From c52e24f17ed615b2e2dd55a285eb272014a2ccbf Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Sun, 24 Aug 2025 16:37:41 -0400
Subject: Factor out common authentication test verification steps into
 helpers.

These checks tended to be wordy, and were prone to being done subtly differently in different locations for no good reason. Centralizing them cleans this up and makes the tests easier to follow, at the expense of making it somewhat harder to follow what the test is specifically checking.
---
 src/user/handlers/password/test.rs | 44 +++++---------------------------------
 1 file changed, 5 insertions(+), 39 deletions(-)

(limited to 'src/user/handlers/password')

diff --git a/src/user/handlers/password/test.rs b/src/user/handlers/password/test.rs
index c0f789b..81020a1 100644
--- a/src/user/handlers/password/test.rs
+++ b/src/user/handlers/password/test.rs
@@ -2,8 +2,7 @@ use axum::extract::{Json, State};
 
 use crate::{
     empty::Empty,
-    test::fixtures,
-    token::app::{LoginError, ValidateError},
+    test::{fixtures, verify},
 };
 
 #[tokio::test]
@@ -35,47 +34,14 @@ async fn password_change() {
     assert_ne!(cookie.secret(), new_cookie.secret());
 
     // Verify that we're still ourselves
-    let new_secret = new_cookie
-        .secret()
-        .expect("we should have a secret after changing our password");
-    let new_identity = app
-        .tokens()
-        .validate(&new_secret, &fixtures::now())
-        .await
-        .expect("the newly-issued secret should be valid");
-    assert_eq!(identity.user, new_identity.user);
+    verify::identity::valid_for_user(&app, &new_cookie, &identity.user).await;
 
     // Verify that our original token is no longer valid
-    let validate_err = app
-        .tokens()
-        .validate(
-            &cookie
-                .secret()
-                .expect("original identity cookie has a secret"),
-            &fixtures::now(),
-        )
-        .await
-        .expect_err("validating the original identity secret should fail");
-    assert!(matches!(validate_err, ValidateError::InvalidToken));
+    verify::identity::invalid(&app, &cookie).await;
 
     // Verify that our original password is no longer valid
-    let login_err = app
-        .tokens()
-        .login(&name, &password, &fixtures::now())
-        .await
-        .expect_err("logging in with the original password should fail");
-    assert!(matches!(login_err, LoginError::Rejected));
+    verify::login::invalid_login(&app, &name, &password).await;
 
     // Verify that our new password is valid
-    let secret = app
-        .tokens()
-        .login(&name, &to, &fixtures::now())
-        .await
-        .expect("logging in with the new password should succeed");
-    let identity = app
-        .tokens()
-        .validate(&secret, &fixtures::now())
-        .await
-        .expect("validating a newly-issued token secret succeeds");
-    assert_eq!(name, identity.user.name);
+    verify::login::valid_login(&app, &name, &to).await;
 }
-- 
cgit v1.2.3