diff --git a/app/controllers/auth/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb index 0f6e1c9b0..317c4aa29 100644 --- a/app/controllers/auth/passwords_controller.rb +++ b/app/controllers/auth/passwords_controller.rb @@ -23,6 +23,11 @@ class Auth::PasswordsController < Devise::PasswordsController respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name)) end + def edit + super + render "users/reset_password" + end + protected def after_sending_reset_password_instructions_path_for(_resource) diff --git a/app/views/users/reset_password.html.erb b/app/views/users/reset_password.html.erb new file mode 100644 index 000000000..656eaa264 --- /dev/null +++ b/app/views/users/reset_password.html.erb @@ -0,0 +1,31 @@ +<% content_for :title, "Reset your password" %> + +<% content_for :before_content do %> + <%= govuk_back_link( + text: 'Back', + href: :back, + ) %> +<% end %> + +<%= form_for(@user, as: :user, url: password_path(User), html: { method: :put }) do |f| %> + <%= f.hidden_field :reset_password_token %> +
+
+

+ <%= content_for(:title) %> +

+ + <%= f.govuk_password_field :password, + label: { text: "New password" }, + hint: @minimum_password_length ? { text: "Your password must be at least #{@minimum_password_length} characters and hard to guess." } : nil, + autocomplete: "new-password" + %> + + <%= f.govuk_password_field :password_confirmation, + label: { text: "Confirm new password" } + %> + + <%= f.govuk_submit "Update" %> +
+
+<% end %> diff --git a/spec/requests/auth/passwords_controller_spec.rb b/spec/requests/auth/passwords_controller_spec.rb index 7bb617f78..b6fbb8ac1 100644 --- a/spec/requests/auth/passwords_controller_spec.rb +++ b/spec/requests/auth/passwords_controller_spec.rb @@ -3,12 +3,13 @@ require_relative "../../support/devise" RSpec.describe Auth::PasswordsController, type: :request do let(:params) { { user: { email: email } } } + let(:page) { Capybara::Node::Simple.new(response.body) } context "when a password reset is requested for a valid email" do let(:user) { FactoryBot.create(:user) } let(:email) { user.email } - it "redirects to the email sent page anyway" do + it "redirects to the email sent page" do post "/users/password", params: params expect(response).to have_http_status(:redirect) follow_redirect! @@ -43,4 +44,32 @@ RSpec.describe Auth::PasswordsController, type: :request do expect(email_content).to match(email) end end + + context "#Update - reset password" do + let(:user) { FactoryBot.create(:user) } + let(:token) { user.send(:set_reset_password_token) } + let(:updated_password) { "updated_password_280" } + let(:update_password_params) do + { + user: + { + reset_password_token: token, + password: updated_password, + password_confirmation: updated_password, + }, + } + end + let(:message) { "Your password has been changed successfully. You are now signed in" } + + it "changes the password" do + expect { put "/users/password", params: update_password_params } + .to(change { user.reload.encrypted_password }) + end + + it "signs in" do + put "/users/password", params: update_password_params + follow_redirect! + expect(page).to have_css("div", class: "govuk-notification-banner__heading", text: message) + end + end end diff --git a/spec/requests/user_controller_spec.rb b/spec/requests/user_controller_spec.rb index 26f7bd959..c247ced48 100644 --- a/spec/requests/user_controller_spec.rb +++ b/spec/requests/user_controller_spec.rb @@ -37,6 +37,14 @@ RSpec.describe UsersController, type: :request do expect(response).to redirect_to("/users/sign-in") end end + + describe "reset password" do + it "renders the user edit password view" do + _raw, enc = Devise.token_generator.generate(User, :reset_password_token) + get "/users/password/edit?reset_password_token=#{enc}" + expect(page).to have_css("h1", class: "govuk-heading-l", text: "Reset your password") + end + end end describe "#show" do