github.com/voedger/voedger@v0.0.0-20240520144910-273e84102129/pkg/sys/it/impl_changepassword_test.go (about) 1 /* 2 * Copyright (c) 2020-present unTill Pro, Ltd. 3 * @author Denis Gribanov 4 */ 5 6 package sys_it 7 8 import ( 9 "fmt" 10 "testing" 11 "time" 12 13 "github.com/voedger/voedger/pkg/istructs" 14 coreutils "github.com/voedger/voedger/pkg/utils" 15 it "github.com/voedger/voedger/pkg/vit" 16 ) 17 18 func TestBasicUsage_ChangePassword(t *testing.T) { 19 vit := it.NewVIT(t, &it.SharedConfig_App1) 20 defer vit.TearDown() 21 22 loginName := vit.NextName() 23 login := vit.SignUp(loginName, "1", istructs.AppQName_test1_app1) 24 25 // change the password 26 // null auth 27 newPwd := "2" 28 body := fmt.Sprintf(`{"args":{"Login":"%s","AppName":"%s"},"unloggedArgs":{"OldPassword":"1","NewPassword":"%s"}}`, loginName, istructs.AppQName_test1_app1, newPwd) 29 vit.PostApp(istructs.AppQName_sys_registry, login.PseudoProfileWSID, "c.registry.ChangePassword", body) 30 31 // note: previous tokens are still valid after password change 32 33 // expect no errors on login with new password 34 login.Pwd = newPwd 35 vit.SignIn(login) 36 } 37 38 func TestChangePasswordErrors(t *testing.T) { 39 vit := it.NewVIT(t, &it.SharedConfig_App1) 40 defer vit.TearDown() 41 42 prn := vit.GetPrincipal(istructs.AppQName_test1_app1, "login") // from VIT config 43 44 t.Run("login not found", func(t *testing.T) { 45 unexistingLogin := vit.NextName() 46 body := fmt.Sprintf(`{"args":{"Login":"%s","AppName":"%s"},"unloggedArgs":{"OldPassword":"1","NewPassword":"2"}}`, 47 unexistingLogin, istructs.AppQName_test1_app1) 48 vit.PostApp(istructs.AppQName_sys_registry, prn.PseudoProfileWSID, "c.registry.ChangePassword", body, coreutils.Expect401()) 49 }) 50 51 t.Run("wrong password", func(t *testing.T) { 52 vit.TimeAdd(time.Minute) // proceed to the next minute to avoid 429 too many requests 53 body := fmt.Sprintf(`{"args":{"Login":"%s","AppName":"%s"},"unloggedArgs":{"OldPassword":"2","NewPassword":"3"}}`, 54 prn.Login.Name, istructs.AppQName_test1_app1) 55 vit.PostApp(istructs.AppQName_sys_registry, prn.PseudoProfileWSID, "c.registry.ChangePassword", body, coreutils.Expect401()) 56 }) 57 58 t.Run("rate limit exceed", func(t *testing.T) { 59 vit.TimeAdd(time.Minute) // proceed to the next minute to avoid 429 too many requests 60 61 body := fmt.Sprintf(`{"args":{"Login":"%s","AppName":"%s"},"unloggedArgs":{"OldPassword":"2","NewPassword":"3"}}`, 62 prn.Login.Name, istructs.AppQName_test1_app1) 63 vit.PostApp(istructs.AppQName_sys_registry, prn.PseudoProfileWSID, "c.registry.ChangePassword", body, coreutils.Expect401()) // not 429, wrong password 64 65 // >1 calls per minute -> 429 66 vit.PostApp(istructs.AppQName_sys_registry, prn.PseudoProfileWSID, "c.registry.ChangePassword", body, coreutils.Expect429()) 67 68 // proceed to the next minute -> able to change the password again 69 vit.TimeAdd(time.Minute) 70 body = fmt.Sprintf(`{"args":{"Login":"%s","AppName":"%s"},"unloggedArgs":{"OldPassword":"2","NewPassword":"3"}}`, 71 prn.Login.Name, istructs.AppQName_test1_app1) 72 vit.PostApp(istructs.AppQName_sys_registry, prn.PseudoProfileWSID, "c.registry.ChangePassword", body, coreutils.Expect401()) // again not 429, wrong password 73 }) 74 }