password_reset_spec.rb 1.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe 'Password Reset', type: :system do
  4. context 'when logged in already' do
  5. before do
  6. visit 'password_reset'
  7. end
  8. it 'logged in user cannot open password reset' do
  9. expect(page).to have_no_text 'password'
  10. end
  11. end
  12. context 'when not logged in', authenticated_as: false do
  13. def request_reset
  14. visit 'password_reset'
  15. fill_in 'username', with: username
  16. click '.reset_password .btn--primary'
  17. end
  18. before do
  19. freeze_time
  20. request_reset
  21. end
  22. context 'with non-existant user' do
  23. let(:username) { 'nonexisting' }
  24. it 'pretends to proceed' do
  25. expect(page).to have_text 'Password reset instructions were sent'
  26. end
  27. end
  28. context 'with existing user' do
  29. let(:user) { create(:agent) }
  30. let(:username) { user.email }
  31. let(:generated_tokens) { Token.where(action: 'PasswordReset', user_id: user.id) }
  32. it 'proceeds' do
  33. expect(page).to have_text 'Password reset instructions were sent'
  34. end
  35. it 'creates a token' do
  36. expect(generated_tokens.count).to eq 1
  37. end
  38. it 'token will expire' do
  39. expect(generated_tokens.first.persistent).to be false
  40. end
  41. context 'when submitting multiple times' do
  42. before do
  43. refresh
  44. request_reset # a second time now
  45. end
  46. it 'proceeds' do
  47. expect(page).to have_text 'Password reset instructions were sent'
  48. end
  49. it 'discards the previous token' do
  50. expect(generated_tokens.count).to eq 1
  51. end
  52. end
  53. end
  54. end
  55. end