Merge remote-tracking branch 'pleroma/develop' into cycles-frontend-static
[akkoma] / test / pleroma / web / twitter_api / password_controller_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
6 use Pleroma.Web.ConnCase
7
8 alias Pleroma.PasswordResetToken
9 alias Pleroma.User
10 alias Pleroma.Web.OAuth.Token
11 import Pleroma.Factory
12
13 describe "GET /api/pleroma/password_reset/token" do
14 test "it returns error when token invalid", %{conn: conn} do
15 response =
16 conn
17 |> get("/api/pleroma/password_reset/token")
18 |> html_response(:ok)
19
20 assert response =~ "<h2>Invalid Token</h2>"
21 end
22
23 test "it shows password reset form", %{conn: conn} do
24 user = insert(:user)
25 {:ok, token} = PasswordResetToken.create_token(user)
26
27 response =
28 conn
29 |> get("/api/pleroma/password_reset/#{token.token}")
30 |> html_response(:ok)
31
32 assert response =~ "<h2>Password Reset for #{user.nickname}</h2>"
33 end
34
35 test "it returns an error when the token has expired", %{conn: conn} do
36 clear_config([:instance, :password_reset_token_validity], 0)
37
38 user = insert(:user)
39 {:ok, token} = PasswordResetToken.create_token(user)
40 {:ok, token} = time_travel(token, -2)
41
42 response =
43 conn
44 |> get("/api/pleroma/password_reset/#{token.token}")
45 |> html_response(:ok)
46
47 assert response =~ "<h2>Invalid Token</h2>"
48 end
49 end
50
51 describe "POST /api/pleroma/password_reset" do
52 test "it fails for an expired token", %{conn: conn} do
53 clear_config([:instance, :password_reset_token_validity], 0)
54
55 user = insert(:user)
56 {:ok, token} = PasswordResetToken.create_token(user)
57 {:ok, token} = time_travel(token, -2)
58 {:ok, _access_token} = Token.create(insert(:oauth_app), user, %{})
59
60 params = %{
61 "password" => "test",
62 password_confirmation: "test",
63 token: token.token
64 }
65
66 response =
67 conn
68 |> assign(:user, user)
69 |> post("/api/pleroma/password_reset", %{data: params})
70 |> html_response(:ok)
71
72 refute response =~ "<h2>Password changed!</h2>"
73 end
74
75 test "it returns HTTP 200", %{conn: conn} do
76 user = insert(:user)
77 {:ok, token} = PasswordResetToken.create_token(user)
78 {:ok, _access_token} = Token.create(insert(:oauth_app), user, %{})
79
80 params = %{
81 "password" => "test",
82 password_confirmation: "test",
83 token: token.token
84 }
85
86 response =
87 conn
88 |> assign(:user, user)
89 |> post("/api/pleroma/password_reset", %{data: params})
90 |> html_response(:ok)
91
92 assert response =~ "<h2>Password changed!</h2>"
93
94 user = refresh_record(user)
95 assert Pleroma.Password.Pbkdf2.verify_pass("test", user.password_hash)
96 assert Enum.empty?(Token.get_user_tokens(user))
97 end
98
99 test "it sets password_reset_pending to false", %{conn: conn} do
100 user = insert(:user, password_reset_pending: true)
101
102 {:ok, token} = PasswordResetToken.create_token(user)
103 {:ok, _access_token} = Token.create(insert(:oauth_app), user, %{})
104
105 params = %{
106 "password" => "test",
107 password_confirmation: "test",
108 token: token.token
109 }
110
111 conn
112 |> assign(:user, user)
113 |> post("/api/pleroma/password_reset", %{data: params})
114 |> html_response(:ok)
115
116 assert User.get_by_id(user.id).password_reset_pending == false
117 end
118 end
119 end