func (suite *AccountsTestSuite) TestResetPassword() { // Insert a test password reset testPasswordReset, err := accounts.NewPasswordReset( suite.users[1], suite.cnf.AppSpecific.PasswordResetLifetime, ) assert.NoError(suite.T(), err, "Failed to create a new password reset object") err = suite.db.Create(testPasswordReset).Error assert.NoError(suite.T(), err, "Inserting test data failed") testPasswordReset.User = suite.users[1] // Error should be nil assert.Nil( suite.T(), suite.service.ResetPassword(testPasswordReset, "newpassword"), ) // The password reset object should have been deleted assert.True( suite.T(), suite.db.Find(new(accounts.PasswordReset), testPasswordReset.ID).RecordNotFound(), ) }
func (suite *AccountsTestSuite) TestConfirmPasswordReset() { var ( testOauthUser *oauth.User testUser *accounts.User testPasswordReset *accounts.PasswordReset err error ) // Insert a test user testOauthUser, err = suite.service.GetOauthService().CreateUser( roles.User, "harold@finch", "", // blank password ) assert.NoError(suite.T(), err, "Failed to insert a test oauth user") testUser, err = accounts.NewUser( suite.accounts[0], testOauthUser, "", //facebook ID false, // confirmed &accounts.UserRequest{ FirstName: "Harold", LastName: "Finch", }, ) assert.NoError(suite.T(), err, "Failed to create a new user object") err = suite.db.Create(testUser).Error assert.NoError(suite.T(), err, "Failed to insert a test user") testUser.Account = suite.accounts[0] testUser.OauthUser = testOauthUser // Insert a test password reset testPasswordReset, err = accounts.NewPasswordReset( testUser, suite.cnf.AppSpecific.PasswordResetLifetime, ) assert.NoError(suite.T(), err, "Failed to create a new password reset object") err = suite.db.Create(testPasswordReset).Error assert.NoError(suite.T(), err, "Failed to insert a test password reset") testPasswordReset.User = testUser // Prepare a request payload, err := json.Marshal(&accounts.ConfirmPasswordResetRequest{ PasswordRequest: accounts.PasswordRequest{Password: "******"}, }) assert.NoError(suite.T(), err, "JSON marshalling failed") r, err := http.NewRequest( "POST", fmt.Sprintf("http://1.2.3.4/v1/password-resets/%s", testPasswordReset.Reference), bytes.NewBuffer(payload), ) assert.NoError(suite.T(), err, "Request setup should not get an error") r.Header.Set( "Authorization", fmt.Sprintf( "Basic %s", b64.StdEncoding.EncodeToString([]byte("test_client_1:test_secret")), ), ) // Check the routing match := new(mux.RouteMatch) suite.router.Match(r, match) if assert.NotNil(suite.T(), match.Route) { assert.Equal(suite.T(), "confirm_password_reset", match.Route.GetName()) } // Count before var countBefore int suite.db.Model(new(accounts.PasswordReset)).Count(&countBefore) // And serve the request w := httptest.NewRecorder() suite.router.ServeHTTP(w, r) // Count after var countAfter int suite.db.Model(new(accounts.PasswordReset)).Count(&countAfter) assert.Equal(suite.T(), countBefore-1, countAfter) // Fetch the updated user user := new(accounts.User) notFound := accounts.UserPreload(suite.db).First(user, testUser.ID).RecordNotFound() assert.False(suite.T(), notFound) // Password reset should have been soft deleted assert.True(suite.T(), suite.db.First(new(accounts.PasswordReset), testPasswordReset.ID).RecordNotFound()) // And correct data was saved assert.Nil(suite.T(), pass.VerifyPassword(user.OauthUser.Password.String, "test_password")) // Check the response expected, err := accounts.NewPasswordResetResponse(testPasswordReset) assert.NoError(suite.T(), err, "Failed to create expected response object") testutil.TestResponseObject(suite.T(), w, expected, 200) }
