Merge pull request #4796 from pepetorres1998/4773-reset-password-and-…

…invitation-expiry Resolves #4773: Reset password and invitation expiry
rubyforgood · Nov 29, 2024 · 6322688 · 6322688
2 parents c9fad26 + 7de90b8
commit 6322688
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 8 deletions.
diff --git a/app/views/users/mailer/invitation_instructions.html.erb b/app/views/users/mailer/invitation_instructions.html.erb
@@ -374,7 +374,6 @@
                     <% if @resource.invitation_due_at %>
                       <p><%= t("devise.mailer.invitation_instructions.accept_until", due_date: l(@resource.invitation_due_at, format: :'devise.mailer.invitation_instructions.accept_until_format')) %></p>
                     <% end %>
-                    <p>For security reasons these invitations expire. This invitation will expire in 8 hours or if a new password reset is triggered.</p>
                     <p>If your invitation has an expired message, go <%= link_to "here", new_user_password_url %> and enter your email address to reset your password.</p>
                     <p>Feel free to ignore this email if you are not interested or if you feel it was sent by mistake.</p>
                   </td>

diff --git a/app/views/users/mailer/reset_password_instructions.html.erb b/app/views/users/mailer/reset_password_instructions.html.erb
@@ -6,7 +6,7 @@
 
 <p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %></p>
 
-<p>For security reasons these invitations expire. This invitation will expire in 8 hours or if a new password reset is triggered.</p>
+<p>For security reasons these invitations expire. This invitation will expire in 6 hours or if a new password reset is triggered.</p>
 <p>If your invitation has an expired message, go <%= link_to "here", new_user_password_url %> and enter your email address to reset your password.</p>
 <p>If you didn't request this, please ignore this email.</p>
 <p>Your password won't change until you access the link above and create a new one.</p>
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -120,7 +120,7 @@
   # The period the generated invitation token is valid, after
   # this period, the invited resource won't be able to accept the invitation.
   # When invite_for is 0 (the default), the invitation won't expire.
-  # config.invite_for = 2.weeks
+  config.invite_for = 2.weeks
 
   # Number of invitations users can send.
   # - If invitation_limit is nil, there is no limit for invitations, users can

diff --git a/config/locales/devise_invitable.en.yml b/config/locales/devise_invitable.en.yml
@@ -21,7 +21,7 @@ en:
         hello: "Hello %{email}"
         someone_invited_you: "Someone has invited you to %{url}, you can accept it through the link below."
         accept: "Accept invitation"
-        accept_until: "This invitation will be due in %{due_date}."
+        accept_until: "This invitation will expire at %{due_date} GMT or if a new password reset is triggered."
         ignore: "If you don't want to accept the invitation, please ignore this email.<br />\nYour account won't be created until you access the link above and set your password."
   time:
     formats:

diff --git a/spec/mailers/custom_devise_mailer_spec.rb b/spec/mailers/custom_devise_mailer_spec.rb
@@ -34,15 +34,21 @@
     end
 
     context "when user is invited" do
-      let(:user) { create(:user) }
+      let(:invitation_sent_at) { Time.zone.now }
+      let(:user) { create(:user, invitation_sent_at: invitation_sent_at) }
 
       it "invites to user" do
         expect(mail.subject).to eq("Your Human Essentials App Account Approval")
         expect(mail.html_part.body).to include("Your request has been approved and you're invited to become an user of the Human Essentials inventory management system!")
       end
 
-      it "has invite expiration message" do
-        expect(mail.html_part.body).to include("For security reasons these invitations expire. This invitation will expire in 8 hours or if a new password reset is triggered.")
+      it "has invite expiration message and reset instructions" do
+        expect(mail.html_part.body).to include("This invitation will expire at #{user.invitation_due_at.strftime("%B %d, %Y %I:%M %p")} GMT or if a new password reset is triggered.")
+      end
+
+      it "has reset instructions" do
+        expect(mail.html_part.body).to match(%r{<p>If your invitation has an expired message, go <a href="http://.+?/users/password/new">here</a> and enter your email address to reset your password.</p>})
+        expect(mail.html_part.body).to include("Feel free to ignore this email if you are not interested or if you feel it was sent by mistake.")
       end
     end
   end

diff --git a/spec/mailers/user_mailer_spec.rb b/spec/mailers/user_mailer_spec.rb
@@ -22,7 +22,7 @@
       let(:mail) { ActionMailer::Base.deliveries.last }
 
       it "sends an email with instructions" do
-        expect(mail.body.encoded).to include("For security reasons these invitations expire. This invitation will expire in 8 hours or if a new password reset is triggered.")
+        expect(mail.body.encoded).to include("For security reasons these invitations expire. This invitation will expire in 6 hours or if a new password reset is triggered.")
       end
     end
   end