diff --git a/app/controllers/helpers/email.rb b/app/controllers/helpers/email.rb new file mode 100644 index 000000000..9ff2c390f --- /dev/null +++ b/app/controllers/helpers/email.rb @@ -0,0 +1,5 @@ +module Helpers::Email + def email_valid?(email) + email =~ URI::MailTo::EMAIL_REGEXP + end +end diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/users/passwords_controller.rb index da3b39158..6517b6581 100644 --- a/app/controllers/users/passwords_controller.rb +++ b/app/controllers/users/passwords_controller.rb @@ -1,8 +1,19 @@ class Users::PasswordsController < Devise::PasswordsController + include Helpers::Email + def reset_confirmation + self.resource = resource_class.new @email = params["email"] - flash[:notice] = "Reset password instructions have been sent to #{@email}" - render "devise/confirmations/reset" + if @email.empty? + resource.errors.add :email, "Enter an email address" + render "devise/passwords/new", status: :unprocessable_entity + elsif !email_valid?(@email) + resource.errors.add :email, "Enter an email address in the correct format, like name@example.com" + render "devise/passwords/new", status: :unprocessable_entity + else + flash[:notice] = "Reset password instructions have been sent to #{@email}" + render "devise/confirmations/reset" + end end def create diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb index e3915e25f..f81f8fb05 100644 --- a/app/controllers/users/sessions_controller.rb +++ b/app/controllers/users/sessions_controller.rb @@ -1,4 +1,6 @@ class Users::SessionsController < Devise::SessionsController + include Helpers::Email + def create self.resource = resource_class.new if params.dig("user", "email").empty? @@ -15,10 +17,4 @@ class Users::SessionsController < Devise::SessionsController super end end - -private - - def email_valid?(email) - email =~ URI::MailTo::EMAIL_REGEXP - end end diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb index 197c05574..45873b806 100644 --- a/app/views/devise/passwords/new.html.erb +++ b/app/views/devise/passwords/new.html.erb @@ -9,7 +9,7 @@

Reset password

- <%= render "devise/shared/error_messages", resource: resource %> + <%= f.govuk_error_summary %>

Enter the email address you used to create your account.

We’ll email you a link to reset your password. This link will expire in 3 hours.

diff --git a/spec/features/user_spec.rb b/spec/features/user_spec.rb index 5954fd6b8..92996691b 100644 --- a/spec/features/user_spec.rb +++ b/spec/features/user_spec.rb @@ -29,6 +29,21 @@ RSpec.describe "User Features" do expect(page).to have_current_path("/users/password/new") end + it " is shown an error message if they submit without entering an email address" do + visit("/users/password/new") + click_button("Send email") + expect(page).to have_selector("#error-summary-title") + expect(page).to have_selector("#user-email-field-error") + end + + it " is shown an error message if they submit an invalid email address" do + visit("/users/password/new") + fill_in("user[email]", with: "thisisn'tanemail") + click_button("Send email") + expect(page).to have_selector("#error-summary-title") + expect(page).to have_selector("#user-email-field-error") + end + it " is redirected to check your email page after submitting an email on the reset password page" do visit("/users/password/new") fill_in("user[email]", with: user.email)