func (suite *AccountsTestSuite) TestFindPasswordResetByReference() { var ( testExpiredPasswordReset, testPasswordReset, passwordReset *accounts.PasswordReset err error ) // Insert test password resets testExpiredPasswordReset, err = accounts.NewPasswordReset( suite.users[1], -10, // expires in ) assert.NoError(suite.T(), err, "Failed to create a new password reset object") err = suite.db.Create(testExpiredPasswordReset).Error assert.NoError(suite.T(), err, "Inserting test expired password reset failed") testExpiredPasswordReset.User = suite.users[1] testPasswordReset, err = accounts.NewPasswordReset( suite.users[1], suite.cnf.AppSpecific.PasswordResetLifetime, ) assert.NoError(suite.T(), err, "Failed to create a new password reset object") err = suite.db.Create(testPasswordReset).Error assert.NoError(suite.T(), err, "Inserting test password reset failed") testPasswordReset.User = suite.users[1] // Let's try to find an expired password reset by a valid reference passwordReset, err = suite.service.FindPasswordResetByReference(testExpiredPasswordReset.Reference) // Password reset should be nil assert.Nil(suite.T(), passwordReset) // Correct error should be returned if assert.NotNil(suite.T(), err) { assert.Equal(suite.T(), accounts.ErrPasswordResetNotFound, err) } // Let's try to find a password reset by a bogus reference passwordReset, err = suite.service.FindPasswordResetByReference("bogus") // Password reset should be nil assert.Nil(suite.T(), passwordReset) // Correct error should be returned if assert.NotNil(suite.T(), err) { assert.Equal(suite.T(), accounts.ErrPasswordResetNotFound, err) } // Now let's pass a valid reference of an expired password reset passwordReset, err = suite.service.FindPasswordResetByReference(testExpiredPasswordReset.Reference) // Password reset should be nil assert.Nil(suite.T(), passwordReset) // Correct error should be returned if assert.NotNil(suite.T(), err) { assert.Equal(suite.T(), accounts.ErrPasswordResetNotFound, err) } // Now let's pass a valid reference passwordReset, err = suite.service.FindPasswordResetByReference(testPasswordReset.Reference) // Error should be nil assert.Nil(suite.T(), err) // Correct password reset should be returned with preloaded data if assert.NotNil(suite.T(), passwordReset) { assert.Equal(suite.T(), suite.users[1].ID, passwordReset.User.ID) assert.False(suite.T(), passwordReset.EmailSent) assert.Nil(suite.T(), passwordReset.EmailSentAt) } }
func (suite *AccountsTestSuite) TestCreatePasswordResetSecondTime() { // Insert a test password reset testPasswordReset, err := accounts.NewPasswordReset( suite.users[1], suite.cnf.AppSpecific.PasswordResetLifetime, ) assert.NoError(suite.T(), err, "Failed to create a new password reset object") err = suite.db.Create(testPasswordReset).Error assert.NoError(suite.T(), err, "Failed to insert a test password reset") testPasswordReset.User = suite.users[1] // Prepare a request payload, err := json.Marshal(&accounts.PasswordResetRequest{ Email: suite.users[1].OauthUser.Username}, ) assert.NoError(suite.T(), err, "JSON marshalling failed") r, err := http.NewRequest( "POST", "http://1.2.3.4/v1/password-resets", bytes.NewBuffer(payload), ) assert.NoError(suite.T(), err, "Request setup should not get an error") r.Header.Set( "Authorization", fmt.Sprintf( "Basic %s", b64.StdEncoding.EncodeToString([]byte("test_client_1:test_secret")), ), ) suite.service.WaitForNotifications(1) // Mock password reset email suite.mockPasswordResetEmail() // Check the routing match := new(mux.RouteMatch) suite.router.Match(r, match) if assert.NotNil(suite.T(), match.Route) { assert.Equal(suite.T(), "create_password_reset", match.Route.GetName()) } // Count before var countBefore int suite.db.Model(new(accounts.PasswordReset)).Count(&countBefore) // And serve the request w := httptest.NewRecorder() suite.router.ServeHTTP(w, r) // Count after var countAfter int suite.db.Model(new(accounts.PasswordReset)).Count(&countAfter) assert.Equal(suite.T(), countBefore, countAfter) // Fetch the created password reset passwordReset := new(accounts.PasswordReset) notFound := accounts.PasswordResetPreload(suite.db).Last(passwordReset).RecordNotFound() assert.False(suite.T(), notFound) // And correct data was saved assert.NotEqual(suite.T(), testPasswordReset.ID, passwordReset.ID) assert.Equal(suite.T(), testPasswordReset.User.ID, passwordReset.User.ID) // Check the response expected, err := accounts.NewPasswordResetResponse(passwordReset) assert.NoError(suite.T(), err, "Failed to create expected response object") testutil.TestResponseObject(suite.T(), w, expected, 201) // block until email goroutine has finished assert.True(suite.T(), <-suite.service.GetNotifications(), "The email goroutine should have run") // Check that the mock object expectations were met suite.assertMockExpectations() }