From 107685e22e809123a31e6518249d14888767f0fe Mon Sep 17 00:00:00 2001 From: tobi <31960611+tsmethurst@users.noreply.github.com> Date: Thu, 14 Oct 2021 14:26:04 +0200 Subject: User password change (#280) * start passwordChangeHandler * add user scope * add user module / api path * add password change request * make comment clearer * add user to processor * required true * add processor call to handler * don't pass tc or channel * change password func + tests * add some first docs about password management * update swagger docs * add api tests * go fmt * test fixes --- internal/processing/user/changepassword_test.go | 74 +++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 internal/processing/user/changepassword_test.go (limited to 'internal/processing/user/changepassword_test.go') diff --git a/internal/processing/user/changepassword_test.go b/internal/processing/user/changepassword_test.go new file mode 100644 index 000000000..2687eae10 --- /dev/null +++ b/internal/processing/user/changepassword_test.go @@ -0,0 +1,74 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package user_test + +import ( + "context" + "net/http" + "testing" + + "github.com/stretchr/testify/suite" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" + "golang.org/x/crypto/bcrypt" +) + +type ChangePasswordTestSuite struct { + UserStandardTestSuite +} + +func (suite *ChangePasswordTestSuite) TestChangePasswordOK() { + user := suite.testUsers["local_account_1"] + + errWithCode := suite.user.ChangePassword(context.Background(), user, "password", "verygoodnewpassword") + suite.NoError(errWithCode) + + err := bcrypt.CompareHashAndPassword([]byte(user.EncryptedPassword), []byte("verygoodnewpassword")) + suite.NoError(err) + + // get user from the db again + dbUser := >smodel.User{} + err = suite.db.GetByID(context.Background(), user.ID, dbUser) + suite.NoError(err) + + // check the password has changed + err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("verygoodnewpassword")) + suite.NoError(err) +} + +func (suite *ChangePasswordTestSuite) TestChangePasswordIncorrectOld() { + user := suite.testUsers["local_account_1"] + + errWithCode := suite.user.ChangePassword(context.Background(), user, "ooooopsydoooopsy", "verygoodnewpassword") + suite.EqualError(errWithCode, "crypto/bcrypt: hashedPassword is not the hash of the given password") + suite.Equal(http.StatusBadRequest, errWithCode.Code()) + suite.Equal("bad request: old password did not match", errWithCode.Safe()) +} + +func (suite *ChangePasswordTestSuite) TestChangePasswordWeakNew() { + user := suite.testUsers["local_account_1"] + + errWithCode := suite.user.ChangePassword(context.Background(), user, "password", "1234") + suite.EqualError(errWithCode, "insecure password, try including more special characters, using lowercase letters, using uppercase letters or using a longer password") + suite.Equal(http.StatusBadRequest, errWithCode.Code()) + suite.Equal("bad request: insecure password, try including more special characters, using lowercase letters, using uppercase letters or using a longer password", errWithCode.Safe()) +} + +func TestChangePasswordTestSuite(t *testing.T) { + suite.Run(t, &ChangePasswordTestSuite{}) +} -- cgit v1.2.3