diff options
author | Ivan Tashkinov <ivantashkinov@gmail.com> | 2019-09-30 17:41:20 +0300 |
---|---|---|
committer | Ivan Tashkinov <ivantashkinov@gmail.com> | 2019-09-30 17:41:20 +0300 |
commit | 6ffa2b5f661c2db424334c6fb5de6f4d1bfeb745 (patch) | |
tree | dd1b2129f3eb7df7b0141cc65ba6c492a36863d0 /test/web/twitter_api/util_controller_test.exs | |
parent | c98e761d28812818971d327800f1fc4c2baa2dbc (diff) | |
parent | a22a7437d84065192601f73da73d2c27111c9b15 (diff) | |
download | pleroma-6ffa2b5f661c2db424334c6fb5de6f4d1bfeb745.tar.gz pleroma-6ffa2b5f661c2db424334c6fb5de6f4d1bfeb745.zip |
[#1260] Merge remote-tracking branch 'remotes/upstream/develop' into 1260-rate-limited-auth-actions
# Conflicts:
# CHANGELOG.md
Diffstat (limited to 'test/web/twitter_api/util_controller_test.exs')
-rw-r--r-- | test/web/twitter_api/util_controller_test.exs | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/test/web/twitter_api/util_controller_test.exs b/test/web/twitter_api/util_controller_test.exs index 0a2a48fb7..56e318182 100644 --- a/test/web/twitter_api/util_controller_test.exs +++ b/test/web/twitter_api/util_controller_test.exs @@ -775,4 +775,109 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do assert json_response(conn, 200) == %{"status" => "success"} end end + + describe "POST /api/pleroma/change_password" do + setup [:valid_user] + + test "without credentials", %{conn: conn} do + conn = post(conn, "/api/pleroma/change_password") + assert json_response(conn, 403) == %{"error" => "Invalid credentials."} + end + + test "with credentials and invalid password", %{conn: conn, user: current_user} do + conn = + conn + |> with_credentials(current_user.nickname, "test") + |> post("/api/pleroma/change_password", %{ + "password" => "hi", + "new_password" => "newpass", + "new_password_confirmation" => "newpass" + }) + + assert json_response(conn, 200) == %{"error" => "Invalid password."} + end + + test "with credentials, valid password and new password and confirmation not matching", %{ + conn: conn, + user: current_user + } do + conn = + conn + |> with_credentials(current_user.nickname, "test") + |> post("/api/pleroma/change_password", %{ + "password" => "test", + "new_password" => "newpass", + "new_password_confirmation" => "notnewpass" + }) + + assert json_response(conn, 200) == %{ + "error" => "New password does not match confirmation." + } + end + + test "with credentials, valid password and invalid new password", %{ + conn: conn, + user: current_user + } do + conn = + conn + |> with_credentials(current_user.nickname, "test") + |> post("/api/pleroma/change_password", %{ + "password" => "test", + "new_password" => "", + "new_password_confirmation" => "" + }) + + assert json_response(conn, 200) == %{ + "error" => "New password can't be blank." + } + end + + test "with credentials, valid password and matching new password and confirmation", %{ + conn: conn, + user: current_user + } do + conn = + conn + |> with_credentials(current_user.nickname, "test") + |> post("/api/pleroma/change_password", %{ + "password" => "test", + "new_password" => "newpass", + "new_password_confirmation" => "newpass" + }) + + assert json_response(conn, 200) == %{"status" => "success"} + fetched_user = User.get_cached_by_id(current_user.id) + assert Comeonin.Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true + end + end + + describe "POST /api/pleroma/delete_account" do + setup [:valid_user] + + test "without credentials", %{conn: conn} do + conn = post(conn, "/api/pleroma/delete_account") + assert json_response(conn, 403) == %{"error" => "Invalid credentials."} + end + + test "with credentials and invalid password", %{conn: conn, user: current_user} do + conn = + conn + |> with_credentials(current_user.nickname, "test") + |> post("/api/pleroma/delete_account", %{"password" => "hi"}) + + assert json_response(conn, 200) == %{"error" => "Invalid password."} + end + + test "with credentials and valid password", %{conn: conn, user: current_user} do + conn = + conn + |> with_credentials(current_user.nickname, "test") + |> post("/api/pleroma/delete_account", %{"password" => "test"}) + + assert json_response(conn, 200) == %{"status" => "success"} + # Wait a second for the started task to end + :timer.sleep(1000) + end + end end |