Add User#will_save_change_to_login? to clear reset_password_tokens

Devise checks before updating any of the authentication_keys if it needs to clear the reset_password_tokens. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/42733 (Weak authentication and session management)
author: Sebastian Arcila Valenzuela <sarcila@gitlab.com> 2019-08-12 16:41:05 +0300
committer: Sebastian Arcila Valenzuela <sarcila@gitlab.com> 2019-08-21 14:05:55 +0300
commit: 5012c622405e63655256735d266168450ad1d159 (patch)
tree: ae42c0fb467ab91c73fd559a9bc56426b9574508 /spec/features
parent: d9f9904c60b1fee162d22ece4b8875fafd04b7e6 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/spec/features/profiles/user_edit_profile_spec.rb b/spec/features/profiles/user_edit_profile_spec.rb
index 1ab7742b36e..0905ab0aef8 100644
--- a/spec/features/profiles/user_edit_profile_spec.rb
+++ b/spec/features/profiles/user_edit_profile_spec.rb
@@ -49,6 +49,23 @@ describe 'User edit profile' do
     end
   end
 
+  describe 'when I change my email' do
+    before do
+      user.send_reset_password_instructions
+    end
+
+    it 'clears the reset password token' do
+      expect(user.reset_password_token?).to be true
+
+      fill_in 'user_email', with: 'new-email@example.com'
+      submit_settings
+
+      user.reload
+      expect(user.confirmation_token).not_to be_nil
+      expect(user.reset_password_token?).to be false
+    end
+  end
+
   context 'user avatar' do
     before do
       attach_file(:user_avatar, Rails.root.join('spec', 'fixtures', 'banana_sample.gif'))
author	Sebastian Arcila Valenzuela <sarcila@gitlab.com>	2019-08-12 16:41:05 +0300
committer	Sebastian Arcila Valenzuela <sarcila@gitlab.com>	2019-08-21 14:05:55 +0300
commit	5012c622405e63655256735d266168450ad1d159 (patch)
tree	ae42c0fb467ab91c73fd559a9bc56426b9574508 /spec/features
parent	d9f9904c60b1fee162d22ece4b8875fafd04b7e6 (diff)