2 files changed, 77 insertions, 5 deletions

diff --git a/t/app/controller/report_new.t b/t/app/controller/report_new.t
index 537786ebc..f06c23501 100644
--- a/t/app/controller/report_new.t
+++ b/t/app/controller/report_new.t
@@ -331,6 +331,9 @@ foreach my $test (
         my $user = FixMyStreet::App->model('DB::User')->find( { email => $test_email } );
         ok $user, "test user does exist";
         $user->problems->delete;
+        $user->name( 'Old Name' );
+        $user->password( 'old_password' );
+        $user->update;
     } else {
         ok !FixMyStreet::App->model('DB::User')->find( { email => $test_email } ),
           "test user does not exist";
@@ -366,11 +369,15 @@ foreach my $test (
     # check that we got the errors expected
     is_deeply $mech->form_errors, [], "check there were no errors";
 
-    # check that the user has been created
+    # check that the user has been created/ not changed
     my $user =
       FixMyStreet::App->model('DB::User')->find( { email => $test_email } );
-    ok $user, "created new user";
-    ok $user->check_password('secret'), 'password set correctly';
+    ok $user, "user found";
+    if ($test->{user}) {
+        ok $user->check_password('old_password'), 'password unchanged';
+    } else {
+        ok $user->check_password('secret'), 'password set correctly';
+    }
 
     # find the report
     my $report = $user->problems->first;
@@ -398,6 +405,11 @@ foreach my $test (
 
     $mech->get_ok( '/report/' . $report->id );
 
+    if ($test->{user}) {
+        is $report->name, 'Joe Bloggs', 'name updated correctly';
+        ok $report->user->check_password('secret'), 'password updated correctly';
+    }
+
     # check that the reporter has an alert
     my $alert = FixMyStreet::App->model('DB::Alert')->find( {
         user       => $report->user,
diff --git a/t/app/controller/report_updates.t b/t/app/controller/report_updates.t
index 3b53e6c46..3076a4564 100644
--- a/t/app/controller/report_updates.t
+++ b/t/app/controller/report_updates.t
@@ -406,7 +406,7 @@ for my $test (
 
 for my $test (
     {
-        desc => 'submit an update for a non registered user, signing in with wrong password',
+        desc => 'submit an update for a registered user, signing in with wrong password',
         form_values => {
             submit_update => 1,
             rznvy         => 'registered@example.com',
@@ -420,7 +420,7 @@ for my $test (
         ],
     },
     {
-        desc => 'submit an update for a non registered user and sign in',
+        desc => 'submit an update for a registered user and sign in',
         form_values => {
             submit_update => 1,
             rznvy         => 'registered@example.com',
@@ -479,6 +479,66 @@ for my $test (
     };
 }
 
+subtest 'submit an update for a registered user, creating update by email' => sub {
+    my $user = $mech->create_user_ok( 'registered@example.com' );
+    $user->update( { name => 'Mr Reg', password => 'secret2' } );
+    $report->comments->delete;
+    $mech->log_out_ok();
+    $mech->clear_emails_ok();
+    $mech->get_ok("/report/$report_id");
+    $mech->submit_form_ok( {
+        with_fields => {
+            submit_update => 1,
+            rznvy         => 'registered@example.com',
+            update        => 'Update from a user',
+            add_alert     => undef,
+            name          => 'New Name',
+            password_register => 'new_secret',
+        },
+    }, 'submit update' );
+
+    $mech->content_contains('Nearly Done! Now check your email');
+
+    # No change to user yet.
+    $user->discard_changes;
+    ok $user->check_password( 'secret2' ), 'password unchanged';
+    is $user->name, 'Mr Reg', 'name unchanged';
+
+    my $email = $mech->get_email;
+    ok $email, "got an email";
+    like $email->body, qr/confirm the update you/i, "Correct email text";
+
+    my ( $url, $url_token ) = $email->body =~ m{(http://\S+/C/)(\S+)};
+    ok $url, "extracted confirm url '$url'";
+
+    my $token = FixMyStreet::App->model('DB::Token')->find( {
+        token => $url_token,
+        scope => 'comment'
+    } );
+    ok $token, 'Token found in database';
+
+    my $update_id  = $token->data->{id};
+    my $add_alerts = $token->data->{add_alert};
+    my $update = FixMyStreet::App->model('DB::Comment')->find( { id => $update_id } );
+
+    ok $update, 'found update in database';
+    is $update->state, 'unconfirmed', 'update unconfirmed';
+    is $update->user->email, 'registered@example.com', 'update email';
+    is $update->text, 'Update from a user', 'update text';
+
+    $mech->get_ok( $url . $url_token );
+    $mech->content_contains("/report/$report_id#update_$update_id");
+
+    # User should have new name and password
+    $user->discard_changes;
+    ok $user->check_password( 'new_secret' ), 'password changed';
+    is $user->name, 'New Name', 'name changed';
+
+    $update->discard_changes;
+    is $update->state, 'confirmed', 'update confirmed';
+    $mech->delete_user( $user );
+};
+
 for my $test (
     {
         desc => 'submit update for registered user',