consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use login form in tests checking expired passwords

Browse Source 
The controller provided by the `devise-security` gem which tests
password is expired does not execute the `before_action` we have in our
application controller. That means it doesn't set the current locale.

We were having issues in the tests checking this behavior if the
previous test had set the current locale to a different one. This meant
the process running the browser had one locale while the process running
the test had a different one, which resulted in a page in English (as
expected), only the flash message notifying users their password expired
was in a different language.

To reproduce this behavior, run:

```
rspec './spec/system/welcome_spec.rb[1:1:2:2:1]' spec/system/users_auth_spec.rb:623 --order defined
```

I'm not sure whether this is a bug or it's a problem with the tests. In
theory it might be possible to reproduce a similar behavior in
production due to what we mention about the controller not executing the
`set_current_locale` method. But I haven't been able to reproduce the
situation, particularly since the password expiration seems to be
checked exclusively at login time (that is, if you stay logged in for 10
years, your password doesn't seem to expire).

So for now I'm just making the tests pass by using the login form
instead of using `login_as`.
This commit is contained in:
Javi Martín
2021-04-15 17:49:59 +02:00
parent 47d75b4ec5
commit 9890571091
1 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
spec/system/users_auth_spec.rb
View File

@@ -580,11 +580,13 @@ describe "Users" do
end
scenario "Sign in, admin with password expired" do
user = create(:user, password_changed_at: Time.current - 1.year)
admin = create(:administrator, user: user)
user = create(:administrator).user
user.update!(password_changed_at: Time.current - 1.year)
login_as(admin.user)
visit root_path
visit new_user_session_path
fill_in "Email or username", with: user.email
fill_in "Password", with: user.password
click_button "Enter"
expect(page).to have_content "Your password is expired"
@@ -617,11 +619,13 @@ describe "Users" do
end
scenario "Admin with password expired trying to use same password" do
user = create(:user, password_changed_at: Time.current - 1.year, password: "123456789")
admin = create(:administrator, user: user)
user = create(:administrator).user
user.update!(password_changed_at: Time.current - 1.year, password: "123456789")
login_as(admin.user)
visit root_path
visit new_user_session_path
fill_in "Email or username", with: user.email
fill_in "Password", with: user.password
click_button "Enter"
expect(page).to have_content "Your password is expired"