diff options
| author | Owen Jacobson <owen@grimoire.ca> | 2024-10-29 23:29:22 -0400 |
|---|---|---|
| committer | Owen Jacobson <owen@grimoire.ca> | 2024-10-29 23:29:22 -0400 |
| commit | 66d3fcf2e22f057bacce8d97d43a13c1c5a9ad09 (patch) | |
| tree | 60995943e14a6568cf2b37622ce97df121865a6d /src/event/routes | |
| parent | e328d33fc7d6a0f2e3d260d8bddee3ef633318eb (diff) | |
Add `change password` UI + API.
The protocol here re-checks the caller's password, as a "I left myself logged in" anti-pranking check.
Diffstat (limited to 'src/event/routes')
| -rw-r--r-- | src/event/routes/test/token.rs | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/src/event/routes/test/token.rs b/src/event/routes/test/token.rs index 2039d9b..16ac7c3 100644 --- a/src/event/routes/test/token.rs +++ b/src/event/routes/test/token.rs @@ -93,3 +93,52 @@ async fn terminates_on_logout() { .expect_none("end of stream") .await; } + +#[tokio::test] +async fn terminates_on_password_change() { + // Set up the environment + + let app = fixtures::scratch_app().await; + let channel = fixtures::channel::create(&app, &fixtures::now()).await; + let sender = fixtures::login::create(&app, &fixtures::now()).await; + + // Subscribe via the endpoint + + let creds = fixtures::login::create_with_password(&app, &fixtures::now()).await; + let cookie = fixtures::cookie::logged_in(&app, &creds, &fixtures::now()).await; + let subscriber = fixtures::identity::from_cookie(&app, &cookie, &fixtures::now()).await; + + let get::Response(events) = get::handler( + State(app.clone()), + subscriber.clone(), + None, + Query::default(), + ) + .await + .expect("subscribe never fails"); + + // Verify the resulting stream's behaviour + + let (_, password) = creds; + let to = fixtures::login::propose_password(); + app.tokens() + .change_password(&subscriber.login, &password, &to, &fixtures::now()) + .await + .expect("expiring tokens succeeds"); + + // These should not be delivered. + + let messages = [ + fixtures::message::send(&app, &channel, &sender, &fixtures::now()).await, + fixtures::message::send(&app, &channel, &sender, &fixtures::now()).await, + fixtures::message::send(&app, &channel, &sender, &fixtures::now()).await, + ]; + + events + .filter_map(fixtures::event::message) + .filter_map(fixtures::event::message::sent) + .filter(|event| future::ready(messages.iter().any(|message| &event.message == message))) + .next() + .expect_none("end of stream") + .await; +} |