1 files changed, 17 insertions, 3 deletions

diff --git a/src/user/handlers/password/test.rs b/src/user/handlers/password/test.rs
index 42e41d8..ffa12f3 100644
--- a/src/user/handlers/password/test.rs
+++ b/src/user/handlers/password/test.rs
@@ -1,6 +1,7 @@
 use axum::extract::{Json, State};
 
 use crate::{
+    empty::Empty,
     test::fixtures,
     token::app::{LoginError, ValidateError},
 };
@@ -20,7 +21,7 @@ async fn password_change() {
         password: password.clone(),
         to: to.clone(),
     };
-    let (new_cookie, Json(response)) = super::handler(
+    let (new_cookie, Empty) = super::handler(
         State(app.clone()),
         fixtures::now(),
         identity.clone(),
@@ -34,7 +35,15 @@ async fn password_change() {
     assert_ne!(cookie.secret(), new_cookie.secret());
 
     // Verify that we're still ourselves
-    assert_eq!(identity.user, response);
+    let new_secret = new_cookie
+        .secret()
+        .expect("we should have a secret after changing our password");
+    let (_, login) = app
+        .tokens()
+        .validate(&new_secret, &fixtures::now())
+        .await
+        .expect("the newly-issued secret should be valid");
+    assert_eq!(identity.user, login);
 
     // Verify that our original token is no longer valid
     let validate_err = app
@@ -58,10 +67,15 @@ async fn password_change() {
     assert!(matches!(login_err, LoginError::Rejected));
 
     // Verify that our new password is valid
-    let (login, _) = app
+    let secret = app
         .tokens()
         .login(&name, &to, &fixtures::now())
         .await
         .expect("logging in with the new password should succeed");
+    let (_, login) = app
+        .tokens()
+        .validate(&secret, &fixtures::now())
+        .await
+        .expect("validating a newly-issued token secret succeeds");
     assert_eq!(identity.user, login);
 }