From da26cba8ddd2b237271fc671ec56ad5bcc3179a4 Mon Sep 17 00:00:00 2001 From: Paul Robert Lloyd Date: Mon, 21 Mar 2022 11:23:02 +0000 Subject: [PATCH 1/3] Update URL slugs for 2021/22 questions --- config/forms/2021_2022.json | 52 ++++++++++++++++++------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/config/forms/2021_2022.json b/config/forms/2021_2022.json index 8f838b8d2..424bdbafb 100644 --- a/config/forms/2021_2022.json +++ b/config/forms/2021_2022.json @@ -83,7 +83,7 @@ } } }, - "startdate": { + "tenancy_start_date": { "header": "", "description": "", "questions": { @@ -222,7 +222,7 @@ } } }, - "do_you_know_the_local_authority": { + "property_local_authority": { "header": "", "description": "", "questions": { @@ -611,7 +611,7 @@ } ] }, - "unitletas": { + "property_let_type": { "header": "", "description": "", "questions": { @@ -1027,7 +1027,7 @@ } ] }, - "tenancy_type_starter_text": { + "starter_tenancy_type": { "header": "", "description": "", "questions": { @@ -1071,7 +1071,7 @@ } ] }, - "fixed_term_tenancy": { + "tenancy_length": { "header": "", "description": "", "questions": { @@ -1145,7 +1145,7 @@ } ], "pages": { - "number_of_members": { + "household_members": { "header": "", "description": "", "questions": { @@ -1619,7 +1619,7 @@ } ] }, - "person_2_relationship": { + "person_2_relationship_to_lead": { "header": "", "description": "", "questions": { @@ -1827,7 +1827,7 @@ } ] }, - "person_3_relationship": { + "person_3_relationship_to_lead": { "header": "", "description": "", "questions": { @@ -2032,7 +2032,7 @@ } ] }, - "person_4_relationship": { + "person_4_relationship_to_lead": { "header": "", "description": "", "questions": { @@ -2234,7 +2234,7 @@ } ] }, - "person_5_relationship": { + "person_5_relationship_to_lead": { "header": "", "description": "", "questions": { @@ -2433,7 +2433,7 @@ } ] }, - "person_6_relationship": { + "person_6_relationship_to_lead": { "header": "", "description": "", "questions": { @@ -2629,7 +2629,7 @@ } ] }, - "person_7_relationship": { + "person_7_relationship_to_lead": { "header": "", "description": "", "questions": { @@ -2822,7 +2822,7 @@ } ] }, - "person_8_relationship": { + "person_8_relationship_to_lead": { "header": "", "description": "", "questions": { @@ -3033,7 +3033,7 @@ } } }, - "armed_forces_member": { + "armed_forces_serving": { "header": "", "description": "", "depends_on": [ @@ -3067,7 +3067,7 @@ } } }, - "armed_forces_reservist": { + "armed_forces_injured": { "header": "", "description": "", "depends_on": [ @@ -3101,7 +3101,7 @@ } } }, - "pregnancy": { + "pregnant": { "header": "", "description": "", "questions": { @@ -3188,7 +3188,7 @@ } } }, - "condition_effects": { + "health_condition_effects": { "header": "", "description": "", "depends_on": [ @@ -3253,7 +3253,7 @@ } ], "pages": { - "time_lived_in_la": { + "time_lived_in_local_authority": { "header": "", "description": "", "questions": { @@ -3299,7 +3299,7 @@ } ] }, - "time_on_la_waiting_list": { + "time_on_waiting_list": { "header": "", "description": "", "questions": { @@ -3726,7 +3726,7 @@ } } }, - "previous_la": { + "previous_local_authority": { "header": "", "description": "", "questions": { @@ -4490,7 +4490,7 @@ } ], "pages": { - "net_income_known": { + "income_known": { "header": "", "description": "", "questions": { @@ -4516,7 +4516,7 @@ } } }, - "net_income": { + "income_amount": { "depends_on": [ { "net_income_known": 0 @@ -4576,7 +4576,7 @@ } } }, - "net_income_value_check": { + "check_income_amount": { "depends_on": [{ "net_income_soft_validation_triggered?": true }], "title_text": "Net income is outside the expected range based on the main tenant’s working situation", "informative_text": { @@ -4638,7 +4638,7 @@ } } }, - "net_income_uc_proportion": { + "benefits_proportion": { "header": "", "description": "", "questions": { @@ -5571,7 +5571,7 @@ } ] }, - "rent_shortfall": { + "outstanding": { "header": "", "description": "", "questions": { @@ -5601,7 +5601,7 @@ } ] }, - "rent_shortfall_amount": { + "outstanding_amount": { "header": "", "description": "", "questions": { From 6621d0889825178254168cc0e9e44d8f29d65d62 Mon Sep 17 00:00:00 2001 From: Paul Robert Lloyd Date: Mon, 21 Mar 2022 11:42:05 +0000 Subject: [PATCH 2/3] Update user account routes --- app/controllers/auth/passwords_controller.rb | 2 +- config/routes.rb | 23 +++++++++++++++----- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/app/controllers/auth/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb index c1222764b..1105c0475 100644 --- a/app/controllers/auth/passwords_controller.rb +++ b/app/controllers/auth/passwords_controller.rb @@ -66,7 +66,7 @@ protected end def after_sending_reset_password_instructions_path_for(_resource) - confirmations_reset_path(email: params.dig(resource_class_name, "email")) + account_password_reset_confirmation_path(email: params.dig(resource_class_name, "email")) end def after_resetting_password_path_for(resource) diff --git a/config/routes.rb b/config/routes.rb index 6446e718f..25a0a8e43 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -10,7 +10,11 @@ Rails.application.routes.draw do confirmations: "active_admin/devise/confirmations", two_factor_authentication: "auth/two_factor_authentication", }, - path_names: { sign_in: "sign-in", sign_out: "sign-out", two_factor_authentication: "two-factor-authentication" }, + path_names: { + sign_in: "sign-in", + sign_out: "sign-out", + two_factor_authentication: "two-factor-authentication", + }, sign_out_via: %i[get], } @@ -18,13 +22,20 @@ Rails.application.routes.draw do get "admin/two-factor-authentication/resend", to: "auth/two_factor_authentication#show_resend" end - devise_for :users, controllers: { - passwords: "auth/passwords", - sessions: "auth/sessions", - }, path_names: { sign_in: "sign-in", sign_out: "sign-out" } + devise_for :users, { + path: :account, + controllers: { + passwords: "auth/passwords", + sessions: "auth/sessions", + }, + path_names: { + sign_in: "sign-in", + sign_out: "sign-out", + }, + } devise_scope :user do - get "confirmations/reset", to: "auth/passwords#reset_confirmation" + get "account/password/reset-confirmation", to: "auth/passwords#reset_confirmation" end get "/health", to: ->(_) { [204, {}, [nil]] } From 45f25778050b4137a0ce69fcb149be9aa3d4de7b Mon Sep 17 00:00:00 2001 From: Paul Robert Lloyd Date: Mon, 21 Mar 2022 11:58:12 +0000 Subject: [PATCH 3/3] Update tests for user account routes --- config/initializers/rack_attack.rb | 2 +- spec/features/auth/user_lockout_spec.rb | 4 ++-- spec/features/organisation_spec.rb | 2 +- spec/features/start_page_spec.rb | 2 +- spec/features/user_spec.rb | 20 +++++++++---------- .../auth/passwords_controller_spec.rb | 8 ++++---- spec/requests/bulk_upload_controller_spec.rb | 4 ++-- spec/requests/case_logs_controller_spec.rb | 2 +- spec/requests/form_controller_spec.rb | 6 +++--- .../requests/organisations_controller_spec.rb | 6 +++--- spec/requests/rack_attack_spec.rb | 6 +++--- spec/requests/users_controller_spec.rb | 12 +++++------ 12 files changed, 37 insertions(+), 37 deletions(-) diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb index 899d4b2d3..6f1335293 100644 --- a/config/initializers/rack_attack.rb +++ b/config/initializers/rack_attack.rb @@ -9,7 +9,7 @@ else end Rack::Attack.throttle("password reset requests", limit: 5, period: 60.seconds) do |request| - if request.params["user"].present? && request.path == "/users/password" && request.post? + if request.params["user"].present? && request.path == "/account/password" && request.post? request.params["user"]["email"].to_s.downcase.gsub(/\s+/, "") end end diff --git a/spec/features/auth/user_lockout_spec.rb b/spec/features/auth/user_lockout_spec.rb index 871dee26a..64656756d 100644 --- a/spec/features/auth/user_lockout_spec.rb +++ b/spec/features/auth/user_lockout_spec.rb @@ -9,7 +9,7 @@ RSpec.describe "User Lockout" do context "when login-in with the wrong user password up to a