1
|
|
|
<?php |
2
|
|
|
declare(strict_types=1); |
3
|
|
|
|
4
|
|
|
use Codeception\Module\CleanDoctrine2; |
5
|
|
|
use Codeception\Util\HttpCode; |
6
|
|
|
use SlayerBirden\DataFlowServer\Authentication\Entities\Grant; |
7
|
|
|
use SlayerBirden\DataFlowServer\Authentication\Entities\Password; |
8
|
|
|
use SlayerBirden\DataFlowServer\Authentication\Entities\Token; |
9
|
|
|
use SlayerBirden\DataFlowServer\Authentication\Service\PasswordManager; |
10
|
|
|
use SlayerBirden\DataFlowServer\Domain\Entities\User; |
11
|
|
|
|
12
|
|
|
class UpdatePasswordCest |
|
|
|
|
13
|
|
|
{ |
14
|
|
|
/** |
15
|
|
|
* @var CleanDoctrine2 |
16
|
|
|
*/ |
17
|
|
|
private $doctrine; |
18
|
|
|
/** |
19
|
|
|
* @var int |
20
|
|
|
*/ |
21
|
|
|
private $userId; |
22
|
|
|
/** |
23
|
|
|
* @var \Psr\Log\LoggerInterface |
24
|
|
|
*/ |
25
|
|
|
private $logger; |
26
|
|
|
|
27
|
|
|
public function _inject(CleanDoctrine2 $cleanDoctrine2) |
28
|
|
|
{ |
29
|
|
|
$this->doctrine = $cleanDoctrine2; |
30
|
|
|
$this->logger = new \Monolog\Logger('log', [ |
31
|
|
|
new \Monolog\Handler\NoopHandler() |
32
|
|
|
]); |
33
|
|
|
} |
34
|
|
|
|
35
|
|
|
public function _before(ApiTester $I) |
|
|
|
|
36
|
|
|
{ |
37
|
|
|
$this->userId = $I->haveInRepository(User::class, [ |
38
|
|
|
'first' => 'Tester2', |
39
|
|
|
'last' => 'Tester2', |
40
|
|
|
'email' => '[email protected]', |
41
|
|
|
]); |
42
|
|
|
|
43
|
|
|
$user = $I->grabEntityFromRepository(User::class, ['id' => $this->userId]); |
44
|
|
|
$passwordManager = new PasswordManager( |
45
|
|
|
$this->doctrine->em, |
|
|
|
|
46
|
|
|
$this->logger |
47
|
|
|
); |
48
|
|
|
|
49
|
|
|
$I->haveInRepository(Password::class, [ |
50
|
|
|
'owner' => $user, |
51
|
|
|
'hash' => $passwordManager->getHash('test123'), |
52
|
|
|
'createdAt' => new DateTime(), |
53
|
|
|
'due' => new DateTime('+1 year'), |
54
|
|
|
'active' => true, |
55
|
|
|
]); |
56
|
|
|
|
57
|
|
|
$tokenId = $I->haveInRepository(Token::class, [ |
58
|
|
|
'owner' => $user, |
59
|
|
|
'active' => true, |
60
|
|
|
'token' => 'yyy', |
61
|
|
|
'due' => new DateTime('+1 year'), |
62
|
|
|
'createdAt' => new DateTime(), |
63
|
|
|
]); |
64
|
|
|
|
65
|
|
|
$token = $I->grabEntityFromRepository(Token::class, ['id' => $tokenId]); |
66
|
|
|
|
67
|
|
|
$I->haveInRepository(Grant::class, [ |
68
|
|
|
'token' => $token, |
69
|
|
|
'resource' => 'update_password', |
70
|
|
|
]); |
71
|
|
|
|
72
|
|
|
$I->amBearerAuthenticated('yyy'); |
73
|
|
|
} |
74
|
|
|
|
75
|
|
|
public function updatePasswordSuccess(ApiTester $I) |
|
|
|
|
76
|
|
|
{ |
77
|
|
|
$I->wantTo('update my password'); |
78
|
|
|
|
79
|
|
|
$I->haveHttpHeader('Content-Type', 'application/json'); |
80
|
|
|
$I->sendPost('/updatepassword', [ |
81
|
|
|
'password' => 'test123', |
82
|
|
|
'new_password' => 'there is a clown on a wing', |
83
|
|
|
]); |
84
|
|
|
$I->seeResponseCodeIs(HttpCode::OK); |
85
|
|
|
$I->seeResponseContainsJson([ |
86
|
|
|
'success' => true, |
87
|
|
|
]); |
88
|
|
|
|
89
|
|
|
// check that new password works |
90
|
|
|
/** @var User $user */ |
91
|
|
|
$user = $I->grabEntityFromRepository(User::class, ['id' => $this->userId]); |
92
|
|
|
$passwordManager = new PasswordManager( |
93
|
|
