6 files changed, 131 insertions, 13 deletions

diff --git a/t/app/controller/admin/users.t b/t/app/controller/admin/users.t
index e6cf51449..63295e26d 100644
--- a/t/app/controller/admin/users.t
+++ b/t/app/controller/admin/users.t
@@ -410,4 +410,30 @@ subtest "Hiding user's reports from admin" => sub {
     is $c, $count_u;
 };
 
+subtest "Logging user out" => sub {
+    my $mech2 = FixMyStreet::TestMech->new;
+    $mech2->log_in_ok($user->email);
+    $mech2->logged_in_ok;
+
+    $mech->get_ok( '/admin/user_edit/' . $user->id );
+    $mech->submit_form_ok({ button => 'logout_everywhere' }, 'Logging user out');
+    $mech2->not_logged_in_ok;
+};
+
+subtest "Removing account from admin" => sub {
+    $mech->create_problems_for_body(4, 2237, 'Title');
+    my $count_p = FixMyStreet::DB->resultset('Problem')->search({ user_id => $user->id })->count;
+    my $count_u = FixMyStreet::DB->resultset('Comment')->search({ user_id => $user->id })->count;
+    $mech->get_ok( '/admin/user_edit/' . $user->id );
+    $mech->submit_form_ok({ button => 'remove_account' }, 'Removing account');
+    my $c = FixMyStreet::DB->resultset('Problem')->search({ user_id => $user->id, anonymous => 1, name => '' })->count;
+    is $c, $count_p, 'All reports anon/nameless';
+    $c = FixMyStreet::DB->resultset('Comment')->search({ user_id => $user->id, anonymous => 1, name => '' })->count;
+    is $c, $count_u, 'All updates anon/nameless';
+    $user->discard_changes;
+    is $user->name, '', 'Name gone';
+    is $user->password, '', 'Password gone';
+    is $user->email, 'removed-' . $user->id . '@example.org', 'Email gone'
+};
+
 done_testing();
diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t
index 70b970e2b..8cc7e4154 100644
--- a/t/app/controller/auth.t
+++ b/t/app/controller/auth.t
@@ -5,7 +5,7 @@ my $mech = FixMyStreet::TestMech->new;
 
 my $test_email    = 'test@example.com';
 my $test_email3   = 'newuser@example.org';
-my $test_password = 'foobar';
+my $test_password = 'foobar123';
 
 END {
     done_testing();
@@ -277,6 +277,29 @@ subtest "check logging in with token" => sub {
     $mech->delete_header('Authorization');
 };
 
+subtest 'check password length/common' => sub {
+    $mech->get_ok('/auth');
+    $mech->submit_form_ok({
+        form_name => 'general_auth',
+        fields => { username => $test_email, password_register => 'short' },
+        button => 'sign_in_by_code',
+    });
+    $mech->content_contains("Please make sure your password is at least");
+    $mech->submit_form_ok({
+        form_name => 'general_auth',
+        fields => { username => $test_email, password_register => 'common' },
+        button => 'sign_in_by_code',
+    });
+    $mech->content_contains("Please choose a less commonly-used password");
+};
+
+subtest 'check common password AJAX call' => sub {
+    $mech->post_ok('/auth/common_password', { password_register => 'password' });
+    $mech->content_contains("Please choose a less commonly-used password");
+    $mech->post_ok('/auth/common_password', { password_register => 'squirblewirble' });
+    $mech->content_contains("true");
+};
+
 subtest "Test two-factor authentication login" => sub {
     use Auth::GoogleAuth;
     my $auth = Auth::GoogleAuth->new;
diff --git a/t/app/controller/auth_profile.t b/t/app/controller/auth_profile.t
index c9daff7ae..4be1be12c 100644
--- a/t/app/controller/auth_profile.t
+++ b/t/app/controller/auth_profile.t
@@ -8,7 +8,7 @@ LWP::Protocol::PSGI->register($twilio->to_psgi_app, host => 'api.twilio.com');
 
 my $test_email    = 'test@example.com';
 my $test_email2   = 'test@example.net';
-my $test_password = 'foobar';
+my $test_password = 'foobar123';
 
