diff options
Diffstat (limited to 'internal/api/client/user/passwordchange_test.go')
| -rw-r--r-- | internal/api/client/user/passwordchange_test.go | 122 |
1 files changed, 36 insertions, 86 deletions
diff --git a/internal/api/client/user/passwordchange_test.go b/internal/api/client/user/passwordchange_test.go index b820696b5..8a741f96c 100644 --- a/internal/api/client/user/passwordchange_test.go +++ b/internal/api/client/user/passwordchange_test.go @@ -19,18 +19,13 @@ package user_test import ( "context" - "fmt" - "io/ioutil" + "io" "net/http" - "net/http/httptest" - "net/url" "testing" "github.com/stretchr/testify/suite" "github.com/superseriousbusiness/gotosocial/internal/api/client/user" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" - "github.com/superseriousbusiness/gotosocial/internal/oauth" - "github.com/superseriousbusiness/gotosocial/testrig" "golang.org/x/crypto/bcrypt" ) @@ -39,29 +34,20 @@ type PasswordChangeTestSuite struct { } func (suite *PasswordChangeTestSuite) TestPasswordChangePOST() { - t := suite.testTokens["local_account_1"] - oauthToken := oauth.DBTokenToToken(t) - - recorder := httptest.NewRecorder() - ctx, _ := testrig.CreateGinTestContext(recorder, nil) - ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) - ctx.Set(oauth.SessionAuthorizedToken, oauthToken) - ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) - ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) - ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", user.PasswordChangePath), nil) - ctx.Request.Header.Set("accept", "application/json") - ctx.Request.Form = url.Values{ + response, code := suite.POST(user.PasswordChangePath, map[string][]string{ "old_password": {"password"}, "new_password": {"peepeepoopoopassword"}, - } - suite.userModule.PasswordChangePOSTHandler(ctx) + }, suite.userModule.PasswordChangePOSTHandler) + defer response.Body.Close() - // check response - suite.EqualValues(http.StatusOK, recorder.Code) + // Check response + suite.EqualValues(http.StatusOK, code) dbUser := >smodel.User{} err := suite.db.GetByID(context.Background(), suite.testUsers["local_account_1"].ID, dbUser) - suite.NoError(err) + if err != nil { + suite.FailNow(err.Error()) + } // new password should pass err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("peepeepoopoopassword")) @@ -73,85 +59,49 @@ func (suite *PasswordChangeTestSuite) TestPasswordChangePOST() { } func (suite *PasswordChangeTestSuite) TestPasswordMissingOldPassword() { - t := suite.testTokens["local_account_1"] - oauthToken := oauth.DBTokenToToken(t) - - recorder := httptest.NewRecorder() - ctx, _ := testrig.CreateGinTestContext(recorder, nil) - ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) - ctx.Set(oauth.SessionAuthorizedToken, oauthToken) - ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) - ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) - ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", user.PasswordChangePath), nil) - ctx.Request.Header.Set("accept", "application/json") - ctx.Request.Form = url.Values{ + response, code := suite.POST(user.PasswordChangePath, map[string][]string{ "new_password": {"peepeepoopoopassword"}, + }, suite.userModule.PasswordChangePOSTHandler) + defer response.Body.Close() + + // Check response + suite.EqualValues(http.StatusBadRequest, code) + b, err := io.ReadAll(response.Body) + if err != nil { + suite.FailNow(err.Error()) } - suite.userModule.PasswordChangePOSTHandler(ctx) - - // check response - suite.EqualValues(http.StatusBadRequest, recorder.Code) - - result := recorder.Result() - defer result.Body.Close() - b, err := ioutil.ReadAll(result.Body) - suite.NoError(err) suite.Equal(`{"error":"Bad Request: password change request missing field old_password"}`, string(b)) } func (suite *PasswordChangeTestSuite) TestPasswordIncorrectOldPassword() { - t := suite.testTokens["local_account_1"] - oauthToken := oauth.DBTokenToToken(t) - - recorder := httptest.NewRecorder() - ctx, _ := testrig.CreateGinTestContext(recorder, nil) - ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) - ctx.Set(oauth.SessionAuthorizedToken, oauthToken) - ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) - ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) - ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", user.PasswordChangePath), nil) - ctx.Request.Header.Set("accept", "application/json") - ctx.Request.Form = url.Values{ + response, code := suite.POST(user.PasswordChangePath, map[string][]string{ "old_password": {"notright"}, "new_password": {"peepeepoopoopassword"}, + }, suite.userModule.PasswordChangePOSTHandler) + defer response.Body.Close() + + // Check response + suite.EqualValues(http.StatusUnauthorized, code) + b, err := io.ReadAll(response.Body) + if err != nil { + suite.FailNow(err.Error()) } - suite.userModule.PasswordChangePOSTHandler(ctx) - - // check response - suite.EqualValues(http.StatusUnauthorized, recorder.Code) - - result := recorder.Result() - defer result.Body.Close() - b, err := ioutil.ReadAll(result.Body) - suite.NoError(err) suite.Equal(`{"error":"Unauthorized: old password was incorrect"}`, string(b)) } func (suite *PasswordChangeTestSuite) TestPasswordWeakNewPassword() { - t := suite.testTokens["local_account_1"] - oauthToken := oauth.DBTokenToToken(t) - - recorder := httptest.NewRecorder() - ctx, _ := testrig.CreateGinTestContext(recorder, nil) - ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) - ctx.Set(oauth.SessionAuthorizedToken, oauthToken) - ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) - ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) - ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", user.PasswordChangePath), nil) - ctx.Request.Header.Set("accept", "application/json") - ctx.Request.Form = url.Values{ + response, code := suite.POST(user.PasswordChangePath, map[string][]string{ "old_password": {"password"}, "new_password": {"peepeepoopoo"}, + }, suite.userModule.PasswordChangePOSTHandler) + defer response.Body.Close() + + // Check response + suite.EqualValues(http.StatusBadRequest, code) + b, err := io.ReadAll(response.Body) + if err != nil { + suite.FailNow(err.Error()) } - suite.userModule.PasswordChangePOSTHandler(ctx) - - // check response - suite.EqualValues(http.StatusBadRequest, recorder.Code) - - result := recorder.Result() - defer result.Body.Close() - b, err := ioutil.ReadAll(result.Body) - suite.NoError(err) suite.Equal(`{"error":"Bad Request: password is only 94% strength, try including more special characters, using uppercase letters, using numbers or using a longer password"}`, string(b)) } |