fix the set-password form for new (admin-created) users

2024-11-07 20:31:06 -05:00 · 2017-02-06 14:58:54 +00:00 · 2017-02-06 14:58:54 +00:00 · 7d5dc34b3e
commit 7d5dc34b3e
parent b1e97b8241
2 changed files with 26 additions and 12 deletions
--- a/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee
+++ b/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee
@ -53,7 +53,12 @@ module.exports =
 					if req.body.login_after
 						UserGetter.getUser user_id, {email: 1}, (err, user) ->
 							return next(err) if err?
-							AuthenticationController.doLogin {email:user.email, password: password}, req, res, next
+							# AuthenticationController.doLogin {email:user.email, password: password}, req, res, next
+							AuthenticationController.afterLoginSessionSetup req, user, (err) ->
+								if err?
+									logger.err {err, email: user.email}, "Error setting up session after setting password"
+									return next(err)
+								res.json {redir: AuthenticationController._getRedirectFromSession(req) || "/project"}
 					else
 						res.sendStatus 200
 			else
--- a/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetControllerTests.coffee
+++ b/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetControllerTests.coffee
@ -145,18 +145,27 @@ describe "PasswordResetController", ->
 				done()
 			@PasswordResetController.setNewUserPassword @req, @res

-		it "should login user if login_after is set", (done) ->
-			@UserGetter.getUser = sinon.stub().callsArgWith(2, null, { email: "joe@example.com" })
-			@PasswordResetHandler.setNewUserPassword.callsArgWith(2, null, true, @user_id = "user-id-123")
-			@req.body.login_after = "true"
-			@AuthenticationController.doLogin = (options, req, res, next)=>
-				@UserGetter.getUser.calledWith(@user_id).should.equal true
-				expect(options).to.deep.equal {
-					email: "joe@example.com",
-					password: @password
-				}
+		describe 'when login_after is set', ->
+
+			beforeEach ->
+				@UserGetter.getUser = sinon.stub().callsArgWith(2, null, { email: "joe@example.com" })
+				@PasswordResetHandler.setNewUserPassword.callsArgWith(2, null, true, @user_id = "user-id-123")
+				@req.body.login_after = "true"
+				@res.json = sinon.stub()
+				@AuthenticationController.afterLoginSessionSetup = sinon.stub().callsArgWith(2, null)
+				@AuthenticationController._getRedirectFromSession = sinon.stub().returns('/some/path')
+
+			it "should login user if login_after is set", (done) ->
+				@PasswordResetController.setNewUserPassword @req, @res
+				@AuthenticationController.afterLoginSessionSetup.callCount.should.equal 1
+				@AuthenticationController.afterLoginSessionSetup.calledWith(
+					@req,
+					{email: 'joe@example.com'}
+				).should.equal true
+				@AuthenticationController._getRedirectFromSession.callCount.should.equal 1
+				@res.json.callCount.should.equal 1
+				@res.json.calledWith({redir: '/some/path'}).should.equal true
 				done()
-			@PasswordResetController.setNewUserPassword @req, @res

 	describe "renderSetPasswordForm", ->