Search code examples
ruby-on-railsdevisefactory-botrspec-rails

Devise testing expired reset token

I need some help here

I'm testing weather a expired reset_password_token should update or not a user account. I'm setting reset_password_sent_at attribute in User model to a expired value, but the user's password are been updated anyway. I'm using Devise's recoverable module.

factories/user.rb

factory :user_expired_unconfirmed_password do
  email { Faker::Internet.email }
  password { default_password }
  password_confirmation { default_password }
  confirmed_at { 2.days.ago }
  reset_password_token { nil }
  reset_password_sent_at { nil }
  updated_at { 2.hours.ago }
end

passwords_spec.rb

RSpec.describe Devise::PasswordsController, type: :request do
  it "creater users with expired reset_password_token (6 hours max.) shouldn't update password" do
    user = FactoryBot.create(:user_expired_unconfirmed_password)
    reset_password_token = user.send_reset_password_instructions

    old_passw = user.encrypted_password
    new_passw = 'test_new_passw_123'

    # expire token
    user.reset_password_sent_at = 7.hours.ago

    #### debbug ###
    # user.reload # if uncommented, got true in the below line
    puts user.reset_password_period_valid? # got false

    put user_password_path,
      :params => {
        "user" => {
          "reset_password_token" => reset_password_token,
          "password" => new_passw,
          "password_confirmation" => new_passw
        }
      }

    expect(user.reload.encrypted_password).to eq old_passw # got false here
  end
end

P.s: Using the method reset_password_period_valid? I got false and true if I reload the user, but independent of that it's not passing the assertion.

Any idea what would be? I tested these helpers methods in Model tests with valid and expire reset_password_token to change the password and it worked right.

Solution

  • Try saving the user with the new value of the reset_password_token

    RSpec.describe Devise::PasswordsController, type: :request do
  it "creater users with expired reset_password_token (6 hours max.) shouldn't update password" do
    user = FactoryBot.create(:user_expired_unconfirmed_password)
    reset_password_token = user.send_reset_password_instructions

    # expire token
    user.reset_password_sent_at = 7.hours.ago
    user.save

    #### debbug ###
    user.reload
    puts user.reset_password_period_valid? # You should get false

    old_passw = user.encrypted_password
    new_passw = 'test_new_passw_123'

    put user_password_path,
      :params => {
        "user" => {
          "reset_password_token" => reset_password_token,
          "password" => new_passw,
          "password_confirmation" => new_passw
        }
      }

    expect(user.reload.encrypted_password).to eq old_passw # got false here
   end
end