GRN2-233: Made account activation & password reset links based on tokens only (#959)

* GRN2-233: Hiding email in verification link and password reset link

* updating tests

* removing uid from email verificaiton link

* GRN2-233: modifying test cases

* GRN2-233: Removing uid from password reset link

* GRN2-233: Removed email_params and fixed "authenticated?" method

* GRN2-233: Fixed error when trying to sign in unverified

* GRN2-233: Changed how activation tokens are generated

spec/controllers/password_resets_controller_spec.rb

@@ -116,18 +116,14 @@ describe PasswordResetsController, type: :controller do
 
       it "updates attributes if the password update is a success" do
         user = create(:user, provider: "greenlight")
-        token = "reset_token"
-
-        cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST : BCrypt::Engine.cost
-        user.reset_digest = BCrypt::Password.create(token, cost: cost)
+        user.create_reset_digest
+        old_digest = user.password_digest
 
         allow(controller).to receive(:valid_user).and_return(nil)
         allow(controller).to receive(:check_expiration).and_return(nil)
-        controller.instance_variable_set(:@user, user)
 
         params = {
-          id: token,
-          email: user.email,
+          id: user.reset_token,
           user: {
             password: :password,
             password_confirmation: :password,
@@ -135,6 +131,10 @@ describe PasswordResetsController, type: :controller do
         }
 
         patch :update, params: params
+
+        user.reload
+
+        expect(old_digest.eql?(user.password_digest)).to be false
         expect(response).to redirect_to(root_path)
       end
     end