t/app/controller/auth_profile.t


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

use FixMyStreet::TestMech;
my $mech = FixMyStreet::TestMech->new;

my $test_email    = 'test@example.com';
my $test_email2   = 'test@example.net';
my $test_password = 'foobar';

END {
    done_testing();
}

# get a sign in email and change password
{
    $mech->clear_emails_ok;
    $mech->get_ok('/auth');
    $mech->submit_form_ok(
        {
            form_name => 'general_auth',
            fields    => {
                username => "$test_email",
                r     => 'faq', # Just as a test
            },
            button => 'sign_in_by_code',
        },
        "sign_in_by_code with '$test_email'"
    );

    # follow link and change password - check not prompted for old password
    $mech->not_logged_in_ok;

    my $link = $mech->get_link_from_email;
    $mech->get_ok($link);
    is $mech->uri->path, '/faq', "redirected to the Help page";

    $mech->get_ok('/auth/change_password');

    ok my $form = $mech->form_name('change_password'),
      "found change password form";
    is_deeply [ sort grep { $_ } map { $_->name } $form->inputs ],    #
      [ 'confirm', 'new_password', 'token' ],
      "check we got expected fields (ie not old_password)";

    # check the various ways the form can be wrong
    for my $test (
        { new => '',       conf => '',           err => 'enter a password', },
        { new => 'secret', conf => '',           err => 'do not match', },
        { new => '',       conf => 'secret',     err => 'do not match', },
        { new => 'secret', conf => 'not_secret', err => 'do not match', },
      )
    {
        $mech->get_ok('/auth/change_password');
        $mech->content_lacks( $test->{err}, "did not find expected error" );
        $mech->submit_form_ok(
            {
                form_name => 'change_password',
                fields =>
                  { new_password => $test->{new}, confirm => $test->{conf}, },
            },
            "change_password with '$test->{new}' and '$test->{conf}'"
        );
        $mech->content_contains( $test->{err}, "found expected error" );
    }

    my $user =
      FixMyStreet::App->model('DB::User')->find( { email => $test_email } );
    ok $user, "got a user";
    ok !$user->password, "user has no password";

    $mech->get_ok('/auth/change_password');
    $mech->submit_form_ok(
        {
            form_name => 'change_password',
            fields =>
              { new_password => $test_password, confirm => $test_password, },
        },
        "change_password with '$test_password' and '$test_password'"
    );
    is $mech->uri->path, '/auth/change_password',
      "still on change password page";
    $mech->content_contains( 'password has been changed',
        "found password changed" );

    $user->discard_changes();
    ok $user->password, "user now has a password";
}

subtest "Test change email page" => sub {
    # Still signed in from the above test
    $mech->get_ok('/my');
    $mech->follow_link_ok({url => '/auth/change_email'});
    $mech->submit_form_ok(
        { with_fields => { email => "" } },
        "submit blank change email form"
    );
    $mech->content_contains( 'Please enter your email', "found expected error" );
    $mech->submit_form_ok({ with_fields => { email => $test_email2 } }, "change_email to $test_email2");
    is $mech->uri->path, '/auth/change_email', "still on change email page";
    $mech->content_contains( 'Now check your email', "found check your email" );
    my $link = $mech->get_link_from_email;
    $mech->get_ok($link);
    is $mech->uri->path, '/auth/change_email/success', "redirected to the change_email page";
    $mech->content_contains('successfully confirmed');
    ok(FixMyStreet::App->model('DB::User')->find( { email => $test_email2 } ), "got a user");

    ok(FixMyStreet::App->model('DB::User')->create( { email => $test_email, email_verified => 1 } ), "created old user");
    $mech->submit_form_ok({ with_fields => { email => $test_email } },
        "change_email back to $test_email"
    );
    is $mech->uri->path, '/auth/change_email', "still on change email page";
    $mech->content_contains( 'Now check your email', "found check your email" );
    $link = $mech->get_link_from_email;
    $mech->get_ok($link);
    is $mech->uri->path, '/auth/change_email/success', "redirected to the change_email page";
    $mech->content_contains('successfully confirmed');

    # Test you can't click the link if logged out
    $mech->submit_form_ok({ with_fields => { email => $test_email } },
        "change_email back to $test_email"
    );
    is $mech->uri->path, '/auth/change_email', "still on change email page";
    $mech->content_contains( 'Now check your email', "found check your email" );
    $link = $mech->get_link_from_email;
    $mech->log_out_ok;
    $mech->get_ok($link);
    isnt $mech->uri->path, '/auth/change_email/success', "not redirected to the change_email page";
    $mech->content_contains('Sorry');
};