Hi.Events/backend/tests/Feature/Auth/ResetPasswordTest.php at c1b457d799dc61efcd9ff9e588cb42c173d1ff04 · HiEventsDev/Hi.Events · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
<?php

declare(strict_types=1);

namespace Tests\Feature\Auth;

use HiEvents\Mail\User\ForgotPassword;
use HiEvents\Mail\User\ResetPasswordSuccess;
use HiEvents\Models\AccountConfiguration;
use HiEvents\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Mail;
use ReflectionClass;
use Tests\TestCase;

class ResetPasswordTest extends TestCase
{
    use RefreshDatabase;

    private const RESET_PASSWORD_ROUTE = '/auth/reset-password';
    private const FORGOT_PASSWORD_ROUTE = '/auth/forgot-password';

    public function setUp(): void
    {
        parent::setUp();
        AccountConfiguration::firstOrCreate(['id' => 1], [
            'id' => 1,
            'name' => 'Default',
            'is_system_default' => true,
            'application_fees' => json_encode(['percentage' => 1.5, 'fixed' => 0]),
        ]);
    }

    public function test_forgot_password_with_valid_email(): void
    {
        $user = User::factory()->withAccount()->create();
        Mail::fake();

        $response = $this->postJson(self::FORGOT_PASSWORD_ROUTE, [
            'email' => $user->email,
        ]);

        $response->assertStatus(200);
        Mail::assertQueued(ForgotPassword::class, function ($mail) use ($user) {
            return $mail->hasTo($user->email);
        });
    }

    public function test_forgot_password_with_invalid_email(): void
    {
        User::factory()->withAccount()->create();
        Mail::fake();

        $response = $this->postJson(self::FORGOT_PASSWORD_ROUTE, [
            'email' => 'otheremail@example.com',
        ]);

        $response->assertStatus(200);
        Mail::assertNotSent(ForgotPassword::class);
    }

    public function test_reset_password_with_valid_token(): void
    {
        $user = User::factory()->withAccount()->create();
        Mail::fake();

        $response = $this->postJson(self::FORGOT_PASSWORD_ROUTE, [
            'email' => $user->email,
        ]);
        $response->assertStatus(200);

        $mails = Mail::queued(ForgotPassword::class);
        $this->assertNotEmpty($mails);
        /** @var ForgotPassword $email */
        $email = $mails->last();

        // extract the token from the email
        $reflection = new ReflectionClass($email);
        $tokenProperty = $reflection->getProperty('token');
        $token = $tokenProperty->getValue($email);

        $response2 = $this->getJson(self::RESET_PASSWORD_ROUTE . '/' . urlencode($token));
        // assert token is valid
        $response2->assertStatus(204);

        $password = fake()->password(16);
        $response3 = $this->postJson(self::RESET_PASSWORD_ROUTE . '/' . urlencode($token), [
            'password' => $password,
            'password_confirmation' => $password,
        ]);
        $response3->assertStatus(200);

        Mail::assertQueued(ResetPasswordSuccess::class);
    }

    public function test_reset_password_with_invalid_token(): void
    {
        $user = User::factory()->withAccount()->create();
        Mail::fake();

        // create a token in database
        $response = $this->postJson(self::FORGOT_PASSWORD_ROUTE, [
            'email' => $user->email,
        ]);
        $response->assertStatus(200);

        $response2 = $this->getJson(self::RESET_PASSWORD_ROUTE . '/' . 'invalid_token');
        $response2->assertStatus(404);

        $password = fake()->password(16);

        $response3 = $this->postJson(self::RESET_PASSWORD_ROUTE . '/' . 'invalid_token', [
            'password' => $password,
            'password_confirmation' => $password,
        ]);
        $response3->assertStatus(404);

        Mail::assertNotQueued(ResetPasswordSuccess::class);
    }

    public function test_reset_password_with_old_password(): void
    {
        $password = fake()->password(16);
        $user = User::factory()->password($password)->withAccount()->create();
        Mail::fake();

        $response = $this->postJson(self::FORGOT_PASSWORD_ROUTE, [
            'email' => $user->email,
        ]);
        $response->assertStatus(200);

        $mails = Mail::queued(ForgotPassword::class);
        $this->assertNotEmpty($mails);
        /** @var ForgotPassword $email */
        $email = $mails->last();

        // extract the token from the email
        $reflection = new ReflectionClass($email);
        $tokenProperty = $reflection->getProperty('token');
        $token = $tokenProperty->getValue($email);

        $response2 = $this->postJson(self::RESET_PASSWORD_ROUTE . '/' . urlencode($token), [
            'password' => $password,
            'password_confirmation' => $password,
        ]);

        $response2->assertJsonValidationErrors('current_password');
    }
}