2021-06-23 11:36:09 +02:00
|
|
|
package auth
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/google/uuid"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
|
|
|
|
"dev.sum7.eu/genofire/golang-lib/web"
|
|
|
|
"dev.sum7.eu/genofire/golang-lib/web/webtest"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestAPIPasswordCode(t *testing.T) {
|
|
|
|
assert := assert.New(t)
|
2021-07-19 17:59:08 +02:00
|
|
|
s, err := webtest.NewWithDBSetup(apiPasswordCode, SetupMigration)
|
2021-06-28 13:59:27 +02:00
|
|
|
assert.NoError(err)
|
2021-06-25 12:22:19 +02:00
|
|
|
defer s.Close()
|
2021-06-23 11:36:09 +02:00
|
|
|
assert.NotNil(s)
|
|
|
|
|
|
|
|
forgetCode := uuid.New()
|
|
|
|
passwordCurrent := "CHANGEME"
|
|
|
|
passwordNew := "test"
|
|
|
|
|
|
|
|
s.DB.DB.Model(&User{ID: TestUser1ID}).Update("forget_code", forgetCode)
|
|
|
|
|
|
|
|
hErr := web.HTTPError{}
|
|
|
|
// invalid
|
2021-06-28 13:59:27 +02:00
|
|
|
err = s.Request(http.MethodPost, "/api/v1/auth/password/code", &passwordNew, http.StatusBadRequest, &hErr)
|
2021-06-28 12:14:20 +02:00
|
|
|
assert.NoError(err)
|
2021-06-23 11:36:09 +02:00
|
|
|
assert.Equal(web.APIErrorInvalidRequestFormat, hErr.Message)
|
|
|
|
|
|
|
|
res := ""
|
|
|
|
// set new password
|
2021-06-28 12:14:20 +02:00
|
|
|
err = s.Request(http.MethodPost, "/api/v1/auth/password/code", &PasswordWithForgetCode{
|
2021-06-23 11:36:09 +02:00
|
|
|
ForgetCode: forgetCode,
|
|
|
|
Password: passwordNew,
|
|
|
|
}, http.StatusOK, &res)
|
2021-06-28 12:14:20 +02:00
|
|
|
assert.NoError(err)
|
2021-06-23 11:36:09 +02:00
|
|
|
assert.Equal("admin", res)
|
|
|
|
|
|
|
|
hErr = web.HTTPError{}
|
|
|
|
// set password without code
|
2021-06-28 12:14:20 +02:00
|
|
|
err = s.Request(http.MethodPost, "/api/v1/auth/password/code", &PasswordWithForgetCode{
|
2021-06-23 11:36:09 +02:00
|
|
|
ForgetCode: forgetCode,
|
|
|
|
Password: passwordCurrent,
|
|
|
|
}, http.StatusBadRequest, &hErr)
|
2021-06-28 12:14:20 +02:00
|
|
|
assert.NoError(err)
|
2021-06-23 11:36:09 +02:00
|
|
|
assert.Equal(APIErrorUserNotFound, hErr.Message)
|
|
|
|
|
|
|
|
forgetCode = uuid.New()
|
|
|
|
s.DB.DB.Model(&User{ID: TestUser1ID}).Update("forget_code", forgetCode)
|
|
|
|
|
|
|
|
res = ""
|
|
|
|
// set old password
|
2021-06-28 12:14:20 +02:00
|
|
|
err = s.Request(http.MethodPost, "/api/v1/auth/password/code", &PasswordWithForgetCode{
|
2021-06-23 11:36:09 +02:00
|
|
|
ForgetCode: forgetCode,
|
|
|
|
Password: passwordCurrent,
|
|
|
|
}, http.StatusOK, &res)
|
2021-06-28 12:14:20 +02:00
|
|
|
assert.NoError(err)
|
2021-06-23 11:36:09 +02:00
|
|
|
assert.Equal("admin", res)
|
|
|
|
}
|