Extract password view setup behaviors from shared email confirmation behavior

app/controllers/concerns/unconfirmed_user_concern.rb

@@ -46,10 +46,6 @@ def email_confirmation_token_validator
 
   def process_valid_confirmation_token
     @confirmation_token = params[:confirmation_token]
-    @forbidden_passwords = @user.email_addresses.flat_map do |email_address|
-      ForbiddenPasswords.new(email_address.email).call
-    end
-    flash.now[:success] = t('devise.confirmations.confirmed_but_must_set_password')
     session[:user_confirmation_token] = @confirmation_token
   end
 

app/controllers/sign_up/passwords_controller.rb

@@ -11,7 +11,9 @@ class PasswordsController < ApplicationController
 
     def new
       password_form # Memoize the password form to use in the view
-      process_successful_confirmation
+      process_valid_confirmation_token
+      flash.now[:success] = t('devise.confirmations.confirmed_but_must_set_password')
+      @forbidden_passwords = forbidden_passwords
     end
 
     def create
@@ -28,17 +30,10 @@ def create
 
     private
 
-    def process_successful_confirmation
-      process_valid_confirmation_token
-      render_page
-    end
-
-    def render_page
-      render(
-        :new,
-        locals: { confirmation_token: @confirmation_token },
-        formats: :html,
-      )
+    def forbidden_passwords
+      @user.email_addresses.flat_map do |email_address|
+        ForbiddenPasswords.new(email_address.email).call
+      end
     end
 
     def track_analytics(result)

spec/controllers/sign_up/passwords_controller_spec.rb

@@ -3,6 +3,47 @@
 RSpec.describe SignUp::PasswordsController do
   let(:token) { 'new token' }
 
+  describe '#new' do
+    let!(:user) { create(:user, :unconfirmed, confirmation_token: token) }
+    subject(:response) { get :new, params: { confirmation_token: token } }
+
+    it 'flashes a message informing the user that they need to set a password' do
+      response
+
+      expect(flash.now[:success]).to eq(t('devise.confirmations.confirmed_but_must_set_password'))
+    end
+
+    it 'processes valid token' do
+      expect(controller).to receive(:process_valid_confirmation_token)
+
+      response
+    end
+
+    it 'assigns variables expected to be available in the view' do
+      response
+
+      expect(assigns(:password_form)).to be_instance_of(PasswordForm)
+      expect(assigns(:email_address)).to be_instance_of(EmailAddress)
+      expect(assigns(:forbidden_passwords)).to be_present.and all be_kind_of(String)
+      expect(assigns(:confirmation_token)).to be_kind_of(String)
+    end
+
+    context 'with invalid confirmation_token' do
+      let!(:user) do
+        create(
+          :user,
+          :unconfirmed,
+          confirmation_token: token,
+          confirmation_sent_at: (IdentityConfig.store.add_email_link_valid_for_hours + 1).hours.ago,
+        )
+      end
+
+      it 'redirects to sign up page' do
+        expect(response).to redirect_to(sign_up_register_url)
+      end
+    end
+  end
+
   describe '#create' do
     subject(:response) { post :create, params: params }
     let(:params) do
@@ -143,22 +184,4 @@
       end
     end
   end
-
-  describe '#new' do
-    render_views
-
-    it 'rejects when confirmation_token is invalid' do
-      invalid_confirmation_sent_at =
-        Time.zone.now - (IdentityConfig.store.add_email_link_valid_for_hours.hours.in_seconds + 1)
-      create(
-        :user,
-        :unconfirmed,
-        confirmation_token: token,
-        confirmation_sent_at: invalid_confirmation_sent_at,
-      )
-
-      get :new, params: { confirmation_token: token }
-      expect(response).to redirect_to(sign_up_register_url)
-    end
-  end
 end