pkarman · November 15, 2016 16:39
diff --git a/password-fix.rb b/password-fix.rb
 diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/users/passwords_controller.rb
 index 9ac362b..b2cfe93 100644
 --- a/app/controllers/users/passwords_controller.rb
 +++ b/app/controllers/users/passwords_controller.rb
 @@ -46,11 +46,15 @@ module Users
     protected
 
     def token_user(params)
 -      @_token_user ||= User.with_reset_password_token(params[:reset_password_token])
 +      @_token_user ||= find_user_with_token(params[:reset_password_token])
     end
 
     def build_user
 -      User.new(reset_password_token: params[:reset_password_token])
 +      User.new(reset_password_token: reset_password_token_param)
 +    end
 +
 +    def reset_password_token_param
 +      params[:reset_password_token] || user_params[:reset_password_token]
     end
 
     def handle_successful_password_reset
 @@ -87,5 +91,11 @@ module Users
     def downcased_email
       params[:user][:email].downcase
     end
 +
 +    private
 +
 +    def find_user_with_token(token)
 +      User.with_reset_password_token(token) || User.find_by(reset_password_token: token)
 +    end
   end
 end
 diff --git a/spec/features/visitors/password_recovery_spec.rb b/spec/features/visitors/password_recovery_spec.rb
 index f9ba692..0ceaf9d 100644
 --- a/spec/features/visitors/password_recovery_spec.rb
 +++ b/spec/features/visitors/password_recovery_spec.rb
 @@ -263,6 +263,18 @@ feature 'Password Recovery' do
       signin(@user.email, '1234')
       expect(current_path).to eq new_user_session_path
     end
 +
 +    it 'allows multiple attempts with invalid password' do
 +      fill_in t('forms.passwords.edit.label.password'), with: '1234'
 +      click_button t('forms.passwords.edit.buttons.submit')
 +
 +      expect(page).to have_content 'is too short'
 +
 +      fill_in t('forms.passwords.edit.label.password'), with: '5678'
 +      click_button t('forms.passwords.edit.buttons.submit')
 +
 +      expect(page).to have_content 'is too short'
 +    end
   end
 
   scenario 'user takes too long to click the reset password link' do
	diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/users/passwords_controller.rb
	index 9ac362b..b2cfe93 100644
	--- a/app/controllers/users/passwords_controller.rb
	+++ b/app/controllers/users/passwords_controller.rb
	@@ -46,11 +46,15 @@ module Users
	protected

	def token_user(params)
	- @_token_user \|\|= User.with_reset_password_token(params[:reset_password_token])
	+ @_token_user \|\|= find_user_with_token(params[:reset_password_token])
	end

	def build_user
	- User.new(reset_password_token: params[:reset_password_token])
	+ User.new(reset_password_token: reset_password_token_param)
	+ end
	+
	+ def reset_password_token_param
	+ params[:reset_password_token] \|\| user_params[:reset_password_token]
	end

	def handle_successful_password_reset
	@@ -87,5 +91,11 @@ module Users
	def downcased_email
	params[:user][:email].downcase
	end
	+
	+ private
	+
	+ def find_user_with_token(token)
	+ User.with_reset_password_token(token) \|\| User.find_by(reset_password_token: token)
	+ end
	end
	end
	diff --git a/spec/features/visitors/password_recovery_spec.rb b/spec/features/visitors/password_recovery_spec.rb
	index f9ba692..0ceaf9d 100644
	--- a/spec/features/visitors/password_recovery_spec.rb
	+++ b/spec/features/visitors/password_recovery_spec.rb
	@@ -263,6 +263,18 @@ feature 'Password Recovery' do
	signin(@user.email, '1234')
	expect(current_path).to eq new_user_session_path
	end
	+
	+ it 'allows multiple attempts with invalid password' do
	+ fill_in t('forms.passwords.edit.label.password'), with: '1234'
	+ click_button t('forms.passwords.edit.buttons.submit')
	+
	+ expect(page).to have_content 'is too short'
	+
	+ fill_in t('forms.passwords.edit.label.password'), with: '5678'
	+ click_button t('forms.passwords.edit.buttons.submit')
	+
	+ expect(page).to have_content 'is too short'
	+ end
	end

	scenario 'user takes too long to click the reset password link' do
No results found