lewis.moe / bspds-sandbox
this repo has no description
fork atom
bspds-sandbox / tests / change_password.rs
at a050e405e64c1220c76b57597097e307bd36ae26 6.0 kB view raw
1mod common; 2mod helpers; 3use common::*; 4use helpers::*; 5use reqwest::StatusCode; 6use serde_json::{Value, json}; 7 8#[tokio::test] 9async fn test_change_password_success() { 10 let client = client(); 11 let ts = chrono::Utc::now().timestamp_millis(); 12 let handle = format!("change-pw-{}.test", ts); 13 let email = format!("change-pw-{}@test.com", ts); 14 let old_password = "old-password-123"; 15 let new_password = "new-password-456"; 16 let create_payload = json!({ 17 "handle": handle, 18 "email": email, 19 "password": old_password 20 }); 21 let create_res = client 22 .post(format!( 23 "{}/xrpc/com.atproto.server.createAccount", 24 base_url().await 25 )) 26 .json(&create_payload) 27 .send() 28 .await 29 .expect("Failed to create account"); 30 assert_eq!(create_res.status(), StatusCode::OK); 31 let create_body: Value = create_res.json().await.unwrap(); 32 let did = create_body["did"].as_str().unwrap(); 33 let jwt = verify_new_account(&client, did).await; 34 let change_res = client 35 .post(format!( 36 "{}/xrpc/com.bspds.account.changePassword", 37 base_url().await 38 )) 39 .bearer_auth(&jwt) 40 .json(&json!({ 41 "currentPassword": old_password, 42 "newPassword": new_password 43 })) 44 .send() 45 .await 46 .expect("Failed to change password"); 47 assert_eq!(change_res.status(), StatusCode::OK); 48 let login_old = client 49 .post(format!( 50 "{}/xrpc/com.atproto.server.createSession", 51 base_url().await 52 )) 53 .json(&json!({ 54 "identifier": handle, 55 "password": old_password 56 })) 57 .send() 58 .await 59 .expect("Failed to try old password"); 60 assert_eq!(login_old.status(), StatusCode::UNAUTHORIZED, "Old password should not work"); 61 let login_new = client 62 .post(format!( 63 "{}/xrpc/com.atproto.server.createSession", 64 base_url().await 65 )) 66 .json(&json!({ 67 "identifier": handle, 68 "password": new_password 69 })) 70 .send() 71 .await 72 .expect("Failed to try new password"); 73 assert_eq!(login_new.status(), StatusCode::OK, "New password should work"); 74} 75 76#[tokio::test] 77async fn test_change_password_wrong_current() { 78 let client = client(); 79 let (_, jwt) = setup_new_user("change-pw-wrong").await; 80 let res = client 81 .post(format!( 82 "{}/xrpc/com.bspds.account.changePassword", 83 base_url().await 84 )) 85 .bearer_auth(&jwt) 86 .json(&json!({ 87 "currentPassword": "wrong-password", 88 "newPassword": "new-password-123" 89 })) 90 .send() 91 .await 92 .expect("Failed to send request"); 93 assert_eq!(res.status(), StatusCode::UNAUTHORIZED); 94 let body: Value = res.json().await.unwrap(); 95 assert_eq!(body["error"].as_str(), Some("InvalidPassword")); 96} 97 98#[tokio::test] 99async fn test_change_password_too_short() { 100 let client = client(); 101 let ts = chrono::Utc::now().timestamp_millis(); 102 let handle = format!("change-pw-short-{}.test", ts); 103 let email = format!("change-pw-short-{}@test.com", ts); 104 let password = "correct-password"; 105 let create_payload = json!({ 106 "handle": handle, 107 "email": email, 108 "password": password 109 }); 110 let create_res = client 111 .post(format!( 112 "{}/xrpc/com.atproto.server.createAccount", 113 base_url().await 114 )) 115 .json(&create_payload) 116 .send() 117 .await 118 .expect("Failed to create account"); 119 assert_eq!(create_res.status(), StatusCode::OK); 120 let create_body: Value = create_res.json().await.unwrap(); 121 let did = create_body["did"].as_str().unwrap(); 122 let jwt = verify_new_account(&client, did).await; 123 let res = client 124 .post(format!( 125 "{}/xrpc/com.bspds.account.changePassword", 126 base_url().await 127 )) 128 .bearer_auth(&jwt) 129 .json(&json!({ 130 "currentPassword": password, 131 "newPassword": "short" 132 })) 133 .send() 134 .await 135 .expect("Failed to send request"); 136 assert_eq!(res.status(), StatusCode::BAD_REQUEST); 137 let body: Value = res.json().await.unwrap(); 138 assert!(body["message"].as_str().unwrap().contains("8 characters")); 139} 140 141#[tokio::test] 142async fn test_change_password_empty_current() { 143 let client = client(); 144 let (_, jwt) = setup_new_user("change-pw-empty").await; 145 let res = client 146 .post(format!( 147 "{}/xrpc/com.bspds.account.changePassword", 148 base_url().await 149 )) 150 .bearer_auth(&jwt) 151 .json(&json!({ 152 "currentPassword": "", 153 "newPassword": "new-password-123" 154 })) 155 .send() 156 .await 157 .expect("Failed to send request"); 158 assert_eq!(res.status(), StatusCode::BAD_REQUEST); 159} 160 161#[tokio::test] 162async fn test_change_password_empty_new() { 163 let client = client(); 164 let (_, jwt) = setup_new_user("change-pw-emptynew").await; 165 let res = client 166 .post(format!( 167 "{}/xrpc/com.bspds.account.changePassword", 168 base_url().await 169 )) 170 .bearer_auth(&jwt) 171 .json(&json!({ 172 "currentPassword": "e2e-password-123", 173 "newPassword": "" 174 })) 175 .send() 176 .await 177 .expect("Failed to send request"); 178 assert_eq!(res.status(), StatusCode::BAD_REQUEST); 179} 180 181#[tokio::test] 182async fn test_change_password_requires_auth() { 183 let client = client(); 184 let res = client 185 .post(format!( 186 "{}/xrpc/com.bspds.account.changePassword", 187 base_url().await 188 )) 189 .json(&json!({ 190 "currentPassword": "old", 191 "newPassword": "new-password-123" 192 })) 193 .send() 194 .await 195 .expect("Failed to send request"); 196 assert_eq!(res.status(), StatusCode::UNAUTHORIZED); 197}