nel.pet / tranquil
forked from lewis.moe/bspds-sandbox
I've been saying "PDSes seem easy enough, they're what, some CRUD to a db? I can do that in my sleep". well i'm sleeping rn so let's go
fork atom
tranquil / tests / change_password.rs
at main 5.8 kB view raw
1mod common; 2mod helpers; 3use common::*; 4use helpers::*; 5use reqwest::StatusCode; 6use serde_json::{Value, json}; 7 8#[tokio::test] 9async fn test_change_password_success() { 10 let client = client(); 11 let ts = chrono::Utc::now().timestamp_millis(); 12 let handle = format!("change-pw-{}.test", ts); 13 let email = format!("change-pw-{}@test.com", ts); 14 let old_password = "Oldpass123!"; 15 let new_password = "Newpass456!"; 16 let create_payload = json!({ 17 "handle": handle, 18 "email": email, 19 "password": old_password 20 }); 21 let create_res = client 22 .post(format!( 23 "{}/xrpc/com.atproto.server.createAccount", 24 base_url().await 25 )) 26 .json(&create_payload) 27 .send() 28 .await 29 .expect("Failed to create account"); 30 assert_eq!(create_res.status(), StatusCode::OK); 31 let create_body: Value = create_res.json().await.unwrap(); 32 let did = create_body["did"].as_str().unwrap(); 33 let jwt = verify_new_account(&client, did).await; 34 let change_res = client 35 .post(format!("{}/xrpc/_account.changePassword", base_url().await)) 36 .bearer_auth(&jwt) 37 .json(&json!({ 38 "currentPassword": old_password, 39 "newPassword": new_password 40 })) 41 .send() 42 .await 43 .expect("Failed to change password"); 44 assert_eq!(change_res.status(), StatusCode::OK); 45 let login_old = client 46 .post(format!( 47 "{}/xrpc/com.atproto.server.createSession", 48 base_url().await 49 )) 50 .json(&json!({ 51 "identifier": handle, 52 "password": old_password 53 })) 54 .send() 55 .await 56 .expect("Failed to try old password"); 57 assert_eq!( 58 login_old.status(), 59 StatusCode::UNAUTHORIZED, 60 "Old password should not work" 61 ); 62 let login_new = client 63 .post(format!( 64 "{}/xrpc/com.atproto.server.createSession", 65 base_url().await 66 )) 67 .json(&json!({ 68 "identifier": handle, 69 "password": new_password 70 })) 71 .send() 72 .await 73 .expect("Failed to try new password"); 74 assert_eq!( 75 login_new.status(), 76 StatusCode::OK, 77 "New password should work" 78 ); 79} 80 81#[tokio::test] 82async fn test_change_password_wrong_current() { 83 let client = client(); 84 let (_, jwt) = setup_new_user("change-pw-wrong").await; 85 let res = client 86 .post(format!("{}/xrpc/_account.changePassword", base_url().await)) 87 .bearer_auth(&jwt) 88 .json(&json!({ 89 "currentPassword": "Wrongpass999!", 90 "newPassword": "Newpass123!" 91 })) 92 .send() 93 .await 94 .expect("Failed to send request"); 95 assert_eq!(res.status(), StatusCode::UNAUTHORIZED); 96 let body: Value = res.json().await.unwrap(); 97 assert_eq!(body["error"].as_str(), Some("InvalidPassword")); 98} 99 100#[tokio::test] 101async fn test_change_password_too_short() { 102 let client = client(); 103 let ts = chrono::Utc::now().timestamp_millis(); 104 let handle = format!("change-pw-short-{}.test", ts); 105 let email = format!("change-pw-short-{}@test.com", ts); 106 let password = "Correct123!"; 107 let create_payload = json!({ 108 "handle": handle, 109 "email": email, 110 "password": password 111 }); 112 let create_res = client 113 .post(format!( 114 "{}/xrpc/com.atproto.server.createAccount", 115 base_url().await 116 )) 117 .json(&create_payload) 118 .send() 119 .await 120 .expect("Failed to create account"); 121 assert_eq!(create_res.status(), StatusCode::OK); 122 let create_body: Value = create_res.json().await.unwrap(); 123 let did = create_body["did"].as_str().unwrap(); 124 let jwt = verify_new_account(&client, did).await; 125 let res = client 126 .post(format!("{}/xrpc/_account.changePassword", base_url().await)) 127 .bearer_auth(&jwt) 128 .json(&json!({ 129 "currentPassword": password, 130 "newPassword": "short" 131 })) 132 .send() 133 .await 134 .expect("Failed to send request"); 135 assert_eq!(res.status(), StatusCode::BAD_REQUEST); 136 let body: Value = res.json().await.unwrap(); 137 assert!(body["message"].as_str().unwrap().contains("8 characters")); 138} 139 140#[tokio::test] 141async fn test_change_password_empty_current() { 142 let client = client(); 143 let (_, jwt) = setup_new_user("change-pw-empty").await; 144 let res = client 145 .post(format!("{}/xrpc/_account.changePassword", base_url().await)) 146 .bearer_auth(&jwt) 147 .json(&json!({ 148 "currentPassword": "", 149 "newPassword": "Newpass123!" 150 })) 151 .send() 152 .await 153 .expect("Failed to send request"); 154 assert_eq!(res.status(), StatusCode::BAD_REQUEST); 155} 156 157#[tokio::test] 158async fn test_change_password_empty_new() { 159 let client = client(); 160 let (_, jwt) = setup_new_user("change-pw-emptynew").await; 161 let res = client 162 .post(format!("{}/xrpc/_account.changePassword", base_url().await)) 163 .bearer_auth(&jwt) 164 .json(&json!({ 165 "currentPassword": "E2epass123!", 166 "newPassword": "" 167 })) 168 .send() 169 .await 170 .expect("Failed to send request"); 171 assert_eq!(res.status(), StatusCode::BAD_REQUEST); 172} 173 174#[tokio::test] 175async fn test_change_password_requires_auth() { 176 let client = client(); 177 let res = client 178 .post(format!("{}/xrpc/_account.changePassword", base_url().await)) 179 .json(&json!({ 180 "currentPassword": "Oldpass123!", 181 "newPassword": "Newpass123!" 182 })) 183 .send() 184 .await 185 .expect("Failed to send request"); 186 assert_eq!(res.status(), StatusCode::UNAUTHORIZED); 187}