maximum number of attempts" do before do - visit("/users/sign-in") + visit("/account/sign-in") max_login_attempts.times do fill_in("user[email]", with: user.email) fill_in("user[password]", with: "wrong_password") @@ -18,7 +18,7 @@ RSpec.describe "User Lockout" do end it "locks the user account" do - visit("/users/sign-in") + visit("/account/sign-in") fill_in("user[email]", with: user.email) fill_in("user[password]", with: user.password) click_button("Sign in") diff --git a/spec/features/organisation_spec.rb b/spec/features/organisation_spec.rb index 04c602c9a..5129d2588 100644 --- a/spec/features/organisation_spec.rb +++ b/spec/features/organisation_spec.rb @@ -55,7 +55,7 @@ RSpec.describe "User Features" do name: "New User", email: "new_user@example.com", organisation: organisation.name, - link: "http://localhost:3000/users/password/edit?reset_password_token=#{reset_password_token}", + link: "http://localhost:3000/account/password/edit?reset_password_token=#{reset_password_token}", }, }, ) diff --git a/spec/features/start_page_spec.rb b/spec/features/start_page_spec.rb index d703a8439..625c4130b 100644 --- a/spec/features/start_page_spec.rb +++ b/spec/features/start_page_spec.rb @@ -20,7 +20,7 @@ RSpec.describe "Start Page Features" do it "takes you to sign in and then to logs" do visit("/") click_link("Start now") - expect(page).to have_current_path("/users/sign-in?start=true") + expect(page).to have_current_path("/account/sign-in?start=true") fill_in("user[email]", with: user.email) fill_in("user[password]", with: user.password) click_button("Sign in") diff --git a/spec/features/user_spec.rb b/spec/features/user_spec.rb index bb08854db..5f68bcc62 100644 --- a/spec/features/user_spec.rb +++ b/spec/features/user_spec.rb @@ -17,7 +17,7 @@ RSpec.describe "User Features" do context "when the user navigates to case logs" do it " is required to log in" do visit("/logs") - expect(page).to have_current_path("/users/sign-in") + expect(page).to have_current_path("/account/sign-in") expect(page).to have_content("Sign in to your account to submit CORE data") end @@ -59,11 +59,11 @@ RSpec.describe "User Features" do it " is redirected to the reset password page when they click the reset password link" do visit("/logs") click_link("reset your password") - expect(page).to have_current_path("/users/password/new") + expect(page).to have_current_path("/account/password/new") end it " is shown an error message if they submit without entering an email address" do - visit("/users/password/new") + visit("/account/password/new") click_button("Send email") expect(page).to have_selector("#error-summary-title") expect(page).to have_selector("#user-email-field-error") @@ -71,7 +71,7 @@ RSpec.describe "User Features" do end it " is shown an error message if they submit an invalid email address" do - visit("/users/password/new") + visit("/account/password/new") fill_in("user[email]", with: "thisisn'tanemail") click_button("Send email") expect(page).to have_selector("#error-summary-title") @@ -80,24 +80,24 @@ RSpec.describe "User Features" do end it " is redirected to check your email page after submitting an email on the reset password page" do - visit("/users/password/new") + visit("/account/password/new") fill_in("user[email]", with: user.email) click_button("Send email") expect(page).to have_content("Check your email") end it " is shown their email on the password reset confirmation page" do - visit("/users/password/new") + visit("/account/password/new") fill_in("user[email]", with: user.email) click_button("Send email") expect(page).to have_content(user.email) end it " is shown the reset password confirmation page even if their email doesn't exist in the system" do - visit("/users/password/new") + visit("/account/password/new") fill_in("user[email]", with: "idontexist@example.com") click_button("Send email") - expect(page).to have_current_path("/confirmations/reset?email=idontexist%40example.com") + expect(page).to