|
$this->doctrine->em, |
|
|
|
|
94
|
|
|
$this->logger |
95
|
|
|
); |
96
|
|
|
$valid = $passwordManager->isValidForUser('there is a clown on a wing', $user); |
97
|
|
|
|
98
|
|
|
$I->assertSame(true, $valid); |
99
|
|
|
} |
100
|
|
|
|
101
|
|
|
public function updatePasswordValidationError(ApiTester $I) |
|
|
|
|
102
|
|
|
{ |
103
|
|
|
$I->wantTo('update my password but providing invalid data'); |
104
|
|
|
|
105
|
|
|
$I->haveHttpHeader('Content-Type', 'application/json'); |
106
|
|
|
$I->sendPost('/updatepassword', [ |
107
|
|
|
'password' => 'test123', |
108
|
|
|
'new_password' => 'short', |
109
|
|
|
]); |
110
|
|
|
$I->seeResponseCodeIs(HttpCode::BAD_REQUEST); |
111
|
|
|
$I->seeResponseContainsJson([ |
112
|
|
|
'success' => false, |
113
|
|
|
'data' => [ |
114
|
|
|
'validation' => [ |
115
|
|
|
[ |
116
|
|
|
'field' => 'new_password', |
117
|
|
|
] |
118
|
|
|
] |
119
|
|
|
] |
120
|
|
|
]); |
121
|
|
|
} |
122
|
|
|
|
123
|
|
|
public function updatePasswordOldPasswordWrong(ApiTester $I) |
|
|
|
|
124
|
|
|
{ |
125
|
|
|
$I->wantTo('update my password but providing wrong old pw'); |
126
|
|
|
|
127
|
|
|
$I->haveHttpHeader('Content-Type', 'application/json'); |
128
|
|
|
$I->sendPost('/updatepassword', [ |
129
|
|
|
'password' => 'forgot', |
130
|
|
|
'new_password' => 'cool new password', |
131
|
|
|
]); |
132
|
|
|
$I->seeResponseCodeIs(HttpCode::PRECONDITION_FAILED); |
133
|
|
|
$I->seeResponseContainsJson([ |
134
|
|
|
'success' => false, |
135
|
|
|
]); |
136
|
|
|
} |
137
|
|
|
|
138
|
|
|
public function updatePasswordWithoutProvidingOld(ApiTester $I) |
|
|
|
|
139
|
|
|
{ |
140
|
|
|
$I->wantTo('update my password without providing old one'); |
141
|
|
|
|
142
|
|
|
$I->haveHttpHeader('Content-Type', 'application/json'); |
143
|
|
|
$I->sendPost('/updatepassword', [ |
144
|
|
|
'new_password' => 'cool new password', |
145
|
|
|
]); |
146
|
|
|
$I->seeResponseCodeIs(HttpCode::PRECONDITION_FAILED); |
147
|
|
|
$I->seeResponseContainsJson([ |
148
|
|
|
'success' => false, |
149
|
|
|
]); |
150
|
|
|
} |
151
|
|
|
|
152
|
|
|
public function updatePasswordUseUsedPw(ApiTester $I) |
|
|
|
|
153
|
|
|
{ |
154
|
|
|
$I->wantTo('update my password using old password which is already in the system'); |
155
|
|
|
|
156
|
|
|
$user = $I->grabEntityFromRepository(User::class, ['id' => $this->userId]); |
157
|
|
|
$passwordManager = new PasswordManager( |
158
|
|
|
$this->doctrine->em, |
|
|
|
|
159
|
|
|
$this->logger |
160
|
|
|
); |
161
|
|
|
$I->haveInRepository(Password::class, [ |
162
|
|
|
'owner' => $user, |
163
|
|
|
'hash' => $passwordManager->getHash('old cool long password'), |
164
|
|
|
'createdAt' => new DateTime('-1 year'), |
165
|
|
|
'due' => new DateTime('-1 month'), |
166
|
|
|
'active' => false, |
167
|
|
|
]); |
168
|
|
|
|
169
|
|
|
$I->haveHttpHeader('Content-Type', 'application/json'); |
170
|
|
|
$I->sendPost('/updatepassword', [ |
171
|
|
|
'password' => 'test123', |
172
|
|
|
'new_password' => 'old cool long password', |
173
|
|
|
]); |
174
|
|
|
$I->seeResponseCodeIs(HttpCode::BAD_REQUEST); |
175
|
|
|
$I->seeResponseContainsJson([ |
176
|
|
|
'success' => false, |
177
|
|
|
]); |
178
|
|
|
} |
179
|
|
|
} |
180
|
|
|
|