(t *testing.T)
| 811 | } |
| 812 | |
| 813 | func TestUpdatePassword(t *testing.T) { |
| 814 | t.Run("success", func(t *testing.T) { |
| 815 | db := testutils.InitMemoryDB(t) |
| 816 | |
| 817 | // Setup |
| 818 | a := app.NewTest() |
| 819 | a.Clock = clock.NewMock() |
| 820 | a.DB = db |
| 821 | server := MustNewServer(t, &a) |
| 822 | defer server.Close() |
| 823 | |
| 824 | user := testutils.SetupUserData(db, "alice@example.com", "oldpassword") |
| 825 | |
| 826 | // Execute |
| 827 | dat := url.Values{} |
| 828 | dat.Set("old_password", "oldpassword") |
| 829 | dat.Set("new_password", "newpassword") |
| 830 | dat.Set("new_password_confirmation", "newpassword") |
| 831 | req := testutils.MakeFormReq(server.URL, "PATCH", "/account/password", dat) |
| 832 | |
| 833 | res := testutils.HTTPAuthDo(t, db, req, user) |
| 834 | |
| 835 | // Test |
| 836 | assert.StatusCodeEquals(t, res, http.StatusFound, "Status code mismsatch") |
| 837 | |
| 838 | testutils.MustExec(t, db.Where("id = ?", user.ID).First(&user), "finding account") |
| 839 | |
| 840 | passwordErr := bcrypt.CompareHashAndPassword([]byte(user.Password.String), []byte("newpassword")) |
| 841 | assert.Equal(t, passwordErr, nil, "Password mismatch") |
| 842 | }) |
| 843 | |
| 844 | t.Run("old password mismatch", func(t *testing.T) { |
| 845 | db := testutils.InitMemoryDB(t) |
| 846 | // Setup |
| 847 | a := app.NewTest() |
| 848 | a.Clock = clock.NewMock() |
| 849 | a.DB = db |
| 850 | server := MustNewServer(t, &a) |
| 851 | defer server.Close() |
| 852 | |
| 853 | u := testutils.SetupUserData(db, "alice@example.com", "oldpassword") |
| 854 | |
| 855 | // Execute |
| 856 | dat := url.Values{} |
| 857 | dat.Set("old_password", "randompassword") |
| 858 | dat.Set("new_password", "newpassword") |
| 859 | dat.Set("new_password_confirmation", "newpassword") |
| 860 | req := testutils.MakeFormReq(server.URL, "PATCH", "/account/password", dat) |
| 861 | |
| 862 | res := testutils.HTTPAuthDo(t, db, req, u) |
| 863 | |
| 864 | // Test |
| 865 | assert.StatusCodeEquals(t, res, http.StatusUnauthorized, "Status code mismsatch") |
| 866 | |
| 867 | var user database.User |
| 868 | testutils.MustExec(t, db.Where("id = ?", u.ID).First(&user), "finding account") |
| 869 | assert.Equal(t, u.Password.String, user.Password.String, "password should not have been updated") |
| 870 | }) |
nothing calls this directly
no test coverage detected