mirror of
https://github.com/discourse/discourse.git
synced 2024-11-23 01:47:22 +08:00
FIX: handle invalid password reset token
This commit is contained in:
parent
c1cb6053b7
commit
672888f526
|
@ -504,8 +504,8 @@ class UsersController < ApplicationController
|
|||
success: false,
|
||||
message: @error,
|
||||
errors: @user&.errors&.to_hash,
|
||||
is_developer: UsernameCheckerService.is_developer?(@user.email),
|
||||
admin: @user.admin?
|
||||
is_developer: UsernameCheckerService.is_developer?(@user&.email),
|
||||
admin: @user&.admin?
|
||||
}
|
||||
else
|
||||
render json: {
|
||||
|
|
|
@ -303,11 +303,9 @@ describe UsersController do
|
|||
context 'invalid token' do
|
||||
render_views
|
||||
|
||||
before do
|
||||
get :password_reset, params: { token: "evil_trout!" }
|
||||
end
|
||||
|
||||
it 'disallows login' do
|
||||
get :password_reset, params: { token: "evil_trout!" }
|
||||
|
||||
expect(response).to be_success
|
||||
|
||||
expect(CGI.unescapeHTML(response.body))
|
||||
|
@ -319,6 +317,16 @@ describe UsersController do
|
|||
|
||||
expect(session[:current_user_id]).to be_blank
|
||||
end
|
||||
|
||||
it "responds with proper error message" do
|
||||
put :password_reset, params: {
|
||||
token: "evil_trout!", password: "awesomeSecretPassword"
|
||||
}, format: :json
|
||||
|
||||
expect(response).to be_success
|
||||
expect(JSON.parse(response.body)["message"]).to eq(I18n.t('password_reset.no_token'))
|
||||
expect(session[:current_user_id]).to be_blank
|
||||
end
|
||||
end
|
||||
|
||||
context 'valid token' do
|
||||
|
|
Loading…
Reference in New Issue
Block a user