From 9890571091341083dfa28875b9de762d21839b0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Thu, 15 Apr 2021 17:49:59 +0200 Subject: [PATCH] Use login form in tests checking expired passwords The controller provided by the `devise-security` gem which tests password is expired does not execute the `before_action` we have in our application controller. That means it doesn't set the current locale. We were having issues in the tests checking this behavior if the previous test had set the current locale to a different one. This meant the process running the browser had one locale while the process running the test had a different one, which resulted in a page in English (as expected), only the flash message notifying users their password expired was in a different language. To reproduce this behavior, run: ``` rspec './spec/system/welcome_spec.rb[1:1:2:2:1]' spec/system/users_auth_spec.rb:623 --order defined ``` I'm not sure whether this is a bug or it's a problem with the tests. In theory it might be possible to reproduce a similar behavior in production due to what we mention about the controller not executing the `set_current_locale` method. But I haven't been able to reproduce the situation, particularly since the password expiration seems to be checked exclusively at login time (that is, if you stay logged in for 10 years, your password doesn't seem to expire). So for now I'm just making the tests pass by using the login form instead of using `login_as`. --- spec/system/users_auth_spec.rb | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/spec/system/users_auth_spec.rb b/spec/system/users_auth_spec.rb index 6d9170eaa..32f49d134 100644 --- a/spec/system/users_auth_spec.rb +++ b/spec/system/users_auth_spec.rb @@ -580,11 +580,13 @@ describe "Users" do end scenario "Sign in, admin with password expired" do - user = create(:user, password_changed_at: Time.current - 1.year) - admin = create(:administrator, user: user) + user = create(:administrator).user + user.update!(password_changed_at: Time.current - 1.year) - login_as(admin.user) - visit root_path + visit new_user_session_path + fill_in "Email or username", with: user.email + fill_in "Password", with: user.password + click_button "Enter" expect(page).to have_content "Your password is expired" @@ -617,11 +619,13 @@ describe "Users" do end scenario "Admin with password expired trying to use same password" do - user = create(:user, password_changed_at: Time.current - 1.year, password: "123456789") - admin = create(:administrator, user: user) + user = create(:administrator).user + user.update!(password_changed_at: Time.current - 1.year, password: "123456789") - login_as(admin.user) - visit root_path + visit new_user_session_path + fill_in "Email or username", with: user.email + fill_in "Password", with: user.password + click_button "Enter" expect(page).to have_content "Your password is expired"