feat(web): change password (#7676)

Add the ability for users to change their password from their user settings, without requiring them to use the reset password workflow. User's are required to create a elevated session in order to change their password. Users may not change their password to their current password. The user's current password is required for the password change. Users must follow any established password policies. Administrators are able to turn this feature off. Closes #3548
author: Brynn Crowley <littlehill723@gmail.com> 2025-03-06 08:24:19 +0000
committer: GitHub <noreply@github.com> 2025-03-06 08:24:19 +0000
commit: f4abcb34b757e40467344ffdd7cec9f77f46a227 (patch)
tree: f3cc73da2ebaa978186f6f470d5bd27b279f6a96 /internal/suites/scenario_change_password_test.go
parent: 5b52a9d4b18b5a07b1edb7403b6dc90b8d5c628d (diff)
1 files changed, 160 insertions, 0 deletions
diff --git a/internal/suites/scenario_change_password_test.go b/internal/suites/scenario_change_password_test.go
new file mode 100644
index 000000000..8419a4f5c
--- /dev/null
+++ b/internal/suites/scenario_change_password_test.go
@@ -0,0 +1,160 @@
+package suites
+
+import (
+	"context"
+	"log"
+	"testing"
+	"time"
+)
+
+type ChangePasswordScenario struct {
+	*RodSuite
+}
+
+func NewChangePasswordScenario() *ChangePasswordScenario {
+	return &ChangePasswordScenario{RodSuite: NewRodSuite("")}
+}
+
+func (s *ChangePasswordScenario) SetupSuite() {
+	browser, err := NewRodSession(RodSessionWithCredentials(s))
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	s.RodSession = browser
+}
+
+func (s *ChangePasswordScenario) TearDownSuite() {
+	err := s.RodSession.Stop()
+
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+
+func (s *ChangePasswordScenario) SetupTest() {
+	s.Page = s.doCreateTab(s.T(), HomeBaseURL)
+	s.verifyIsHome(s.T(), s.Page)
+}
+
+func (s *ChangePasswordScenario) TearDownTest() {
+	s.collectCoverage(s.Page)
+	s.MustClose()
+}
+
+func (s *ChangePasswordScenario) TestShouldChangePassword() {
+	testCases := []struct {
+		name        string
+		username    string
+		oldPassword string
+		newPassword string
+	}{
+		{"case1", "john", "password", "password1"},
+		{"case2", "john", "password1", "password"},
+	}
+
+	for _, tc := range testCases {
+		s.T().Run(tc.name, func(t *testing.T) {
+			ctx, cancel := context.WithTimeout(context.Background(), 45*time.Second)
+			defer func() {
+				cancel()
+				s.collectScreenshot(ctx.Err(), s.Page)
+			}()
+			s.doLoginOneFactor(s.T(), s.Context(ctx), tc.username, tc.oldPassword, false, BaseDomain, "")
+			s.doOpenSettings(s.T(), s.Context(ctx))
+			s.doOpenSettingsMenuClickSecurity(s.T(), s.Context(ctx))
+
+			s.doChangePassword(s.T(), s.Context(ctx), tc.oldPassword, tc.newPassword, tc.newPassword)
+			s.doLogout(s.T(), s.Context(ctx))
+		})
+	}
+}
+
+func (s *ChangePasswordScenario) TestCannotChangePasswordToExistingPassword() {
+	testCases := []struct {
+		testName    string
+		username    string
+		oldPassword string
+	}{
+		{"case1", "john", "password"},
+	}
+
+	for _, tc := range testCases {
+		s.T().Run(tc.testName, func(t *testing.T) {
+			ctx, cancel := context.WithTimeout(context.Background(), 45*time.Second)
+			defer func() {
+				cancel()
+				s.collectScreenshot(ctx.Err(), s.Page)
+			}()
+			s.doLoginOneFactor(s.T(), s.Context(ctx), tc.username, tc.oldPassword, false, BaseDomain, "")
+			s.doOpenSettings(s.T(), s.Context(ctx))
+			s.doOpenSettingsMenuClickSecurity(s.T(), s.Context(ctx))
+
+			s.doMustChangePasswordExistingPassword(s.T(), s.Context(ctx), tc.oldPassword)
+
+			s.doLogout(s.T(), s.Context(ctx))
+		})
+	}
+}
+
+func (s *ChangePasswordScenario) TestCannotChangePasswordWithIncorrectOldPassword() {
+	testCases := []struct {
+		testName         string
+		username         string
+		oldPassword      string
+		wrongOldPassword string
+		newPassword      string
+	}{
+		{"case1", "john", "password", "wrong_password", "new_password"},
+	}
+
+	for _, tc := range testCases {
+		s.T().Run(tc.testName, func(t *testing.T) {
+			ctx, cancel := context.WithTimeout(context.Background(), 45*time.Second)
+			defer func() {
+				cancel()
+				s.collectScreenshot(ctx.Err(), s.Page)
+			}()
+			s.doLoginOneFactor(s.T(), s.Context(ctx), tc.username, tc.oldPassword, false, BaseDomain, "")
+
+			s.doOpenSettings(s.T(), s.Context(ctx))
+
+			s.doOpenSettingsMenuClickSecurity(s.T(), s.Context(ctx))
+
+			s.doMustChangePasswordWrongExistingPassword(s.T(), s.Context(ctx), tc.wrongOldPassword, tc.newPassword)
+
+			s.doLogout(s.T(), s.Context(ctx))
+		})
+	}
+}
+
+func (s *ChangePasswordScenario) TestNewPasswordsMustMatch() {
+	testCases := []struct {
+		testName     string
+		username     string
+		oldPassword  string
+		newPassword1 string
+		newPassword2 string
+	}{
+		{"case1", "john", "password", "my_new_password", "new_password"},
+	}
+
+	for _, tc := range testCases {
+		s.T().Run(tc.testName, func(t *testing.T) {
+			ctx, cancel := context.WithTimeout(context.Background(), 45*time.Second)
+			defer func() {
+				cancel()
+				s.collectScreenshot(ctx.Err(), s.Page)
+			}()
+			s.doLoginOneFactor(s.T(), s.Context(ctx), tc.username, tc.oldPassword, false, BaseDomain, "")
+
+			s.doOpenSettings(s.T(), s.Context(ctx))
+
+			s.doOpenSettingsMenuClickSecurity(s.T(), s.Context(ctx))
+
+			s.doMustChangePasswordMustMatch(s.T(), s.Context(ctx), tc.oldPassword, tc.newPassword1, tc.newPassword2)
+
+			s.doLogout(s.T(), s.Context(ctx))
+		})
+	}
+}
author	Brynn Crowley <littlehill723@gmail.com>	2025-03-06 08:24:19 +0000
committer	GitHub <noreply@github.com>	2025-03-06 08:24:19 +0000
commit	f4abcb34b757e40467344ffdd7cec9f77f46a227 (patch)
tree	f3cc73da2ebaa978186f6f470d5bd27b279f6a96 /internal/suites/scenario_change_password_test.go
parent	5b52a9d4b18b5a07b1edb7403b6dc90b8d5c628d (diff)