1 files changed, 81 insertions, 17 deletions

diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t
index 67466e959..3a11cfc4a 100644
--- a/t/app/controller/auth.t
+++ b/t/app/controller/auth.t
@@ -2,16 +2,19 @@ use strict;
 use warnings;
 
 use Test::More;
+use Test::MockModule;
 
 use FixMyStreet::TestMech;
 my $mech = FixMyStreet::TestMech->new;
 
 my $test_email    = 'test@example.com';
+my $test_email2   = 'test@example.net';
 my $test_password = 'foobar';
 $mech->delete_user($test_email);
 
 END {
     $mech->delete_user($test_email);
+    $mech->delete_user($test_email2);
     done_testing();
 }
 
@@ -31,6 +34,13 @@ for my $test (
   )
 {
     my ( $email, $error_message ) = @$test;
+
+    my $resolver = Test::MockModule->new('Net::DNS::Resolver');
+    $resolver->mock('send', sub {
+        my ($self, $domain, $type) = @_;
+        return Net::DNS::Packet->new;
+    });
+
     pass "--- testing bad email '$email' gives error '$error_message'";
     $mech->get_ok('/auth');
     is_deeply $mech->page_errors, [], 'no errors initially';
@@ -46,6 +56,10 @@ for my $test (
     is_deeply $mech->page_errors, [ $error_message ], 'errors match';
 }
 
+# Email address parsing should pass from here
+my $resolver = Test::MockModule->new('Email::Valid');
+$resolver->mock('address', sub { $_[1] });
+
 # create a new account
 $mech->clear_emails_ok;
 $mech->get_ok('/auth');
@@ -63,16 +77,14 @@ $mech->not_logged_in_ok;
 
 # check that we got one email
 {
-    $mech->email_count_is(1);
     my $email = $mech->get_email;
     $mech->clear_emails_ok;
-    is $email->header('Subject'), "Your FixMyStreet.com account details",
+    is $email->header('Subject'), "Your FixMyStreet account details",
       "subject is correct";
     is $email->header('To'), $test_email, "to is correct";
 
     # extract the link
-    my ($link) = $email->body =~ m{(http://\S+)};
-    ok $link, "Found a link in email '$link'";
+    my $link = $mech->get_link_from_email($email);
 
     # check that the user does not exist
     sub get_user {
@@ -91,13 +103,8 @@ $mech->not_logged_in_ok;
     is $mech->uri->path, '/my', "redirected to the 'my' section of site";
     $mech->logged_in_ok;
 
-    # logout and try to use the token again
+    # logout
     $mech->log_out_ok;
-    $mech->get_ok($link);
-    is $mech->uri, $link, "not logged in";
-    $mech->content_contains( 'Link too old or already used',
-        'token now invalid' );
-    $mech->not_logged_in_ok;
 }
 
 # get a sign in email and change password
@@ -121,10 +128,7 @@ $mech->not_logged_in_ok;
     # follow link and change password - check not prompted for old password
     $mech->not_logged_in_ok;
 
-    $mech->email_count_is(1);
-    my $email = $mech->get_email;
-    $mech->clear_emails_ok;
-    my ($link) = $email->body =~ m{(http://\S+)};
+    my $link = $mech->get_link_from_email;
     $mech->get_ok($link);
     is $mech->uri->path, '/faq', "redirected to the Help page";
 
@@ -133,7 +137,7 @@ $mech->not_logged_in_ok;
     ok my $form = $mech->form_name('change_password'),
       "found change password form";
     is_deeply [ sort grep { $_ } map { $_->name } $form->inputs ],    #
-      [ 'confirm', 'new_password' ],
+      [ 'confirm', 'new_password', 'token' ],
       "check we got expected fields (ie not old_password)";
 
     # check the various ways the form can be wrong
@@ -180,6 +184,48 @@ $mech->not_logged_in_ok;
     ok $user->password, "user now has a password";
 }
 
+subtest "Test change email page" => sub {
+    # Still signed in from the above test
+    $mech->get_ok('/my');
+    $mech->follow_link_ok({url => '/auth/change_email'});
+    $mech->submit_form_ok(
+        { with_fields => { email => "" } },
+        "submit blank change email form"
+    );
+    $mech->content_contains( 'Please enter your email', "found expected error" );
+    $mech->submit_form_ok({ with_fields => { email => $test_email2 } }, "change_email to $test_email2");
+    is $mech->uri->path, '/auth/change_email', "still on change email page";
+    $mech->content_contains( 'Now check your email', "found check your email" );
+    my $link = $mech->get_link_from_email;
+    $mech->get_ok($link);
+    is $mech->uri->path, '/auth/change_email/success', "redirected to the change_email page";
+    $mech->content_contains('successfully confirmed');
+    ok(FixMyStreet::App->model('DB::User')->find( { email => $test_email2 } ), "got a user");
+
+    ok(FixMyStreet::App->model('DB::User')->create( { email => $test_email } ), "created old user");
+    $mech->submit_form_ok({ with_fields => { email => $test_email } },
+        "change_email back to $test_email"
+    );
+    is $mech->uri->path, '/auth/change_email', "still on change email page";
+    $mech->content_contains( 'Now check your email', "found check your email" );
+    $link = $mech->get_link_from_email;
+    $mech->get_ok($link);
+    is $mech->uri->path, '/auth/change_email/success', "redirected to the change_email page";
+    $mech->content_contains('successfully confirmed');
+
+    # Test you can't click the link if logged out
+    $mech->submit_form_ok({ with_fields => { email => $test_email } },
+        "change_email back to $test_email"
+    );
+    is $mech->uri->path, '/auth/change_email', "still on change email page";
+    $mech->content_contains( 'Now check your email', "found check your email" );
+    $link = $mech->get_link_from_email;
+    $mech->log_out_ok;
+    $mech->get_ok($link);
+    isnt $mech->uri->path, '/auth/change_email/success', "not redirected to the change_email page";
+    $mech->content_contains('Sorry');
+};
+
 foreach my $remember_me ( '1', '0' ) {
     subtest "sign in using valid details (remember_me => '$remember_me')" => sub {
         $mech->get_ok('/auth');
@@ -193,7 +239,7 @@ foreach my $remember_me ( '1', '0' ) {
                 },
                 button => 'sign_in',
             },
-            "sign in with '$test_email' & '$test_password"
+            "sign in with '$test_email' & '$test_password'"
         );
         is $mech->uri->path, '/my', "redirected to correct page";
 
@@ -218,10 +264,28 @@ $mech->submit_form_ok(
         },
         button => 'sign_in',
     },
-    "sign in with '$test_email' & '$test_password"
+    "sign in with '$test_email' & 'not the password'"
 );
 is $mech->uri->path, '/auth', "redirected to correct page";
 $mech->content_contains( 'problem with your email/password combination', 'found error message' );
 
+subtest "sign in but have email form autofilled" => sub {
+    $mech->get_ok('/auth');
+    $mech->submit_form_ok(
+        {
+            form_name => 'general_auth',
+            fields    => {
+                email    => $test_email,
+                password_sign_in => $test_password,
+                name => 'Auto-completed from elsewhere',
+            },
+            button => 'sign_in',
+        },
+        "sign in with '$test_email' and auto-completed name"
+    );
+    is $mech->uri->path, '/my', "redirected to correct page";
+};
+
+
 # more test:
 # TODO: test that email are always lowercased