diff options
Diffstat (limited to 'internal/processing/user/changepassword_test.go')
| -rw-r--r-- | internal/processing/user/changepassword_test.go | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/internal/processing/user/changepassword_test.go b/internal/processing/user/changepassword_test.go new file mode 100644 index 000000000..2687eae10 --- /dev/null +++ b/internal/processing/user/changepassword_test.go @@ -0,0 +1,74 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +package user_test + +import ( + "context" + "net/http" + "testing" + + "github.com/stretchr/testify/suite" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" + "golang.org/x/crypto/bcrypt" +) + +type ChangePasswordTestSuite struct { + UserStandardTestSuite +} + +func (suite *ChangePasswordTestSuite) TestChangePasswordOK() { + user := suite.testUsers["local_account_1"] + + errWithCode := suite.user.ChangePassword(context.Background(), user, "password", "verygoodnewpassword") + suite.NoError(errWithCode) + + err := bcrypt.CompareHashAndPassword([]byte(user.EncryptedPassword), []byte("verygoodnewpassword")) + suite.NoError(err) + + // get user from the db again + dbUser := >smodel.User{} + err = suite.db.GetByID(context.Background(), user.ID, dbUser) + suite.NoError(err) + + // check the password has changed + err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("verygoodnewpassword")) + suite.NoError(err) +} + +func (suite *ChangePasswordTestSuite) TestChangePasswordIncorrectOld() { + user := suite.testUsers["local_account_1"] + + errWithCode := suite.user.ChangePassword(context.Background(), user, "ooooopsydoooopsy", "verygoodnewpassword") + suite.EqualError(errWithCode, "crypto/bcrypt: hashedPassword is not the hash of the given password") + suite.Equal(http.StatusBadRequest, errWithCode.Code()) + suite.Equal("bad request: old password did not match", errWithCode.Safe()) +} + +func (suite *ChangePasswordTestSuite) TestChangePasswordWeakNew() { + user := suite.testUsers["local_account_1"] + + errWithCode := suite.user.ChangePassword(context.Background(), user, "password", "1234") + suite.EqualError(errWithCode, "insecure password, try including more special characters, using lowercase letters, using uppercase letters or using a longer password") + suite.Equal(http.StatusBadRequest, errWithCode.Code()) + suite.Equal("bad request: insecure password, try including more special characters, using lowercase letters, using uppercase letters or using a longer password", errWithCode.Safe()) +} + +func TestChangePasswordTestSuite(t *testing.T) { + suite.Run(t, &ChangePasswordTestSuite{}) +} |