From de3118bc7b661c348d20bf409d24962baa989ef2 Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Thu, 17 Sep 2020 15:35:40 +0200
Subject: [PATCH] force password reset on admin promotion or creation

---
 app/models/user.rb                             |  8 +-------
 .../invite_admin.html.haml                     |  4 ++--
 spec/mailers/administration_mailer_spec.rb     | 18 +++++++++++++++---
 spec/models/user_spec.rb                       |  4 +++-
 4 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index e713006f0..f3273e777 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -90,13 +90,7 @@ class User < ApplicationRecord
   end
 
   def invite_administrateur!(administration_id)
-    reset_password_token = nil
-
-    if !active?
-      reset_password_token = set_reset_password_token
-    end
-
-    AdministrationMailer.invite_admin(self, reset_password_token, administration_id).deliver_later
+    AdministrationMailer.invite_admin(self, set_reset_password_token, administration_id).deliver_later
   end
 
   def remind_invitation!
diff --git a/app/views/administration_mailer/invite_admin.html.haml b/app/views/administration_mailer/invite_admin.html.haml
index ee56b73a0..69b249924 100644
--- a/app/views/administration_mailer/invite_admin.html.haml
+++ b/app/views/administration_mailer/invite_admin.html.haml
@@ -9,7 +9,7 @@
 %p
   Votre compte administrateur a été créé pour l'adresse email #{@admin.email}.
 
-- if @reset_password_token.present?
+- if !@admin.active?
   %p
     %b
       Pour l’activer, cliquez sur le lien suivant :
@@ -17,7 +17,7 @@
 - else
   %p
     Pour vous connecter, cliquez sur le lien suivant :
-    = link_to(new_user_session_url, new_user_session_url)
+    = link_to edit_user_password_url(@admin, reset_password_token: @reset_password_token), edit_user_password_url(@admin, reset_password_token: @reset_password_token)
 
 %p
   = render partial: "layouts/mailers/bizdev_signature", locals: { author_name: @author_name }
diff --git a/spec/mailers/administration_mailer_spec.rb b/spec/mailers/administration_mailer_spec.rb
index 0646b7a12..e2e8e875a 100644
--- a/spec/mailers/administration_mailer_spec.rb
+++ b/spec/mailers/administration_mailer_spec.rb
@@ -1,12 +1,24 @@
 RSpec.describe AdministrationMailer, type: :mailer do
   describe '#invite_admin' do
-    let(:admin) { create(:administrateur) }
-    let(:token) { "Toc toc toc" }
+    let(:admin_user) { create(:user, last_sign_in_at: last_sign_in_at) }
+    let(:token) { "some_token" }
     let(:administration_id) { BizDev::PIPEDRIVE_ID }
+    let(:last_sign_in_at) { nil }
 
-    subject { described_class.invite_admin(admin, token, administration_id) }
+    subject { described_class.invite_admin(admin_user, token, administration_id) }
 
     it { expect(subject.subject).not_to be_empty }
+
+    describe "when the user has not been activated" do
+      it { expect(subject.body).to include(admin_activate_path(token: token)) }
+      it { expect(subject.body).not_to include(edit_user_password_url(admin_user, reset_password_token: token)) }
+    end
+
+    describe "when the user is already active" do
+      let(:last_sign_in_at) { Time.zone.now }
+      it { expect(subject.body).not_to include(admin_activate_path(token: token)) }
+      it { expect(subject.body).to include(edit_user_password_url(admin_user, reset_password_token: token)) }
+    end
   end
 
   describe '#refuse_admin' do
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 54b6a856e..e4a1b7754 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -186,7 +186,9 @@ describe User, type: :model do
         subject
       end
 
-      it { expect(AdministrationMailer).to have_received(:invite_admin).with(user, nil, administration.id) }
+      it 'receives an invitation to update its password' do
+        expect(AdministrationMailer).to have_received(:invite_admin).with(user, kind_of(String), administration.id)
+      end
     end
   end