bert.hausmans
836cffa232
Password reset: multi-app support with custom notification linking to correct frontend (app/portal/admin). Email change: self-service with password confirmation and admin-initiated, both sending verification to new address with 24h expiry. Confirmation sent to old email on completion. Password change: authenticated endpoint revoking other sessions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
119 lines
3.6 KiB
PHP
119 lines
3.6 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Tests\Feature\Api\V1;
|
|
|
|
use App\Models\User;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Tests\TestCase;
|
|
|
|
class PasswordChangeTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
public function test_user_can_change_password(): void
|
|
{
|
|
$user = User::factory()->create([
|
|
'password' => bcrypt('OudWachtwoord1'),
|
|
]);
|
|
|
|
$response = $this->actingAs($user)->postJson('/api/v1/me/change-password', [
|
|
'current_password' => 'OudWachtwoord1',
|
|
'password' => 'NieuwWachtwoord1',
|
|
'password_confirmation' => 'NieuwWachtwoord1',
|
|
]);
|
|
|
|
$response->assertOk();
|
|
|
|
$user->refresh();
|
|
$this->assertTrue(Hash::check('NieuwWachtwoord1', $user->password));
|
|
}
|
|
|
|
public function test_password_change_requires_correct_current_password(): void
|
|
{
|
|
$user = User::factory()->create([
|
|
'password' => bcrypt('OudWachtwoord1'),
|
|
]);
|
|
|
|
$response = $this->actingAs($user)->postJson('/api/v1/me/change-password', [
|
|
'current_password' => 'FoutWachtwoord1',
|
|
'password' => 'NieuwWachtwoord1',
|
|
'password_confirmation' => 'NieuwWachtwoord1',
|
|
]);
|
|
|
|
$response->assertStatus(422);
|
|
$response->assertJsonValidationErrors('current_password');
|
|
}
|
|
|
|
public function test_password_change_revokes_other_tokens(): void
|
|
{
|
|
$user = User::factory()->create([
|
|
'password' => bcrypt('OudWachtwoord1'),
|
|
]);
|
|
|
|
// Create two tokens
|
|
$currentToken = $user->createToken('current-session');
|
|
$otherToken = $user->createToken('other-session');
|
|
|
|
$this->assertCount(2, $user->tokens()->get());
|
|
|
|
// Act as user with the current token
|
|
$response = $this->withHeaders([
|
|
'Authorization' => 'Bearer ' . $currentToken->plainTextToken,
|
|
])->postJson('/api/v1/me/change-password', [
|
|
'current_password' => 'OudWachtwoord1',
|
|
'password' => 'NieuwWachtwoord1',
|
|
'password_confirmation' => 'NieuwWachtwoord1',
|
|
]);
|
|
|
|
$response->assertOk();
|
|
|
|
// Only the current session token should remain
|
|
$this->assertCount(1, $user->tokens()->get());
|
|
}
|
|
|
|
public function test_password_change_requires_confirmation(): void
|
|
{
|
|
$user = User::factory()->create([
|
|
'password' => bcrypt('OudWachtwoord1'),
|
|
]);
|
|
|
|
$response = $this->actingAs($user)->postJson('/api/v1/me/change-password', [
|
|
'current_password' => 'OudWachtwoord1',
|
|
'password' => 'NieuwWachtwoord1',
|
|
]);
|
|
|
|
$response->assertStatus(422);
|
|
$response->assertJsonValidationErrors('password');
|
|
}
|
|
|
|
public function test_password_change_requires_authentication(): void
|
|
{
|
|
$response = $this->postJson('/api/v1/me/change-password', [
|
|
'current_password' => 'OudWachtwoord1',
|
|
'password' => 'NieuwWachtwoord1',
|
|
'password_confirmation' => 'NieuwWachtwoord1',
|
|
]);
|
|
|
|
$response->assertStatus(401);
|
|
}
|
|
|
|
public function test_password_change_enforces_password_rules(): void
|
|
{
|
|
$user = User::factory()->create([
|
|
'password' => bcrypt('OudWachtwoord1'),
|
|
]);
|
|
|
|
$response = $this->actingAs($user)->postJson('/api/v1/me/change-password', [
|
|
'current_password' => 'OudWachtwoord1',
|
|
'password' => 'short',
|
|
'password_confirmation' => 'short',
|
|
]);
|
|
|
|
$response->assertStatus(422);
|
|
$response->assertJsonValidationErrors('password');
|
|
}
|
|
}
|