demarches-normaliennes/spec/system/users/managing_password_spec.rb
2024-09-17 09:31:47 +02:00

117 lines
4.5 KiB
Ruby
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# frozen_string_literal: true
describe 'Managing password:', js: true do
context 'for simple users' do
let(:user) { create(:user) }
let(:new_password) { 'a new, long, and complicated password!' }
scenario 'a simple user can reset their password' do
visit root_path
within('.fr-header .fr-container .fr-header__tools .fr-btns-group') do
click_on 'Se connecter'
end
click_on 'Mot de passe oublié ?'
expect(page).to have_current_path(new_user_password_path)
fill_in 'Adresse électronique', with: user.email
perform_enqueued_jobs do
click_on 'Demander un nouveau mot de passe'
end
expect(page).to have_text 'nous vous avons envoyé un email'
expect(page).to have_text user.email
click_reset_password_link_for user.email
expect(page).to have_content 'Changement de mot de passe'
fill_in 'user_password', with: new_password
fill_in 'user_password_confirmation', with: new_password
click_on 'Changer le mot de passe'
expect(page).to have_content('Votre mot de passe a bien été modifié.')
end
end
context 'for admins' do
let(:administrateur) { administrateurs(:default_admin) }
let(:user) { administrateur.user }
let(:weak_password) { '000000000000' }
let(:strong_password) { 'a new, long, and complicated password!' }
scenario 'an admin can reset their password' do
visit root_path
within('.fr-header .fr-container .fr-header__tools .fr-btns-group') do
click_on 'Se connecter'
end
click_on 'Mot de passe oublié ?'
expect(page).to have_current_path(new_user_password_path)
fill_in 'Adresse électronique', with: user.email
perform_enqueued_jobs do
click_on 'Demander un nouveau mot de passe'
end
expect(page).to have_text 'nous vous avons envoyé un email'
expect(page).to have_text user.email
click_reset_password_link_for user.email
expect(page).to have_content 'Changement de mot de passe'
fill_in 'user_password', with: weak_password
fill_in 'user_password_confirmation', with: weak_password
expect(page).to have_text('Mot de passe très vulnérable')
expect(page).to have_button('Changer le mot de passe', disabled: true)
fill_in 'user_password', with: strong_password
fill_in 'user_password_confirmation', with: strong_password
expect(page).to have_text('Mot de passe suffisamment fort et sécurisé')
expect(page).to have_button('Changer le mot de passe', disabled: false)
click_on 'Changer le mot de passe'
expect(page).to have_content('Votre mot de passe a bien été modifié.')
end
end
context 'for super-admins' do
let(:super_admin) { create(:super_admin) }
let(:weak_password) { '000000000000' }
let(:strong_password) { 'a new, long, and complicated password!' }
scenario 'a super-admin can reset their password' do
visit manager_root_path
click_on 'Mot de passe oublié'
expect(page).to have_current_path(new_super_admin_password_path)
fill_in 'Adresse électronique', with: super_admin.email
perform_enqueued_jobs do
click_on 'Demander un nouveau mot de passe'
end
expect(page).to have_text 'vous recevrez un lien vous permettant de récupérer votre mot de passe'
click_reset_password_link_for super_admin.email
expect(page).to have_content 'Changement de mot de passe'
fill_in 'super_admin_password', with: weak_password
fill_in 'super_admin_password_confirmation', with: weak_password
expect(page).to have_text('Mot de passe très vulnérable')
expect(page).to have_button('Changer le mot de passe', disabled: true)
fill_in 'super_admin_password', with: strong_password
fill_in 'super_admin_password_confirmation', with: strong_password
expect(page).to have_text('Mot de passe suffisamment fort et sécurisé')
expect(page).to have_button('Changer le mot de passe', disabled: false)
click_on 'Changer le mot de passe'
expect(page).to have_content('Votre mot de passe a bien été modifié.')
end
end
scenario 'the password reset token has expired' do
visit edit_user_password_path(reset_password_token: 'invalid-password-token')
expect(page).to have_content 'Changement de mot de passe'
fill_in 'user_password', with: SECURE_PASSWORD
fill_in 'user_password_confirmation', with: SECURE_PASSWORD
click_on 'Changer le mot de passe'
expect(page).to have_content('Votre lien de nouveau mot de passe a expiré')
end
end