summaryrefslogtreecommitdiff
path: root/internal/handlers/handler_change_password_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/handlers/handler_change_password_test.go')
-rw-r--r--internal/handlers/handler_change_password_test.go73
1 files changed, 49 insertions, 24 deletions
diff --git a/internal/handlers/handler_change_password_test.go b/internal/handlers/handler_change_password_test.go
index 3783fef8e..920b2975e 100644
--- a/internal/handlers/handler_change_password_test.go
+++ b/internal/handlers/handler_change_password_test.go
@@ -3,15 +3,15 @@ package handlers
import (
"encoding/json"
"fmt"
+ "regexp"
"testing"
+ "github.com/sirupsen/logrus"
"github.com/stretchr/testify/assert"
- "github.com/stretchr/testify/suite"
"github.com/valyala/fasthttp"
"go.uber.org/mock/gomock"
"github.com/authelia/authelia/v4/internal/authentication"
-
"github.com/authelia/authelia/v4/internal/configuration/schema"
"github.com/authelia/authelia/v4/internal/middlewares"
"github.com/authelia/authelia/v4/internal/mocks"
@@ -22,30 +22,13 @@ const (
testPasswordNew = "new_password456"
)
-type ChangePasswordSuite struct {
- suite.Suite
- mock *mocks.MockAutheliaCtx
-}
-
-func (s *ChangePasswordSuite) SetupTest() {
- s.mock = mocks.NewMockAutheliaCtx(s.T())
- userSession, err := s.mock.Ctx.GetSession()
- s.Assert().NoError(err)
-
- userSession.Username = testUsername
- userSession.DisplayName = testUsername
- userSession.Emails[0] = testEmail
- userSession.AuthenticationMethodRefs.UsernameAndPassword = true
- s.Assert().NoError(s.mock.Ctx.SaveSession(userSession))
-}
-
-func (s *ChangePasswordSuite) TearDownTest() {
- s.mock.Close()
-}
-
func TestChangePasswordPOST_ShouldSucceedWithValidCredentials(t *testing.T) {
mock := mocks.NewMockAutheliaCtx(t)
+ defer mock.Close()
+
+ mock.Ctx.Logger.Logger.SetLevel(logrus.DebugLevel)
+
userSession, err := mock.Ctx.GetSession()
assert.NoError(t, err)
@@ -83,12 +66,18 @@ func TestChangePasswordPOST_ShouldSucceedWithValidCredentials(t *testing.T) {
ChangePasswordPOST(mock.Ctx)
+ mock.AssertLogEntryAdvanced(t, 1, logrus.DebugLevel, "User has changed their password", map[string]any{"username": testUsername})
+
assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
}
func TestChangePasswordPOST_ShouldFailWhenPasswordPolicyNotMet(t *testing.T) {
mock := mocks.NewMockAutheliaCtx(t)
+ defer mock.Close()
+
+ mock.Ctx.Logger.Logger.SetLevel(logrus.DebugLevel)
+
userSession, err := mock.Ctx.GetSession()
assert.NoError(t, err)
@@ -124,6 +113,8 @@ func TestChangePasswordPOST_ShouldFailWhenPasswordPolicyNotMet(t *testing.T) {
ChangePasswordPOST(mock.Ctx)
+ mock.AssertLogEntryAdvanced(t, 0, logrus.DebugLevel, "Unable to change password for user as their new password was weak or empty", map[string]any{"username": testUsername, "error": "the supplied password does not met the security policy"})
+
errResponse := mock.GetResponseError(t)
assert.Equal(t, "KO", errResponse.Status)
@@ -133,6 +124,10 @@ func TestChangePasswordPOST_ShouldFailWhenPasswordPolicyNotMet(t *testing.T) {
func TestChangePasswordPOST_ShouldFailWhenRequestBodyIsInvalid(t *testing.T) {
mock := mocks.NewMockAutheliaCtx(t)
+ defer mock.Close()
+
+ mock.Ctx.Logger.Logger.SetLevel(logrus.DebugLevel)
+
userSession, err := mock.Ctx.GetSession()
assert.NoError(t, err)
@@ -144,6 +139,8 @@ func TestChangePasswordPOST_ShouldFailWhenRequestBodyIsInvalid(t *testing.T) {
ChangePasswordPOST(mock.Ctx)
+ mock.AssertLogEntryAdvanced(t, 0, logrus.ErrorLevel, "Unable to change password for user: unable to parse request body", map[string]any{"username": testUsername, "error": regexp.MustCompile(`^(unable to parse body: .+|unable to validate body: .+|Body is not valid)$`)})
+
errResponse := mock.GetResponseError(t)
