diff options
| -rw-r--r-- | app/controllers/user_controller.rb | 4 | ||||
| -rw-r--r-- | app/views/user/show.rhtml | 2 | ||||
| -rw-r--r-- | app/views/user/signchange.rhtml | 3 | ||||
| -rw-r--r-- | spec/controllers/user_controller_spec.rb | 58 | ||||
| -rw-r--r-- | todo.txt | 11 |
5 files changed, 65 insertions, 13 deletions
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index ec9f8b71a..61ea74923 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -4,7 +4,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: user_controller.rb,v 1.43 2008-03-21 15:02:55 francis Exp $ +# $Id: user_controller.rb,v 1.44 2008-03-21 15:31:31 francis Exp $ class UserController < ApplicationController # Show page about a set of users with same url name @@ -165,7 +165,7 @@ class UserController < ApplicationController post_redirect = PostRedirect.find_by_token(params[:pretoken]) do_post_redirect post_redirect.uri, post_redirect.post_params else - redirect_to :controller => "general", :action => "frontpage" # XXX should go back to login and where they were! + redirect_to user_url(@user) end end else diff --git a/app/views/user/show.rhtml b/app/views/user/show.rhtml index 6e14fd175..367bf88d4 100644 --- a/app/views/user/show.rhtml +++ b/app/views/user/show.rhtml @@ -16,7 +16,7 @@ <%= link_to "Send message to " + h(@display_user.name), contact_user_url(:id => @display_user.id) %> <% if @is_you %> (just to see how it works) - <br><%= link_to "Change your password", signchange_url + "?pretoken=" + h(params[:token]) %> + <br><%= link_to "Change your password", signchange_url() %> <% else %> <% end %> </p> diff --git a/app/views/user/signchange.rhtml b/app/views/user/signchange.rhtml index 8f6fe663c..032d80945 100644 --- a/app/views/user/signchange.rhtml +++ b/app/views/user/signchange.rhtml @@ -11,6 +11,7 @@ <h1>Change your password</h1> </div> + <p> <label class="form_label" for="user_password">New password:</label> <%= password_field 'user', 'password', { :size => 15 } %> </p> @@ -23,7 +24,7 @@ <div class="form_button"> <%= hidden_field_tag 'submitted_signchange_password', 1 %> <%= hidden_field_tag 'pretoken', params[:pretoken] %> - <%= submit_tag "Update" %> + <%= submit_tag "Change password" %> </div> <% end %> diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb index 6405cbe37..96b9fcdfd 100644 --- a/spec/controllers/user_controller_spec.rb +++ b/spec/controllers/user_controller_spec.rb @@ -226,3 +226,61 @@ describe UserController, "when sending another user a message" do end +describe UserController, "when changing password" do + integrate_views + fixtures :users + + it "should show the email form when not logged in" do + get :signchange + response.should render_template('signchange_send_confirm') + end + + it "should send a confirmation email when logged in normally" do + session[:user_id] = users(:bob_smith_user).id + get :signchange + response.should render_template('signchange_confirm') + + deliveries = ActionMailer::Base.deliveries + deliveries.size.should == 1 + mail = deliveries[0] + mail.body.should include("Please click on the link below to confirm your email address") + end + + it "should send a confirmation email when have wrong login circumstance" do + session[:user_id] = users(:bob_smith_user).id + session[:user_circumstance] = "bogus" + get :signchange + response.should render_template('signchange_confirm') + end + + it "should show the password change screen when logged in as special password change mode" do + session[:user_id] = users(:bob_smith_user).id + session[:user_circumstance] = "change_password" + get :signchange + response.should render_template('signchange') + end + + it "should change the password, if you have right to do so" do + session[:user_id] = users(:bob_smith_user).id + session[:user_circumstance] = "change_password" + + old_hash = users(:bob_smith_user).hashed_password + post :signchange, { :user => { :password => 'ooo', :password_confirmation => 'ooo' }, + :submitted_signchange_password => 1 + } + users(:bob_smith_user).hashed_password.should != old_hash + + response.should redirect_to(:controller => 'user', :action => 'show', :url_name => users(:bob_smith_user).url_name) + end + + it "should not change the password, if you're not logged in" do + end + + it "should not change the password, if you're just logged in normally" do + end + +end + + + + @@ -1,6 +1,3 @@ -:user_authtype is crappy -:submitted_signchange_email is wrong - Search: Gah - test to see if it queries solr when new message arrives @@ -34,12 +31,6 @@ Send email to remind people to classify Send email to tell admins something isn't classified Send email to remind people to clarify -Add all new stuff to test code till it has reasonable coverage -- rake spec:check - -Fix password change to use a special field in post redirect rather than other nonsense -- then can it be used for email change instead? - Search and replace text "FOI" and "Freedom of Information" out the way more - but put it in the title tag "public body" --> "public authority"? @@ -70,6 +61,8 @@ when sending "my response is late" Holding pen with comments - new requests don't get sent straight away, but are delayed while people help improve them. +Change email address - easier to do now with post_redirect.circumstance? + One of the PDFs on live site has: Error: PDF version 1.6 -- xpdf supports version 1.5 (continuing anyway) Need to upgrade to poppler-utils? |