diff --git a/app/controllers/user_passwords_controller.rb b/app/controllers/user_passwords_controller.rb index d87b293478..604e4a113d 100644 --- a/app/controllers/user_passwords_controller.rb +++ b/app/controllers/user_passwords_controller.rb @@ -26,7 +26,7 @@ class UserPasswordsController < Spree::UserPasswordsController private def render_unconfirmed_response - render status: :unauthorized, operations: cable_car.inner_html( + render status: :unprocessable_entity, operations: cable_car.inner_html( "#forgot-feedback", partial("layouts/alert", locals: { type: "alert", message: t(:email_unconfirmed), unconfirmed: true }) diff --git a/spec/controllers/spree/user_sessions_controller_spec.rb b/spec/controllers/spree/user_sessions_controller_spec.rb index 2885f53fc3..34053783b7 100644 --- a/spec/controllers/spree/user_sessions_controller_spec.rb +++ b/spec/controllers/spree/user_sessions_controller_spec.rb @@ -10,12 +10,13 @@ describe Spree::UserSessionsController, type: :controller do end describe "create" do - context "succeed" do + context "success" do context "when referer is not '/checkout'" do it "redirects to root" do - spree_post :create, spree_user: { email: user.email, password: user.password }, - use_route: :spree - expect(response).to redirect_to root_path + spree_post :create, spree_user: { email: user.email, password: user.password } + + expect(response).to have_http_status(:ok) + expect(response.body).to match(root_path).and match("redirect") end end @@ -23,12 +24,24 @@ describe Spree::UserSessionsController, type: :controller do before { @request.env['HTTP_REFERER'] = 'http://test.com/checkout' } it "redirects to checkout" do - spree_post :create, spree_user: { email: user.email, password: user.password }, - use_route: :spree - expect(response).to redirect_to checkout_path + spree_post :create, spree_user: { email: user.email, password: user.password } + + expect(response).to have_http_status(:ok) + expect(response.body).to match(checkout_path).and match("redirect") end end end + + context "failing to log in" do + render_views + + it "returns an error" do + spree_post :create, spree_user: { email: user.email, password: "wrong" } + + expect(response).to have_http_status(:unauthorized) + expect(response.body).to include "Invalid email or password" + end + end end describe "destroy" do diff --git a/spec/controllers/user_passwords_controller_spec.rb b/spec/controllers/user_passwords_controller_spec.rb index 3920aef980..a2e5861455 100644 --- a/spec/controllers/user_passwords_controller_spec.rb +++ b/spec/controllers/user_passwords_controller_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe UserPasswordsController, type: :controller do - include OpenFoodNetwork::EmailHelper + render_views let(:user) { create(:user) } let(:unconfirmed_user) { create(:user, confirmed_at: nil) } @@ -13,15 +13,22 @@ describe UserPasswordsController, type: :controller do end describe "create" do - it "returns errors" do - spree_post :create, spree_user: {} - expect(response.status).to eq 200 - expect(response).to render_template "spree/user_passwords/new" + it "returns 404 if user is not found" do + spree_post :create, spree_user: { email: "xxxxxxxxxx@example.com" } + expect(response.status).to eq 404 + expect(response.body).to match I18n.t(:email_not_found) end - it "redirects to login when data is valid" do + it "returns 422 if user is registered but not confirmed" do + spree_post :create, spree_user: { email: unconfirmed_user.email } + expect(response.status).to eq 422 + expect(response.body).to match I18n.t(:email_unconfirmed) + end + + it "returns 200 when password reset was successful" do spree_post :create, spree_user: { email: user.email } - expect(response).to be_redirect + expect(response.status).to eq 200 + expect(response.body).to match I18n.t(:password_reset_sent) end end @@ -35,8 +42,6 @@ describe UserPasswordsController, type: :controller do end it "renders Darkswarm" do - setup_email - user.send_reset_password_instructions user.reload @@ -44,19 +49,4 @@ describe UserPasswordsController, type: :controller do expect(response).to render_template "user_passwords/edit" end - - describe "via ajax" do - it "returns error when email not found" do - post :create, xhr: true, params: { spree_user: {}, use_route: :spree } - expect(response.status).to eq 404 - expect(json_response).to eq 'error' => I18n.t('email_not_found') - end - - it "returns error when user is unconfirmed" do - post :create, xhr: true, - params: { spree_user: { email: unconfirmed_user.email }, use_route: :spree } - expect(response.status).to eq 401 - expect(json_response).to eq 'error' => I18n.t('email_unconfirmed') - end - end end diff --git a/spec/system/consumer/user_password_spec.rb b/spec/system/consumer/user_password_spec.rb index 93ff772369..a55140b813 100644 --- a/spec/system/consumer/user_password_spec.rb +++ b/spec/system/consumer/user_password_spec.rb @@ -29,6 +29,20 @@ describe "User password confirm/reset page" do expect(page).to have_no_text "Reset password token has expired" expect(page).to be_logged_in_as user end + + it "shows an error if password is empty" do + visit spree.spree_user_confirmation_path(confirmation_token: user.confirmation_token) + + expect(user.reload.confirmed?).to be true + expect(page).to have_text I18n.t(:change_my_password) + + fill_in "Password", with: "" + fill_in "Password Confirmation", with: "" + click_button + + expect(page).to have_text "User password cannot be blank. Please enter a password." + expect(page).to_not be_logged_in_as user + end end describe "can reset its own password" do