consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Change devise configuration

Browse Source 
This change don't let the user know if the email address exists when asking to resend confirmation or password reset instructions.
This commit is contained in:
decabeza
2019-05-06 15:35:44 +02:00
parent c43a1a2096
commit c2acd53a06
2 changed files with 46 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/initializers/devise.rb
View File

@@ -76,7 +76,7 @@ Devise.setup do |config|
# It will change confirmation, password recovery and other workflows # It will change confirmation, password recovery and other workflows
# to behave the same regardless if the e-mail provided was right or wrong. # to behave the same regardless if the e-mail provided was right or wrong.
# Does not affect registerable. # Does not affect registerable.
# config.paranoid = true config.paranoid = true
# By default Devise will store the user in session. You can skip storage for # By default Devise will store the user in session. You can skip storage for
# particular strategies by setting this option. # particular strategies by setting this option.

47
spec/features/users_auth_spec.rb
View File

@@ -340,9 +340,11 @@ feature "Users" do
fill_in "user_email", with: "manuela@consul.dev" fill_in "user_email", with: "manuela@consul.dev"
click_button "Send instructions" click_button "Send instructions"
expect(page).to have_content "In a few minutes, you will receive an email containing instructions on resetting your password." expect(page).to have_content "If your email address is in our database, in a few minutes "\
"you will receive a link to use to reset your password."
sent_token = /.*reset_password_token=(.*)".*/.match(ActionMailer::Base.deliveries.last.body.to_s)[1] action_mailer = ActionMailer::Base.deliveries.last.body.to_s
sent_token = /.*reset_password_token=(.*)".*/.match(action_mailer)[1]
visit edit_user_password_path(reset_password_token: sent_token) visit edit_user_password_path(reset_password_token: sent_token)
fill_in "user_password", with: "new password" fill_in "user_password", with: "new password"
@@ -352,6 +354,47 @@ feature "Users" do
expect(page).to have_content "Your password has been changed successfully." expect(page).to have_content "Your password has been changed successfully."
end end
scenario "Reset password with unexisting email" do
visit "/"
click_link "Sign in"
click_link "Forgotten your password?"
fill_in "user_email", with: "fake@mail.dev"
click_button "Send instructions"
expect(page).to have_content "If your email address is in our database, in a few minutes "\
"you will receive a link to use to reset your password."
end
scenario "Re-send confirmation instructions" do
create(:user, email: "manuela@consul.dev")
visit "/"
click_link "Sign in"
click_link "Haven't received instructions to activate your account?"
fill_in "user_email", with: "manuela@consul.dev"
click_button "Re-send instructions"
expect(page).to have_content "If your email address is in our database, in a few minutes you "\
"will receive an email containing instructions on how to reset "\
"your password."
end
scenario "Re-send confirmation instructions with unexisting email" do
visit "/"
click_link "Sign in"
click_link "Haven't received instructions to activate your account?"
fill_in "user_email", with: "fake@mail.dev"
click_button "Re-send instructions"
expect(page).to have_content "If your email address is in our database, in a few minutes you "\
"will receive an email containing instructions on how to reset "\
"your password."
end
scenario "Sign in, admin with password expired" do scenario "Sign in, admin with password expired" do
user = create(:user, password_changed_at: Time.current - 1.year) user = create(:user, password_changed_at: Time.current - 1.year)
admin = create(:administrator, user: user) admin = create(:administrator, user: user)