1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
6 use Pleroma.Web.ConnCase
8 alias Pleroma.PasswordResetToken
10 alias Pleroma.Web.OAuth.Token
11 import Pleroma.Factory
13 describe "GET /api/pleroma/password_reset/token" do
14 test "it returns error when token invalid", %{conn: conn} do
17 |> get("/api/pleroma/password_reset/token")
20 assert response =~ "<h2>Invalid Token</h2>"
23 test "it shows password reset form", %{conn: conn} do
25 {:ok, token} = PasswordResetToken.create_token(user)
29 |> get("/api/pleroma/password_reset/#{token.token}")
32 assert response =~ "<h2>Password Reset for #{user.nickname}</h2>"
35 test "it returns an error when the token has expired", %{conn: conn} do
36 clear_config([:instance, :password_reset_token_validity], 0)
39 {:ok, token} = PasswordResetToken.create_token(user)
45 |> get("/api/pleroma/password_reset/#{token.token}")
48 assert response =~ "<h2>Invalid Token</h2>"
52 describe "POST /api/pleroma/password_reset" do
53 test "it fails for an expired token", %{conn: conn} do
54 clear_config([:instance, :password_reset_token_validity], 0)
57 {:ok, token} = PasswordResetToken.create_token(user)
59 {:ok, _access_token} = Token.create(insert(:oauth_app), user, %{})
63 password_confirmation: "test",
69 |> assign(:user, user)
70 |> post("/api/pleroma/password_reset", %{data: params})
73 refute response =~ "<h2>Password changed!</h2>"
76 test "it returns HTTP 200", %{conn: conn} do
78 {:ok, token} = PasswordResetToken.create_token(user)
79 {:ok, _access_token} = Token.create(insert(:oauth_app), user, %{})
83 password_confirmation: "test",
89 |> assign(:user, user)
90 |> post("/api/pleroma/password_reset", %{data: params})
93 assert response =~ "<h2>Password changed!</h2>"
95 user = refresh_record(user)
96 assert Pbkdf2.verify_pass("test", user.password_hash)
97 assert Enum.empty?(Token.get_user_tokens(user))
100 test "it sets password_reset_pending to false", %{conn: conn} do
101 user = insert(:user, password_reset_pending: true)
103 {:ok, token} = PasswordResetToken.create_token(user)
104 {:ok, _access_token} = Token.create(insert(:oauth_app), user, %{})
107 "password" => "test",
108 password_confirmation: "test",
113 |> assign(:user, user)
114 |> post("/api/pleroma/password_reset", %{data: params})
115 |> html_response(:ok)
117 assert User.get_by_id(user.id).password_reset_pending == false