From 66d3fcf2e22f057bacce8d97d43a13c1c5a9ad09 Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Tue, 29 Oct 2024 23:29:22 -0400
Subject: Add `change password` UI + API.

The protocol here re-checks the caller's password, as a "I left myself logged in" anti-pranking check.
---
 src/test/fixtures/identity.rs | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'src/test/fixtures')

diff --git a/src/test/fixtures/identity.rs b/src/test/fixtures/identity.rs
index e438f2b..ffc44c6 100644
--- a/src/test/fixtures/identity.rs
+++ b/src/test/fixtures/identity.rs
@@ -15,11 +15,15 @@ pub async fn create(app: &App, created_at: &RequestedAt) -> Identity {
     logged_in(app, &credentials, created_at).await
 }
 
-pub async fn from_cookie(app: &App, token: &IdentityCookie, issued_at: &RequestedAt) -> Identity {
-    let secret = token.secret().expect("identity token has a secret");
+pub async fn from_cookie(
+    app: &App,
+    cookie: &IdentityCookie,
+    validated_at: &RequestedAt,
+) -> Identity {
+    let secret = cookie.secret().expect("identity token has a secret");
     let (token, login) = app
         .tokens()
-        .validate(&secret, issued_at)
+        .validate(&secret, validated_at)
         .await
         .expect("always validates newly-issued secret");
 
-- 
cgit v1.2.3