test: add tests for change vs reset password routes

spec/requests/auth/passwords_controller_spec.rb

@@ -86,7 +86,7 @@ RSpec.describe Auth::PasswordsController, type: :request do
 
       it "renders the user edit password view" do
         _raw, enc = Devise.token_generator.generate(User, :reset_password_token)
-        get "/account/password/edit?reset_password_token=#{enc}"
+        get "/account/password/edit?reset_password_token=#{enc}?confirmation=true"
         expect(page).to have_css("h1", text: "Reset your password")
       end
 
@@ -103,9 +103,10 @@ RSpec.describe Auth::PasswordsController, type: :request do
           }
         end
 
-        it "shows an error" do
+        it "shows an error on the same page" do
           put "/account/password", headers: headers, params: params
           expect(response).to have_http_status(:unprocessable_entity)
+          expect(page).to have_css("h1", text: "Reset your password")
           expect(page).to have_content("doesn’t match new password")
         end
       end

spec/requests/users_controller_spec.rb

@@ -46,57 +46,28 @@ RSpec.describe UsersController, type: :request do
       end
     end
 
-    describe "reset password" do
+    describe "change password" do
-      it "renders the user edit password view" do
-        _raw, enc = Devise.token_generator.generate(User, :reset_password_token)
-        get "/account/password/edit?reset_password_token=#{enc}"
-        expect(page).to have_css("h1", class: "govuk-heading-l", text: "Reset your password")
-      end
-
       context "when updating a user password" do
-        context "when the reset token is valid" do
+        let(:params) do
-          let(:params) do
+          {
-            {
+            id: user.id, user: { password: new_name, password_confirmation: "something_else" }
-              id: user.id, user: { password: new_name, password_confirmation: "something_else" }
+          }
-            }
-          end
-
-          before do
-            sign_in user
-            put "/account", headers:, params:
-          end
-
-          it "shows an error if passwords don't match" do
-            expect(response).to have_http_status(:unprocessable_entity)
-            expect(page).to have_selector("#error-summary-title")
-            expect(page).to have_content("Password confirmation doesn’t match new password")
-          end
         end
 
-        context "when a reset token is more than 3 hours old" do
+        before do
-          let(:raw) { user.send_reset_password_instructions }
+          sign_in user
-          let(:params) do
+          put "/account", headers:, params:
-            {
+        end
-              id: user.id,
-              user: {
-                password: new_name,
-                password_confirmation: new_name,
-                reset_password_token: raw,
-              },
-            }
-          end
 
-          before do
+        it "renders the user change password view" do
-            allow(User).to receive(:find_or_initialize_with_error_by).and_return(user)
+          expect(page).to have_css("h1", class: "govuk-heading-l", text: "Change your password")
-            allow(user).to receive(:reset_password_sent_at).and_return(4.hours.ago)
+        end
-            put "/account/password", headers:, params:
-          end
 
-          it "shows an error" do
+        it "shows an error on the same page if passwords don't match" do
-            expect(response).to have_http_status(:unprocessable_entity)
+          expect(response).to have_http_status(:unprocessable_entity)
-            expect(page).to have_selector("#error-summary-title")
+          expect(page).to have_css("h1", class: "govuk-heading-l", text: "Change your password")
-            expect(page).to have_content(I18n.t("errors.messages.expired"))
+          expect(page).to have_selector("#error-summary-title")
-          end
+          expect(page).to have_content("Password confirmation doesn’t match new password")
         end
       end
     end