have_current_path("/account/password/reset-confirmation?email=idontexist%40example.com") end it " is sent a reset password email via Notify" do @@ -109,11 +109,11 @@ RSpec.describe "User Features" do name: user.name, email: user.email, organisation: user.organisation.name, - link: "http://localhost:3000/users/password/edit?reset_password_token=#{reset_password_token}", + link: "http://localhost:3000/account/password/edit?reset_password_token=#{reset_password_token}", }, }, ) - visit("/users/password/new") + visit("/account/password/new") fill_in("user[email]", with: user.email) click_button("Send email") end diff --git a/spec/requests/auth/passwords_controller_spec.rb b/spec/requests/auth/passwords_controller_spec.rb index 4dd4dccdd..0243f75e2 100644 --- a/spec/requests/auth/passwords_controller_spec.rb +++ b/spec/requests/auth/passwords_controller_spec.rb @@ -20,7 +20,7 @@ RSpec.describe Auth::PasswordsController, type: :request do let(:email) { user.email } it "redirects to the email sent page" do - post "/users/password", params: params + post "/account/password", params: params expect(response).to have_http_status(:redirect) follow_redirect! expect(response.body).to match(/Check your email/) @@ -35,7 +35,7 @@ RSpec.describe Auth::PasswordsController, type: :request do let(:email) { "madeup_email@test.com" } it "redirects to the email sent page anyway" do - post "/users/password", params: params + post "/account/password", params: params expect(response).to have_http_status(:redirect) follow_redirect! expect(response.body).to match(/Check your email/) @@ -59,12 +59,12 @@ RSpec.describe Auth::PasswordsController, type: :request do let(:message) { "Your password has been changed successfully. You are now signed in" } it "changes the password" do - expect { put "/users/password", params: update_password_params } + expect { put "/account/password", params: update_password_params } .to(change { user.reload.encrypted_password }) end it "after password change, the user is signed in" do - put "/users/password", params: update_password_params + put "/account/password", params: update_password_params # Devise redirects once after re-sign in with new password and then root redirects as well. follow_redirect! follow_redirect! diff --git a/spec/requests/bulk_upload_controller_spec.rb b/spec/requests/bulk_upload_controller_spec.rb index 2ea3c450d..4e10ef797 100644 --- a/spec/requests/bulk_upload_controller_spec.rb +++ b/spec/requests/bulk_upload_controller_spec.rb @@ -17,7 +17,7 @@ RSpec.describe BulkUploadController, type: :request do before { get url, headers: headers, params: {} } it "does not let you see the bulk upload page" do - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end @@ -25,7 +25,7 @@ RSpec.describe BulkUploadController, type: :request do before { post url, params: { bulk_upload: { case_log_bulk_upload: valid_file } } } it "does not let you submit bulk uploads" do - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end end diff --git a/spec/requests/case_logs_controller_spec.rb b/spec/requests/case_logs_controller_spec.rb index 4c396aaa7..ea58cbd28 100644 --- a/spec/requests/case_logs_controller_spec.rb +++ b/spec/requests/case_logs_controller_spec.rb @@ -200,7 +200,7 @@ RSpec.describe CaseLogsController, type: :request do context "with a user that is not signed in" do it "does not let the user get case log tasklist pages they don't have access to" do get "/logs/#{case_log.id}", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end diff --git a/spec/requests/form_controller_spec.rb b/spec/requests/form_controller_spec.rb index bed33d616..1fc4ceb12 100644 --- a/spec/requests/form_controller_spec.rb +++ b/spec/requests/form_controller_spec.rb @@ -24,19 +24,19 @@ RSpec.describe FormController, type: :request do describe "GET" do it "does not let you get case logs pages you don't have access to" do get "/logs/#{case_log.id}/person-1-age", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end