assert.Equal(t, "KO", errResponse.Status)
assert.Equal(t, messageUnableToChangePassword, errResponse.Message)
@@ -152,6 +149,10 @@ func TestChangePasswordPOST_ShouldFailWhenRequestBodyIsInvalid(t *testing.T) {
func TestChangePasswordPOST_ShouldFailWhenOldPasswordIsIncorrect(t *testing.T) {
mock := mocks.NewMockAutheliaCtx(t)
+ defer mock.Close()
+
+ mock.Ctx.Logger.Logger.SetLevel(logrus.DebugLevel)
+
userSession, err := mock.Ctx.GetSession()
assert.NoError(t, err)
@@ -179,6 +180,11 @@ func TestChangePasswordPOST_ShouldFailWhenOldPasswordIsIncorrect(t *testing.T) {
ChangePasswordPOST(mock.Ctx)
+ mock.AssertLogEntryAdvanced(t, 0, logrus.DebugLevel, "Unable to change password for user as their old password was incorrect", map[string]any{"username": testUsername, "error": "incorrect password"})
+
+ errorField := mock.Hook.LastEntry().Data["error"]
+ assert.ErrorIs(t, authentication.ErrIncorrectPassword, errorField.(error))
+
errResponse := mock.GetResponseError(t)
assert.Equal(t, "KO", errResponse.Status)
assert.Equal(t, messageIncorrectPassword, errResponse.Message)
@@ -187,6 +193,10 @@ func TestChangePasswordPOST_ShouldFailWhenOldPasswordIsIncorrect(t *testing.T) {
func TestChangePasswordPOST_ShouldFailWhenPasswordReuseIsNotAllowed(t *testing.T) {
mock := mocks.NewMockAutheliaCtx(t)
+ defer mock.Close()
+
+ mock.Ctx.Logger.Logger.SetLevel(logrus.DebugLevel)
+
userSession, err := mock.Ctx.GetSession()
assert.NoError(t, err)
@@ -214,6 +224,11 @@ func TestChangePasswordPOST_ShouldFailWhenPasswordReuseIsNotAllowed(t *testing.T
ChangePasswordPOST(mock.Ctx)
+ mock.AssertLogEntryAdvanced(t, 0, logrus.DebugLevel, "Unable to change password for user as their new password was weak or empty", map[string]any{"username": testUsername, "error": "your supplied password does not meet the password policy requirements"})
+
+ errorField := mock.Hook.LastEntry().Data["error"]
+ assert.ErrorIs(t, authentication.ErrPasswordWeak, errorField.(error))
+
errResponse := mock.GetResponseError(t)
assert.Equal(t, "KO", errResponse.Status)
assert.Equal(t, messagePasswordWeak, errResponse.Message)
@@ -221,6 +236,9 @@ func TestChangePasswordPOST_ShouldFailWhenPasswordReuseIsNotAllowed(t *testing.T
func TestChangePasswordPOST_ShouldSucceedButLogErrorWhenUserHasNoEmail(t *testing.T) {
mock := mocks.NewMockAutheliaCtx(t)
+ defer mock.Close()
+
+ mock.Ctx.Logger.Logger.SetLevel(logrus.DebugLevel)
userSession, err := mock.Ctx.GetSession()
assert.NoError(t, err)
@@ -255,11 +273,16 @@ func TestChangePasswordPOST_ShouldSucceedButLogErrorWhenUserHasNoEmail(t *testin
ChangePasswordPOST(mock.Ctx)
+ mock.AssertLogEntryAdvanced(t, 1, logrus.DebugLevel, "User has changed their password", map[string]any{"username": testUsername})
+
assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
}
func TestChangePasswordPOST_ShouldSucceedButLogErrorWhenNotificationFails(t *testing.T) {
mock := mocks.NewMockAutheliaCtx(t)
+ defer mock.Close()
+
+ mock.Ctx.Logger.Logger.SetLevel(logrus.DebugLevel)
userSession, err := mock.Ctx.GetSession()
assert.NoError(t, err)
@@ -294,9 +317,11 @@ func TestChangePasswordPOST_ShouldSucceedButLogErrorWhenNotificationFails(t *tes
mock.NotifierMock.EXPECT().
Send(mock.Ctx, gomock.Any(), "Password changed successfully", gomock.Any(), gomock.Any()).
- Return(fmt.Errorf("failed to send notification"))
+ Return(fmt.Errorf("notifier: smtp: failed to send message: connection refused"))
ChangePasswordPOST(mock.Ctx)
+ mock.AssertLogEntryAdvanced(t, 0, logrus.DebugLevel, "Unable to notify user of password change", map[string]any{"username": testUsername, "email": nil, "error": regexp.MustCompile(`^notifier: smtp: failed to .*: .+$`)})
+
assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
}