1 files changed, 62 insertions, 2 deletions

diff --git a/t/app/controller/report_updates.t b/t/app/controller/report_updates.t
index 3b53e6c46..3076a4564 100644
--- a/t/app/controller/report_updates.t
+++ b/t/app/controller/report_updates.t
@@ -406,7 +406,7 @@ for my $test (
 
 for my $test (
     {
-        desc => 'submit an update for a non registered user, signing in with wrong password',
+        desc => 'submit an update for a registered user, signing in with wrong password',
         form_values => {
             submit_update => 1,
             rznvy         => 'registered@example.com',
@@ -420,7 +420,7 @@ for my $test (
         ],
     },
     {
-        desc => 'submit an update for a non registered user and sign in',
+        desc => 'submit an update for a registered user and sign in',
         form_values => {
             submit_update => 1,
             rznvy         => 'registered@example.com',
@@ -479,6 +479,66 @@ for my $test (
     };
 }
 
+subtest 'submit an update for a registered user, creating update by email' => sub {
+    my $user = $mech->create_user_ok( 'registered@example.com' );
+    $user->update( { name => 'Mr Reg', password => 'secret2' } );
+    $report->comments->delete;
+    $mech->log_out_ok();
+    $mech->clear_emails_ok();
+    $mech->get_ok("/report/$report_id");
+    $mech->submit_form_ok( {
+        with_fields => {
+            submit_update => 1,
+            rznvy         => 'registered@example.com',
+            update        => 'Update from a user',
+            add_alert     => undef,
+            name          => 'New Name',
+            password_register => 'new_secret',
+        },
+    }, 'submit update' );
+
+    $mech->content_contains('Nearly Done! Now check your email');
+
+    # No change to user yet.
+    $user->discard_changes;
+    ok $user->check_password( 'secret2' ), 'password unchanged';
+    is $user->name, 'Mr Reg', 'name unchanged';
+
+    my $email = $mech->get_email;
+    ok $email, "got an email";
+    like $email->body, qr/confirm the update you/i, "Correct email text";
+
+    my ( $url, $url_token ) = $email->body =~ m{(http://\S+/C/)(\S+)};
+    ok $url, "extracted confirm url '$url'";
+
+    my $token = FixMyStreet::App->model('DB::Token')->find( {
+        token => $url_token,
+        scope => 'comment'
+    } );
+    ok $token, 'Token found in database';
+
+    my $update_id  = $token->data->{id};
+    my $add_alerts = $token->data->{add_alert};
+    my $update = FixMyStreet::App->model('DB::Comment')->find( { id => $update_id } );
+
+    ok $update, 'found update in database';
+    is $update->state, 'unconfirmed', 'update unconfirmed';
+    is $update->user->email, 'registered@example.com', 'update email';
+    is $update->text, 'Update from a user', 'update text';
+
+    $mech->get_ok( $url . $url_token );
+    $mech->content_contains("/report/$report_id#update_$update_id");
+
+    # User should have new name and password
+    $user->discard_changes;
+    ok $user->check_password( 'new_secret' ), 'password changed';
+    is $user->name, 'New Name', 'name changed';
+
+    $update->discard_changes;
+    is $update->state, 'confirmed', 'update confirmed';
+    $mech->delete_user( $user );
+};
+
 for my $test (
     {
         desc => 'submit update for registered user',