Allow admins to reset an user's password through the admin panel

aitbw · aitbw · commit 300bffc6f627 · 2019-08-31T13:53:28.000-04:00
diff --git a/app/overrides/spree/admin/users/edit/_add_reset_password_form.html.erb.deface b/app/overrides/spree/admin/users/edit/_add_reset_password_form.html.erb.deface
@@ -0,0 +1,20 @@
+<!--
+  insert_before "fieldset#admin_user_edit_api_key"
+  original "904c52ff702412d1dc8d55ff44d87d7f581f6675"
+-->
+
+<% if @user != try_spree_current_user %>
+  <fieldset class="no-border-bottom" data-hook="admin_user_reset_password">
+    <legend><%= t(:'spree.forgot_password') %></legend>
+
+    <%= form_for [:admin, @user], as: :spree_user, url: admin_reset_password_path, method: :post do |f| %>
+      <%= f.hidden_field :email, value: @user.email %>
+
+      <% if can?(:update, @user) %>
+        <div class="align-center">
+          <%= f.submit Spree.user_class.human_attribute_name(:reset_password), class: "button primary" %>
+        </div>
+      <% end %>
+    <% end %>
+  </fieldset>
+<% end %>
diff --git a/lib/controllers/backend/spree/admin/user_passwords_controller.rb b/lib/controllers/backend/spree/admin/user_passwords_controller.rb
@@ -25,7 +25,7 @@ def create
     set_flash_message(:notice, :send_instructions) if is_navigational_format?
 
     if resource.errors.empty?
-      respond_with resource, location: spree.admin_login_path
+      respond_with resource, location: admin_user_path(resource)
     else
       respond_with_navigational(resource) { render :new }
     end
diff --git a/spec/features/admin/password_reset_spec.rb b/spec/features/admin/password_reset_spec.rb
@@ -34,4 +34,43 @@
   def fill_in_email
     fill_in 'Email', with: 'foobar@example.com'
   end
+
+  context 'password management' do
+    let!(:admin) do
+      create(:admin_user,
+        email: 'admin@example.com',
+        password: 'secret',
+        password_confirmation: 'secret'
+      )
+    end
+
+    let!(:user) do
+      create(:user,
+        email: 'user@example.com',
+        password: 'test123',
+        password_confirmation: 'test123'
+      )
+    end
+
+    before do
+      visit spree.admin_login_path
+      fill_in 'Email', with: admin.email
+      fill_in 'Password', with: admin.password
+      click_button 'Login'
+      visit spree.admin_users_path
+    end
+
+    context 'if currently logged-in admin' do
+      context "clicks on an user's page" do
+        it 'can reset its password' do
+          within("#spree_user_#{user.id}") do
+            click_link user.email
+          end
+
+          click_button 'Reset password'
+          expect(page).to have_content 'You will receive an email with instructions on how to reset your password in a few minutes.'
+        end
+      end
+    end
+  end
 end
