FIX: Don't redirect to wizard when resetting password

2024-11-23 06:04:11 +08:00 · 2017-06-07 12:36:52 -04:00 · 2017-06-07 12:36:52 -04:00 · 54bb2a6bc2
commit 54bb2a6bc2
parent d326784ecf
2 changed files with 13 additions and 2 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -434,7 +434,7 @@ class UsersController < ApplicationController
        else
          store_preloaded("password_reset", MultiJson.dump({ is_developer: UsernameCheckerService.is_developer?(@user.email) }))
        end
-        return redirect_to(wizard_path) if Wizard.user_requires_completion?(@user)
+        return redirect_to(wizard_path) if request.put? && Wizard.user_requires_completion?(@user)
      end

      format.json do
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -307,12 +307,23 @@ describe UsersController do
        expect(user.user_auth_tokens.count).to eq(1)
      end

+      it "doesn't redirect to wizard on get" do
+        user = Fabricate(:admin)
+        UserAuthToken.generate!(user_id: user.id)
+
+        token = user.email_tokens.create(email: user.email).token
+        get :password_reset, token: token
+        expect(response).not_to redirect_to(wizard_path)
+      end
+
      it "redirects to the wizard if you're the first admin" do
        user = Fabricate(:admin)
+        UserAuthToken.generate!(user_id: user.id)
+
        token = user.email_tokens.create(email: user.email).token
        get :password_reset, token: token
        put :password_reset, token: token, password: 'hg9ow8yhg98oadminlonger'
-        expect(response).to be_redirect
+        expect(response).to redirect_to(wizard_path)
      end

      it "doesn't invalidate the token when loading the page" do