use axum::extract::{Json, State}; use super::post; use crate::{ test::fixtures, token::app::{LoginError, ValidateError}, }; #[tokio::test] async fn password_change() { // Set up the environment let app = fixtures::scratch_app().await; let creds = fixtures::login::create_with_password(&app, &fixtures::now()).await; let cookie = fixtures::cookie::logged_in(&app, &creds, &fixtures::now()).await; let identity = fixtures::identity::from_cookie(&app, &cookie, &fixtures::now()).await; // Call the endpoint let (name, password) = creds; let to = fixtures::login::propose_password(); let request = post::Request { password: password.clone(), to: to.clone(), }; let (new_cookie, Json(response)) = post::handler( State(app.clone()), fixtures::now(), identity.clone(), cookie.clone(), Json(request), ) .await .expect("changing passwords succeeds"); // Verify that we have a new session assert_ne!(cookie.secret(), new_cookie.secret()); // Verify that we're still ourselves assert_eq!(identity.login, response); // Verify that our original token is no longer valid let validate_err = app .tokens() .validate( &cookie .secret() .expect("original identity cookie has a secret"), &fixtures::now(), ) .await .expect_err("validating the original identity secret should fail"); assert!(matches!(validate_err, ValidateError::InvalidToken)); // Verify that our original password is no longer valid let login_err = app .tokens() .login(&name, &password, &fixtures::now()) .await .expect_err("logging in with the original password should fail"); assert!(matches!(login_err, LoginError::Rejected)); // Verify that our new password is valid let (login, _) = app .tokens() .login(&name, &to, &fixtures::now()) .await .expect("logging in with the new password should succeed"); assert_eq!(identity.login, login); }