diff options
Diffstat (limited to 'test/pleroma/web/twitter_api/password_controller_test.exs')
-rw-r--r-- | test/pleroma/web/twitter_api/password_controller_test.exs | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/test/pleroma/web/twitter_api/password_controller_test.exs b/test/pleroma/web/twitter_api/password_controller_test.exs index a5e9e2178..cf99e2434 100644 --- a/test/pleroma/web/twitter_api/password_controller_test.exs +++ b/test/pleroma/web/twitter_api/password_controller_test.exs @@ -1,5 +1,5 @@ # Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/> # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do @@ -31,9 +31,47 @@ defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do assert response =~ "<h2>Password Reset for #{user.nickname}</h2>" end + + test "it returns an error when the token has expired", %{conn: conn} do + clear_config([:instance, :password_reset_token_validity], 0) + + user = insert(:user) + {:ok, token} = PasswordResetToken.create_token(user) + {:ok, token} = time_travel(token, -2) + + response = + conn + |> get("/api/pleroma/password_reset/#{token.token}") + |> html_response(:ok) + + assert response =~ "<h2>Invalid Token</h2>" + end end describe "POST /api/pleroma/password_reset" do + test "it fails for an expired token", %{conn: conn} do + clear_config([:instance, :password_reset_token_validity], 0) + + user = insert(:user) + {:ok, token} = PasswordResetToken.create_token(user) + {:ok, token} = time_travel(token, -2) + {:ok, _access_token} = Token.create(insert(:oauth_app), user, %{}) + + params = %{ + "password" => "test", + password_confirmation: "test", + token: token.token + } + + response = + conn + |> assign(:user, user) + |> post("/api/pleroma/password_reset", %{data: params}) + |> html_response(:ok) + + refute response =~ "<h2>Password changed!</h2>" + end + test "it returns HTTP 200", %{conn: conn} do user = insert(:user) {:ok, token} = PasswordResetToken.create_token(user) @@ -54,7 +92,7 @@ defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do assert response =~ "<h2>Password changed!</h2>" user = refresh_record(user) - assert Pbkdf2.verify_pass("test", user.password_hash) + assert Pleroma.Password.Pbkdf2.verify_pass("test", user.password_hash) assert Enum.empty?(Token.get_user_tokens(user)) end |