Merge pull request #5226 from rubyforgood/5217-system-test-for-passwo…

…rd-reset

5217 - System Test for Password Reset

Gemfile

@@ -75,6 +75,7 @@ group :test do
   gem "capybara"
   gem "capybara-screenshot"
   gem "database_cleaner-active_record"
+  gem "email_spec"
   gem "rails-controller-testing"
   gem "rake"
   gem "selenium-webdriver"

Gemfile.lock

@@ -172,6 +172,10 @@ GEM
       activesupport (>= 5.0)
       request_store (>= 1.0)
       ruby2_keywords
+    email_spec (2.2.2)
+      htmlentities (~> 4.3.3)
+      launchy (~> 2.1)
+      mail (~> 2.7)
     erb_lint (0.5.0)
       activesupport
       better_html (>= 2.0.1)
@@ -508,6 +512,7 @@ DEPENDENCIES
   docx
   dotenv-rails
   draper
+  email_spec
   erb_lint
   factory_bot_rails
   faker

db/schema.rb

@@ -392,6 +392,7 @@
 
   create_table "learning_hours", force: :cascade do |t|
     t.bigint "user_id", null: false
+    t.integer "learning_type", default: 5
     t.string "name", null: false
     t.integer "duration_minutes", null: false
     t.integer "duration_hours", null: false

spec/spec_helper.rb

@@ -1,5 +1,7 @@
 require "pry"
 require "webmock/rspec"
+require "email_spec"
+require "email_spec/rspec"
 
 if ENV["RUN_SIMPLECOV"]
   require "simplecov"

spec/system/devise/passwords/new_spec.rb

@@ -6,35 +6,87 @@
     click_on "Forgot your password?"
   end
 
-  it "displays error messages for non-existent user" do
-    fill_in "Email", with: "[email protected]"
-    fill_in "Phone number", with: "+16578900012"
+  describe "reset password page" do
+    let!(:user) { create(:user, email: "[email protected]", phone_number: "+16578900012") }
+    it "displays error messages for non-existent user" do
+      fill_in "Email", with: "[email protected]"
+      fill_in "Phone number", with: user.phone_number
 
-    click_on "Send me reset password instructions"
-    expect(page).to have_content "1 error prohibited this User from being saved:"
-    expect(page).to have_text("User does not exist.")
-  end
+      click_on "Send me reset password instructions"
+      expect(page).to have_content "1 error prohibited this User from being saved:"
+      expect(page).to have_text("User does not exist.")
+    end
 
-  it "displays phone number error messages for incorrect formatting" do
-    create(:user, email: "[email protected]")
-    fill_in "Email", with: "[email protected]"
-    fill_in "Phone number", with: "2134567eee"
+    it "displays phone number error messages for incorrect formatting" do
+      fill_in "Email", with: user.email
+      fill_in "Phone number", with: "2134567eee"
 
-    click_on "Send me reset password instructions"
-    expect(page).to have_content "1 error prohibited this User from being saved:"
-    expect(page).to have_text("Phone number must be 10 digits or 12 digits including country code (+1)")
-  end
+      click_on "Send me reset password instructions"
+      expect(page).to have_content "1 error prohibited this User from being saved:"
+      expect(page).to have_text("Phone number must be 10 digits or 12 digits including country code (+1)")
+    end
+
+    it "displays error if user tries to submit empty form" do
+      click_on "Send me reset password instructions"
+      expect(page).to have_text("Please enter at least one field.")
+    end
+
+    it "redirects to sign up page for email" do
+      fill_in "Email", with: user.email
 
-  it "displays error if user tries to submit empty form" do
-    click_on "Send me reset password instructions"
-    expect(page).to have_text("Please enter at least one field.")
+      click_on "Send me reset password instructions"
+      expect(page).to have_content "You will receive an email or SMS with instructions on how to reset your password in a few minutes."
+    end
   end
 
-  it "redirects to sign up page for email" do
-    create(:user, email: "[email protected]")
-    fill_in "Email", with: "[email protected]"
+  describe "reset password email" do
+    let!(:user) { create(:user, type: "Volunteer", email: "[email protected]") }
+
+    it "sends user email" do
+      fill_in "Email", with: user.email
+
+      expect { click_on "Send me reset password instructions" }.to change { ActionMailer::Base.deliveries.count }.by(1)
+      expect(ActionMailer::Base.deliveries.last.to_addresses.map(&:address)).to include user.email
+    end
+
+    it "has reset password url with token" do
+      fill_in "Email", with: user.email
+      click_on "Send me reset password instructions"
+
+      expect(reset_password_link(user.email)).to match(/http:\/\/localhost:3000\/users\/password\/edit\?reset_password_token=.*/)
+    end
 
-    click_on "Send me reset password instructions"
-    expect(page).to have_content "You will receive an email or SMS with instructions on how to reset your password in a few minutes."
+    it "url token matches user's encrypted token" do
+      fill_in "Email", with: user.email
+      click_on "Send me reset password instructions"
+
+      token = reset_password_link(user.email).gsub("http://localhost:3000/users/password/edit?reset_password_token=", "")
+      encrypted_token = Devise.token_generator.digest(User, :reset_password_token, token)
+      expect(User.find_by(reset_password_token: encrypted_token)).to_not be_nil
+    end
+
+    it "user can update password" do
+      fill_in "Email", with: user.email
+      click_on "Send me reset password instructions"
+
+      visit reset_password_link(user.email)
+      fill_in "New password", with: "new password"
+      fill_in "Confirm new password", with: "new password"
+      click_on "Change my password"
+
+      expect(page).to have_text("Your password has been changed successfully.")
+      fill_in "Email", with: user.email
+      fill_in "Password", with: "new password"
+      click_on "Log In"
+
+      expect(page).to have_text(user.display_name)
+      expect(page).not_to have_text("Sign in")
+    end
   end
 end
+
+def reset_password_link(email_address)
+  email = open_email(email_address)
+  links = links_in_email(email)
+  links[2]
+end