Add `change password` UI + API.

The protocol here re-checks the caller's password, as a "I left myself logged in" anti-pranking check.

1 files changed, 7 insertions, 3 deletions

diff --git a/src/test/fixtures/identity.rs b/src/test/fixtures/identity.rs
index e438f2b..ffc44c6 100644
--- a/src/test/fixtures/identity.rs
+++ b/src/test/fixtures/identity.rs
@@ -15,11 +15,15 @@ pub async fn create(app: &App, created_at: &RequestedAt) -> Identity {
     logged_in(app, &credentials, created_at).await
 }
 
-pub async fn from_cookie(app: &App, token: &IdentityCookie, issued_at: &RequestedAt) -> Identity {
-    let secret = token.secret().expect("identity token has a secret");
+pub async fn from_cookie(
+    app: &App,
+    cookie: &IdentityCookie,
+    validated_at: &RequestedAt,
+) -> Identity {
+    let secret = cookie.secret().expect("identity token has a secret");
     let (token, login) = app
         .tokens()
-        .validate(&secret, issued_at)
+        .validate(&secret, validated_at)
         .await
         .expect("always validates newly-issued secret");