it "does not let you get case log check answer pages you don't have access to" do get "/logs/#{case_log.id}/household-characteristics/check-answers", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end describe "POST" do it "does not let you post form answers to case logs you don't have access to" do post "/logs/#{case_log.id}/form", params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end end diff --git a/spec/requests/organisations_controller_spec.rb b/spec/requests/organisations_controller_spec.rb index b92c8da53..5c077b3a7 100644 --- a/spec/requests/organisations_controller_spec.rb +++ b/spec/requests/organisations_controller_spec.rb @@ -13,17 +13,17 @@ RSpec.describe OrganisationsController, type: :request do describe "#show" do it "does not let you see organisation details from org route" do get "/organisations/#{organisation.id}", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end it "does not let you see organisation details from details route" do get "/organisations/#{organisation.id}/details", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end it "does not let you see organisation users" do get "/organisations/#{organisation.id}/users", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end end diff --git a/spec/requests/rack_attack_spec.rb b/spec/requests/rack_attack_spec.rb index a265261ab..b030feb14 100644 --- a/spec/requests/rack_attack_spec.rb +++ b/spec/requests/rack_attack_spec.rb @@ -31,7 +31,7 @@ describe "Rack::Attack" do context "when the number of requests is under the throttle limit" do it "does not throttle" do under_limit.times do - post "/users/password", params: params + post "/account/password", params: params follow_redirect! end last_response = response @@ -42,7 +42,7 @@ describe "Rack::Attack" do context "when the number of requests is at the throttle limit" do it "does not throttle" do limit.times do - post "/users/password", params: params + post "/account/password", params: params follow_redirect! end last_response = response @@ -53,7 +53,7 @@ describe "Rack::Attack" do context "when the number of requests is over the throttle limit" do it "throttles" do over_limit.times do - post "/users/password", params: params + post "/account/password", params: params follow_redirect! end last_response = response diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb index 674607179..fb4623e28 100644 --- a/spec/requests/users_controller_spec.rb +++ b/spec/requests/users_controller_spec.rb @@ -20,35 +20,35 @@ RSpec.describe UsersController, type: :request do describe "#show" do it "does not let you see user details" do get "/users/#{user.id}", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end describe "#edit" do it "does not let you edit user details" do get "/users/#{user.id}/edit", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end describe "#password" do it "does not let you edit user passwords" do get "/users/#{user.id}/password/edit", headers: headers, params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end describe "#patch" do it "does not let you update user details" do patch "/logs/#{user.id}", params: {} - expect(response).to redirect_to("/users/sign-in") + expect(response).to redirect_to("/account/sign-in") end end describe "reset password" do it "renders the user edit password view" do _raw, enc = Devise.token_generator.generate(User, :reset_password_token) - get "/users/password/edit?reset_password_token=#{enc}" + get "/account/password/edit?reset_password_token=#{enc}" expect(page).to have_css("h1", class: "govuk-heading-l", text: "Reset your password") end @@ -88,7 +88,7 @@ RSpec.describe UsersController, type: :request do before do allow(User).to receive(:find_or_initialize_with_error_by).and_return(user) allow(user).to receive(:reset_password_sent_at).and_return(4.hours.ago) - put "/users/password", headers: headers, params: params + put "/account/password", headers: headers, params: params end it "shows an error" do