From 6304fe44ec9b034917201db2e1bacb83d82cdeae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rub=C3=A9n=20D=C3=A1vila?= <ruben@gitlab.com>
Date: Sun, 31 Dec 2017 00:08:15 -0500
Subject: Allow logged in user to change his password

Users were unable to change their password through the "Reset password"
link that was sent to their email if they were logged in. This is due to
a default controller filter from Devise that requires the user to not be
logged in in order to use this link.
---
 spec/features/password_reset_spec.rb | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'spec/features/password_reset_spec.rb')

diff --git a/spec/features/password_reset_spec.rb b/spec/features/password_reset_spec.rb
index b45972b7f6b..73a526c3d8a 100644
--- a/spec/features/password_reset_spec.rb
+++ b/spec/features/password_reset_spec.rb
@@ -33,6 +33,25 @@ feature 'Password reset' do
     end
   end
 
+  describe 'Changing password while logged in' do
+    it 'updates the password' do
+      user = create(:user)
+      token = user.send_reset_password_instructions
+
+      sign_in(user)
+
+      visit(edit_user_password_path(reset_password_token: token))
+
+      fill_in 'New password', with: 'hello1234'
+      fill_in 'Confirm new password', with: 'hello1234'
+
+      click_button 'Change your password'
+
+      expect(page).to have_content(I18n.t('devise.passwords.updated_not_active'))
+      expect(current_path).to eq new_user_session_path
+    end
+  end
+
   def forgot_password(user)
     visit root_path
     click_on 'Forgot your password?'
-- 
cgit v1.2.3