 END {
     done_testing();
@@ -75,9 +75,68 @@ subtest "Test change password page" => sub {
         {
             form_name => 'change_password',
             fields =>
-              { new_password => $test_password, confirm => $test_password, },
+              { new_password => 'new_password', confirm => 'new_password', },
         },
-        "change_password with '$test_password' and '$test_password'"
+        "change_password with 'new_password' and 'new_password'"
+    );
+    is $mech->uri->path, '/auth/change_password',
+      "still on change password page";
+    $mech->content_contains('check your email');
+
+    $link = $mech->get_link_from_email;
+    $mech->get_ok($link);
+    is $mech->uri->path, '/my', "redirected to /my";
+
+    $mech->content_contains( 'password has been changed',
+        "found password changed" );
+
+    $user->discard_changes();
+    ok $user->password, "user now has a password";
+};
+
+# Change password, when already got one
+subtest "Test change password page with current password" => sub {
+    $mech->get_ok('/auth/change_password');
+
+    ok my $form = $mech->form_name('change_password'),
+      "found change password form";
+    is_deeply [ sort grep { $_ } map { $_->name } $form->inputs ],    #
+      [ 'confirm', 'current_password', 'new_password', 'token' ],
+      "check we got expected fields (ie not old_password)";
+
+    # check the various ways the form can be wrong
+    for my $test (
+        { current => '', new => '', conf => '', err => 'check the passwords', },
+        { current => 'new_password', new => '', conf => '', err => 'enter a password', },
+        { current => 'new_password', new => 'secret', conf => '', err => 'do not match', },
+        { current => 'new_password', new => '', conf => 'secret', err => 'do not match', },
+        { current => 'new_password', new => 'secret', conf => 'not_secret', err => 'do not match', },
+      )
+    {
+        $mech->get_ok('/auth/change_password');
+        $mech->content_lacks( $test->{err}, "did not find expected error" );
+        $mech->submit_form_ok(
+            {
+                form_name => 'change_password',
+                fields =>
+                  { current_password => $test->{current}, new_password => $test->{new}, confirm => $test->{conf}, },
+            },
+            "change_password with '$test->{current}', '$test->{new}' and '$test->{conf}'"
+        );
+        $mech->content_contains( $test->{err}, "found expected error" );
+    }
+
+    my $user = FixMyStreet::App->model('DB::User')->find( { email => $test_email } );
+    ok $user, "got a user";
+
+    $mech->get_ok('/auth/change_password');
+    $mech->submit_form_ok(
+        {
+            form_name => 'change_password',
+            fields =>
+              { current_password => 'new_password', new_password => $test_password, confirm => $test_password },
+        },
+        "change_password with 'new_password' and '$test_password'"
     );
     is $mech->uri->path, '/auth/change_password',
       "still on change password page";
@@ -88,6 +147,20 @@ subtest "Test change password page" => sub {
     ok $user->password, "user now has a password";
 };
 
+subtest 'check password length/common' => sub {
+    $mech->get_ok('/auth/change_password');
+    $mech->submit_form_ok({
+        form_name => 'change_password',
+        fields => { current_password => $test_password, new_password => 'short', confirm => 'short' },
+    });
+    $mech->content_contains("Please make sure your password is at least");
+    $mech->submit_form_ok({
+        form_name => 'change_password',
+        fields => { current_password => $test_password, new_password => 'common', confirm => 'common' },
+    });
+    $mech->content_contains("Please choose a less commonly-used password");
+};
+
 subtest "Test change email page" => sub {
     $mech->create_problems_for_body(1, 2514, 'Title1', { user => FixMyStreet::DB->resultset('User')->find( { email => $test_email } ) } );
 
diff --git a/t/app/controller/report_new.t b/t/app/controller/report_new.t
index f5af6f082..3c120b0b0 100644
--- a/t/app/controller/report_new.t
+++ b/t/app/controller/report_new.t
@@ -1262,9 +1262,7 @@ for my $test (
         is $user->title, $test->{'user_title'}, 'user title correct';
         is_deeply $extras, $test->{extra}, 'extra contains correct values';
 
-        $user->problems->delete;
-        $user->alerts->delete;
-        $user->delete;
+        $mech->delete_user($user);
     };
 }
 
@@ -1731,9 +1729,7 @@ subtest "extra google analytics code displayed on email confirmation problem cre
 
         $mech->content_contains( "'id': 'report/" . $report->id . "'", 'extra google code present' );
 
-        $user->problems->delete;
-        $user->alerts->delete;
-        $user->delete;
+        $mech->delete_user($user);
     };
 };
 
diff --git a/t/app/controller/report_new_text.t b/t/app/controller/report_new_text.t
index 734b9dbb4..cb07e57ee 100644
--- a/t/app/controller/report_new_text.t
+++ b/t/app/controller/report_new_text.t
@@ -45,8 +45,8 @@ foreach my $test (
             password_register => '', password_sign_in => '',
         },
         changes => {
-            username => '+44 121 496 0000',
-            phone => '+44 121 496 0000',
+            username => '0121 496 0000',
+            phone => '0121 496 0000',
         },
         errors => [ 'Please enter a mobile number', ],
     },
diff --git a/t/app/controller/report_update_text.t b/t/app/controller/report_update_text.t
index 45b4e78c2..a3b767221 100644
--- a/t/app/controller/report_update_text.t
+++ b/t/app/controller/report_update_text.t
@@ -95,7 +95,7 @@ for my $test (
             password_sign_in => '',
         },
         changes => {
-            username => '+44 121 496 0000',
+            username => '0121 496 0000',
         },
         field_errors => [ 'Please enter a mobile number' ]
     },