(t *testing.T)
| 541 | } |
| 542 | |
| 543 | func TestResetPassword(t *testing.T) { |
| 544 | t.Run("success", func(t *testing.T) { |
| 545 | db := testutils.InitMemoryDB(t) |
| 546 | |
| 547 | // Setup |
| 548 | a := app.NewTest() |
| 549 | a.Clock = clock.NewMock() |
| 550 | a.DB = db |
| 551 | server := MustNewServer(t, &a) |
| 552 | defer server.Close() |
| 553 | |
| 554 | u := testutils.SetupUserData(db, "alice@example.com", "oldpassword") |
| 555 | tok := database.Token{ |
| 556 | UserID: u.ID, |
| 557 | Value: "MivFxYiSMMA4An9dP24DNQ==", |
| 558 | Type: database.TokenTypeResetPassword, |
| 559 | } |
| 560 | testutils.MustExec(t, db.Save(&tok), "preparing token") |
| 561 | |
| 562 | s1 := database.Session{ |
| 563 | Key: "some-session-key-1", |
| 564 | UserID: u.ID, |
| 565 | ExpiresAt: time.Now().Add(time.Hour * 10 * 24), |
| 566 | } |
| 567 | testutils.MustExec(t, db.Save(&s1), "preparing user session 1") |
| 568 | |
| 569 | s2 := &database.Session{ |
| 570 | Key: "some-session-key-2", |
| 571 | UserID: u.ID, |
| 572 | ExpiresAt: time.Now().Add(time.Hour * 10 * 24), |
| 573 | } |
| 574 | testutils.MustExec(t, db.Save(&s2), "preparing user session 2") |
| 575 | |
| 576 | anotherUser := testutils.SetupUserData(db, "bob@example.com", "password123") |
| 577 | testutils.MustExec(t, db.Save(&database.Session{ |
| 578 | Key: "some-session-key-3", |
| 579 | UserID: anotherUser.ID, |
| 580 | ExpiresAt: time.Now().Add(time.Hour * 10 * 24), |
| 581 | }), "preparing anotherUser session 1") |
| 582 | |
| 583 | // Execute |
| 584 | dat := url.Values{} |
| 585 | dat.Set("token", "MivFxYiSMMA4An9dP24DNQ==") |
| 586 | dat.Set("password", "newpassword") |
| 587 | dat.Set("password_confirmation", "newpassword") |
| 588 | req := testutils.MakeFormReq(server.URL, "PATCH", "/password-reset", dat) |
| 589 | |
| 590 | res := testutils.HTTPDo(t, req) |
| 591 | |
| 592 | // Test |
| 593 | assert.StatusCodeEquals(t, res, http.StatusFound, "Status code mismatch") |
| 594 | |
| 595 | var resetToken database.Token |
| 596 | var user database.User |
| 597 | testutils.MustExec(t, db.Where("value = ?", "MivFxYiSMMA4An9dP24DNQ==").First(&resetToken), "finding reset token") |
| 598 | testutils.MustExec(t, db.Where("id = ?", u.ID).First(&user), "finding account") |
| 599 | |
| 600 | assert.NotEqual(t, resetToken.UsedAt, nil, "reset_token UsedAt mismatch") |
nothing calls this directly
no test coverage detected