Add optional enforced password expiry.

1 files changed, 28 insertions, 0 deletions

diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t
index 899b64198..b23c1210c 100644
--- a/t/app/controller/auth.t
+++ b/t/app/controller/auth.t
@@ -3,6 +3,11 @@ use parent 'FixMyStreet::Cobrand::Default';
 
 sub must_have_2fa { 1 }
 
+package FixMyStreet::Cobrand::Expiring;
+use parent 'FixMyStreet::Cobrand::Default';
+
+sub password_expiry { 86400 }
+
 package main;
 
 use Test::MockModule;
@@ -286,6 +291,7 @@ subtest 'test forgotten password page' => sub {
         fields => { username => $test_email, password_register => 'squirblewirble' },
         button => 'sign_in_by_code',
     });
+    $mech->clear_emails_ok;
 };
 
 subtest "Test two-factor authentication login" => sub {
@@ -402,4 +408,26 @@ subtest "Check two-factor log in by email works" => sub {
     $mech->logged_in_ok;
 };
 
+FixMyStreet::override_config {
+    ALLOWED_COBRANDS => 'expiring'
+}, sub {
+    subtest 'Password expiry' => sub {
+        my $user = FixMyStreet::App->model('DB::User')->find( { email => $test_email } );
+        $user->set_extra_metadata('last_password_change', time() - 200000);
+        $user->unset_extra_metadata('2fa_secret');
+        $user->update;
+
+        $mech->get_ok('/');
+        $mech->content_contains('Password expired');
+        $mech->submit_form_ok(
+            { with_fields => { password_register => 'new-password' } },
+            "fill in reset form" );
+
+        my $link = $mech->get_link_from_email;
+        $mech->clear_emails_ok;
+        $mech->get_ok($link);
+        $mech->logged_in_ok;
+    };
+};
+
 done_testing();