1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
import { test } from '@japa/runner';
import Token from '#app/Models/Token';
import UserFactory from '#database/factories/UserFactory';
import TokenFactory from '#database/factories/TokenFactory';
test.group('Dashboard / Reset password page', () => {
test('returns a `Invalid token` message when opening without a token', async ({
client,
}) => {
const response = await client.get('/user/reset');
response.assertStatus(200);
response.assertTextIncludes('Invalid token');
});
test('displays the form when a token is provided', async ({ client }) => {
const response = await client.get(
'/user/reset?token=randomtokenbutitworks',
);
response.assertStatus(200);
response.assertTextIncludes('Reset Your Password');
});
test('returns `passwords do not match` message when passwords do not match', async ({
client,
}) => {
const response = await client.post('/user/reset').fields({
token: 'randomnotworkingtoken',
password: 'password',
password_confirmation: 'not_matching',
});
response.assertTextIncludes('Passwords do not match');
});
test('returns `Cannot reset your password` when token does not exist', async ({
client,
}) => {
const response = await client.post('/user/reset').fields({
token: 'randomnotworkingtoken',
password: 'password',
password_confirmation: 'password',
});
response.assertTextIncludes('Cannot reset your password');
});
test('returns `Cannot reset your password` when token is older than 24 hours', async ({
client,
}) => {
const token = await TokenFactory.merge({
// eslint-disable-next-line unicorn/no-await-expression-member
user_id: (await UserFactory.create()).id,
})
.apply('old_token')
.create();
const response = await client.post('/user/reset').fields({
token: token.token,
password: 'password',
password_confirmation: 'password',
});
response.assertTextIncludes('Cannot reset your password');
});
test('returns `Cannot reset your password` when token is revoked', async ({
client,
}) => {
const token = await TokenFactory.merge({
// eslint-disable-next-line unicorn/no-await-expression-member
user_id: (await UserFactory.create()).id,
})
.apply('revoked')
.create();
const response = await client.post('/user/reset').fields({
token: token.token,
password: 'password',
password_confirmation: 'password',
});
response.assertTextIncludes('Cannot reset your password');
});
test('correctly resets password and deletes token and able to login with new password', async ({
client,
assert,
}) => {
const userEmail = 'working-reset-password-login@ferdium.org';
const token = await TokenFactory.merge({
user_id:
(
await UserFactory.merge({
email: userEmail,
}).create()
// prettier-ignore
// eslint-disable-next-line unicorn/no-await-expression-member
).id,
}).create();
const response = await client.post('/user/reset').fields({
token: token.token,
password: 'new_password',
password_confirmation: 'new_password',
});
// Assert response is as expected
response.assertTextIncludes('Successfully reset your password');
// Token should be deleted from database
assert.isNull(await Token.query().where('token', token.token).first());
const loginResponse = await client.post('/user/login').fields({
mail: userEmail,
password: 'new_password',
});
loginResponse.assertRedirectsTo('/user/account');
});
});
|