+end