You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
User can only change password if he also can give an OTP
following testcase pass green
Class User
def change_password(params)
update_with_otp_and_password(params)
end
factory :user do
email { "testuser@mail.com" }
password { "12345678" }
otp_secret { "6fmq4ppm2eabwuphlrlskwae" }
end
describe "change password" do
before do
user.save
end
it "can change the password (without OTP)" do
params = {current_password: "12345678", password: "aaaaaaaa", password_confirmation: "aaaaaaaa"}
user.change_password(params)
user.reload
user.wont_be :valid_password?, "12345678"
user.must_be :valid_password?, "aaaaaaaa"
end
it "can't change the password with wrong OTP" do
user.update(otp_required_for_login: true)
params = {current_password: "12345678", password: "aaaaaaaa", password_confirmation: "aaaaaaaa", otp_attempt: "faulty OTP"}
user.change_password(params)
user.errors[:otp_attempt].must_equal ["is invalid"]
end
it "can't change the password without OTP" do
user.update(otp_required_for_login: true)
params = {current_password: "12345678", password: "aaaaaaaa", password_confirmation: "aaaaaaaa"}
user.change_password(params)
user.errors[:otp_attempt].must_equal ["can't be blank"]
end
it "can change the password with correct OTP" do
user.must_be :valid_password?, "12345678"
user.update(otp_required_for_login: true)
params = {current_password: "12345678", password: "aaaaaaaa", password_confirmation: "aaaaaaaa"}
user.change_password( params.merge(otp_attempt: user.current_otp) )
user.reload
user.wont_be :valid_password?, "12345678"
user.must_be :valid_password?, "aaaaaaaa"
end
end
checking an OTP to perform update method on the model
now the question is: does this OTP needs to be consumed?i made it also consuming the OTP
pull request: #148
The text was updated successfully, but these errors were encountered: