-
Notifications
You must be signed in to change notification settings - Fork 45
Expand file tree
/
Copy pathsend_password_reset_spec.rb
More file actions
103 lines (83 loc) · 3.26 KB
/
send_password_reset_spec.rb
File metadata and controls
103 lines (83 loc) · 3.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'Send Password Reset Requests' do
include_context 'with graphql query request'
let!(:user) { create(:user, :confirmed, email: 'jwinnfield@wallaceinc.com') }
let(:email) { user.email }
let(:redirect_url) { 'https://google.com' }
let(:query) do
<<-GRAPHQL
mutation {
userSendPasswordReset(
email: "#{email}",
redirectUrl: "#{redirect_url}"
) {
message
}
}
GRAPHQL
end
context 'when redirect_url is not whitelisted' do
let(:redirect_url) { 'https://not-safe.com' }
it 'returns a not whitelisted redirect url error' do
expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
expect(json_response[:errors]).to containing_exactly(
hash_including(
message: "Redirect to '#{redirect_url}' not allowed.",
extensions: { code: 'USER_ERROR' }
)
)
end
end
context 'when params are correct' do
context 'when using the gem schema' do
it 'sends password reset email' do
expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
expect(json_response[:data][:userSendPasswordReset]).to include(
message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
)
email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
link = email.css('a').first
expect(link['href']).to include('/api/v1/graphql_auth?')
expect do
get link['href']
user.reload
end.to change(user, :allow_password_change).from(false).to(true)
end
end
context 'when using a custom schema' do
let(:custom_path) { '/api/v1/graphql' }
it 'sends password reset email' do
expect { post_request(custom_path) }.to change(ActionMailer::Base.deliveries, :count).by(1)
expect(json_response[:data][:userSendPasswordReset]).to include(
message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
)
email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
link = email.css('a').first
expect(link['href']).to include("#{custom_path}?")
expect do
get link['href']
user.reload
end.to change(user, :allow_password_change).from(false).to(true)
end
end
end
context 'when email address uses different casing' do
let(:email) { 'jWinnfield@wallaceinc.com' }
it 'honors devise configuration for case insensitive fields' do
expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
expect(json_response[:data][:userSendPasswordReset]).to include(
message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
)
end
end
context 'when user email is not found' do
let(:email) { 'nothere@gmail.com' }
before { post_request }
it 'returns an error' do
expect(json_response[:errors]).to contain_exactly(
hash_including(message: 'User was not found or was not logged in.', extensions: { code: 'USER_ERROR' })
)
end
end
end