bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
02c4b4fd5f720a559d2378aec60aebe2c57130a6
crewli/api/tests/Feature/Api/V1/PasswordResetTest.php
bert.hausmans 02c4b4fd5f feat(api): password reset endpoints with portal URL 
Add forgot-password and reset-password API routes with rate limiting.
Customize reset URL to point to portal frontend via AppServiceProvider.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 07:39:11 +02:00

155 lines
5.0 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace Tests\Feature\Api\V1;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Notification;
use Illuminate\Support\Facades\Password;
use Tests\TestCase;
class PasswordResetTest extends TestCase
{
use RefreshDatabase;
// ─── Forgot Password ────────────────────────────────────────────────
public function test_forgot_password_returns_success_for_existing_email(): void
{
Notification::fake();
User::factory()->create(['email' => 'jan@voorbeeld.nl']);
$response = $this->postJson('/api/v1/auth/forgot-password', [
'email' => 'jan@voorbeeld.nl',
]);
$response->assertOk();
$response->assertJsonPath('message', 'Als dit emailadres bij ons bekend is, ontvang je een link om je wachtwoord te resetten.');
}
public function test_forgot_password_returns_same_success_for_nonexisting_email(): void
{
$response = $this->postJson('/api/v1/auth/forgot-password', [
'email' => 'onbekend@voorbeeld.nl',
]);
$response->assertOk();
$response->assertJsonPath('message', 'Als dit emailadres bij ons bekend is, ontvang je een link om je wachtwoord te resetten.');
}
public function test_forgot_password_validates_email_required(): void
{
$response = $this->postJson('/api/v1/auth/forgot-password', []);
$response->assertStatus(422);
$response->assertJsonValidationErrors('email');
}
public function test_forgot_password_validates_email_format(): void
{
$response = $this->postJson('/api/v1/auth/forgot-password', [
'email' => 'not-an-email',
]);
$response->assertStatus(422);
$response->assertJsonValidationErrors('email');
}
public function test_forgot_password_is_rate_limited(): void
{
for ($i = 0; $i < 5; $i++) {
$this->postJson('/api/v1/auth/forgot-password', [
'email' => 'test@voorbeeld.nl',
]);
}
$response = $this->postJson('/api/v1/auth/forgot-password', [
'email' => 'test@voorbeeld.nl',
]);
$response->assertStatus(429);
}
// ─── Reset Password ─────────────────────────────────────────────────
public function test_reset_password_with_valid_token(): void
{
$user = User::factory()->create(['email' => 'jan@voorbeeld.nl']);
$token = Password::createToken($user);
$response = $this->postJson('/api/v1/auth/reset-password', [
'token' => $token,
'email' => 'jan@voorbeeld.nl',
'password' => 'nieuwwachtwoord123',
'password_confirmation' => 'nieuwwachtwoord123',
]);
$response->assertOk();
$response->assertJsonPath('message', 'Wachtwoord succesvol gewijzigd.');
// Verify password was actually changed
$user->refresh();
$this->assertTrue(Hash::check('nieuwwachtwoord123', $user->password));
}
public function test_reset_password_with_invalid_token_returns_422(): void
{
User::factory()->create(['email' => 'jan@voorbeeld.nl']);
$response = $this->postJson('/api/v1/auth/reset-password', [
'token' => 'invalid-token-here',
'email' => 'jan@voorbeeld.nl',
'password' => 'nieuwwachtwoord123',
'password_confirmation' => 'nieuwwachtwoord123',
]);
$response->assertStatus(422);
}
public function test_reset_password_requires_confirmation(): void
{
$user = User::factory()->create(['email' => 'jan@voorbeeld.nl']);
$token = Password::createToken($user);
$response = $this->postJson('/api/v1/auth/reset-password', [
'token' => $token,
'email' => 'jan@voorbeeld.nl',
'password' => 'nieuwwachtwoord123',
]);
$response->assertStatus(422);
$response->assertJsonValidationErrors('password');
}
public function test_reset_password_requires_minimum_length(): void
{
$user = User::factory()->create(['email' => 'jan@voorbeeld.nl']);
$token = Password::createToken($user);
$response = $this->postJson('/api/v1/auth/reset-password', [
'token' => $token,
'email' => 'jan@voorbeeld.nl',
'password' => 'short',
'password_confirmation' => 'short',
]);
$response->assertStatus(422);
$response->assertJsonValidationErrors('password');
}
public function test_reset_password_validates_required_fields(): void
{
$response = $this->postJson('/api/v1/auth/reset-password', []);
$response->assertStatus(422);
$response->assertJsonValidationErrors(['token', 'email', 'password']);
}
}
Reference in New Issue View Git Blame Copy Permalink