aboutsummaryrefslogtreecommitdiffstats
path: root/t
diff options
context:
space:
mode:
Diffstat (limited to 't')
-rw-r--r--t/app/controller/auth.t25
-rw-r--r--t/app/controller/auth_profile.t79
-rw-r--r--t/app/controller/report_new_text.t4
-rw-r--r--t/app/controller/report_update_text.t2
4 files changed, 103 insertions, 7 deletions
diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t
index 8d60137a2..bec8698d5 100644
--- a/t/app/controller/auth.t
+++ b/t/app/controller/auth.t
@@ -5,7 +5,7 @@ my $mech = FixMyStreet::TestMech->new;
my $test_email = 'test@example.com';
my $test_email3 = 'newuser@example.org';
-my $test_password = 'foobar';
+my $test_password = 'foobar123';
END {
done_testing();
@@ -276,3 +276,26 @@ subtest "check logging in with token" => sub {
$mech->delete_header('Authorization');
};
+
+subtest 'check password length/common' => sub {
+ $mech->get_ok('/auth');
+ $mech->submit_form_ok({
+ form_name => 'general_auth',
+ fields => { username => $test_email, password_register => 'short' },
+ button => 'sign_in_by_code',
+ });
+ $mech->content_contains("Please make sure your password is at least");
+ $mech->submit_form_ok({
+ form_name => 'general_auth',
+ fields => { username => $test_email, password_register => 'common' },
+ button => 'sign_in_by_code',
+ });
+ $mech->content_contains("Please choose a less commonly-used password");
+};
+
+subtest 'check common password AJAX call' => sub {
+ $mech->post_ok('/auth/common_password', { password_register => 'password' });
+ $mech->content_contains("Please choose a less commonly-used password");
+ $mech->post_ok('/auth/common_password', { password_register => 'squirblewirble' });
+ $mech->content_contains("true");
+};
diff --git a/t/app/controller/auth_profile.t b/t/app/controller/auth_profile.t
index 74edccfe6..de2ad6534 100644
--- a/t/app/controller/auth_profile.t
+++ b/t/app/controller/auth_profile.t
@@ -8,7 +8,7 @@ LWP::Protocol::PSGI->register($twilio->to_psgi_app, host => 'api.twilio.com');
my $test_email = 'test@example.com';
my $test_email2 = 'test@example.net';
-my $test_password = 'foobar';
+my $test_password = 'foobar123';
END {
done_testing();
@@ -75,9 +75,68 @@ subtest "Test change password page" => sub {
{
form_name => 'change_password',
fields =>
- { new_password => $test_password, confirm => $test_password, },
+ { new_password => 'new_password', confirm => 'new_password', },
},
- "change_password with '$test_password' and '$test_password'"
+ "change_password with 'new_password' and 'new_password'"
+ );
+ is $mech->uri->path, '/auth/change_password',
+ "still on change password page";
+ $mech->content_contains('check your email');
+
+ $link = $mech->get_link_from_email;
+ $mech->get_ok($link);
+ is $mech->uri->path, '/my', "redirected to /my";
+
+ $mech->content_contains( 'password has been changed',
+ "found password changed" );
+
+ $user->discard_changes();
+ ok $user->password, "user now has a password";
+};
+
+# Change password, when already got one
+subtest "Test change password page with current password" => sub {
+ $mech->get_ok('/auth/change_password');
+
+ ok my $form = $mech->form_name('change_password'),
+ "found change password form";
+ is_deeply [ sort grep { $_ } map { $_->name } $form->inputs ], #
+ [ 'confirm', 'current_password', 'new_password', 'token' ],
+ "check we got expected fields (ie not old_password)";
+
+ # check the various ways the form can be wrong
+ for my $test (
+ { current => '', new => '', conf => '', err => 'check the passwords', },
+ { current => 'new_password', new => '', conf => '', err => 'enter a password', },
+ { current => 'new_password', new => 'secret', conf => '', err => 'do not match', },
+ { current => 'new_password', new => '', conf => 'secret', err => 'do not match', },
+ { current => 'new_password', new => 'secret', conf => 'not_secret', err => 'do not match', },
+ )
+ {
+ $mech->get_ok('/auth/change_password');
+ $mech->content_lacks( $test->{err}, "did not find expected error" );
+ $mech->submit_form_ok(
+ {
+ form_name => 'change_password',
+ fields =>
+ { current_password => $test->{current}, new_password => $test->{new}, confirm => $test->{conf}, },
+ },
+ "change_password with '$test->{current}', '$test->{new}' and '$test->{conf}'"
+ );
+ $mech->content_contains( $test->{err}, "found expected error" );
+ }
+
+ my $user = FixMyStreet::App->model('DB::User')->find( { email => $test_email } );
+ ok $user, "got a user";
+
+ $mech->get_ok('/auth/change_password');
+ $mech->submit_form_ok(
+ {
+ form_name => 'change_password',
+ fields =>
+ { current_password => 'new_password', new_password => $test_password, confirm => $test_password },
+ },
+ "change_password with 'new_password' and '$test_password'"
);
is $mech->uri->path, '/auth/change_password',
"still on change password page";
@@ -88,6 +147,20 @@ subtest "Test change password page" => sub {
ok $user->password, "user now has a password";
};
+subtest 'check password length/common' => sub {
+ $mech->get_ok('/auth/change_password');
+ $mech->submit_form_ok({
+ form_name => 'change_password',
+ fields => { current_password => $test_password, new_password => 'short', confirm => 'short' },
+ });
+ $mech->content_contains("Please make sure your password is at least");
+ $mech->submit_form_ok({
+ form_name => 'change_password',
+ fields => { current_password => $test_password, new_password => 'common', confirm => 'common' },
+ });
+ $mech->content_contains("Please choose a less commonly-used password");
+};
+
subtest "Test change email page" => sub {
$mech->create_problems_for_body(1, 2514, 'Title1', { user => FixMyStreet::DB->resultset('User')->find( { email => $test_email } ) } );
diff --git a/t/app/controller/report_new_text.t b/t/app/controller/report_new_text.t
index 734b9dbb4..cb07e57ee 100644
--- a/t/app/controller/report_new_text.t
+++ b/t/app/controller/report_new_text.t
@@ -45,8 +45,8 @@ foreach my $test (
password_register => '', password_sign_in => '',
},
changes => {
- username => '+44 121 496 0000',
- phone => '+44 121 496 0000',
+ username => '0121 496 0000',
+ phone => '0121 496 0000',
},
errors => [ 'Please enter a mobile number', ],
},
diff --git a/t/app/controller/report_update_text.t b/t/app/controller/report_update_text.t
index 45b4e78c2..a3b767221 100644
--- a/t/app/controller/report_update_text.t
+++ b/t/app/controller/report_update_text.t
@@ -95,7 +95,7 @@ for my $test (
password_sign_in => '',
},
changes => {
- username => '+44 121 496 0000',
+ username => '0121 496 0000',
},
field_errors => [ 'Please enter a mobile number' ]
},