feat: change password (#35)

* refactor: implement factories for testing * add additional factories * change protection for dropFields * prevent timed attacks on login * use switch instead of else-if * API implementation for changing password * add change-password dialog
2022-10-09 09:23:21 -08:00 · 2022-10-09 09:23:21 -08:00 · a6d2fd45df
commit a6d2fd45df
parent a6e3989aee
19 changed files with 458 additions and 149 deletions
--- a/frontend/lib/api/test/user/labels.test.ts
+++ b/frontend/lib/api/test/user/labels.test.ts
@ -1,23 +1,17 @@
 import { describe, expect, test } from "vitest";
 import { LabelOut } from "../../types/data-contracts";
 import { UserClient } from "../../user";
+import { factories } from "../factories";
 import { sharedUserClient } from "../test-utils";

 describe("locations lifecycle (create, update, delete)", () => {
-  let increment = 0;
-
  /**
   * useLabel sets up a label resource for testing, and returns a function
   * that can be used to delete the label from the backend server.
   */
  async function useLabel(api: UserClient): Promise<[LabelOut, () => Promise<void>]> {
-    const { response, data } = await api.labels.create({
-      name: `__test__.label.name_${increment}`,
-      description: `__test__.label.description_${increment}`,
-      color: "",
-    });
+    const { response, data } = await api.labels.create(factories.label());
    expect(response.status).toBe(201);
-    increment++;

    const cleanup = async () => {
      const { response } = await api.labels.delete(data.id);
@ -29,11 +23,7 @@ describe("locations lifecycle (create, update, delete)", () => {
  test("user should be able to create a label", async () => {
    const api = await sharedUserClient();

-    const labelData = {
-      name: "test-label",
-      description: "test-description",
-      color: "",
-    };
+    const labelData = factories.label();

    const { response, data } = await api.labels.create(labelData);

--- a/frontend/lib/api/test/user/locations.test.ts
+++ b/frontend/lib/api/test/user/locations.test.ts
@ -1,22 +1,17 @@
 import { describe, expect, test } from "vitest";
 import { LocationOut } from "../../types/data-contracts";
 import { UserClient } from "../../user";
+import { factories } from "../factories";
 import { sharedUserClient } from "../test-utils";

 describe("locations lifecycle (create, update, delete)", () => {
-  let increment = 0;
-
  /**
   * useLocatio sets up a location resource for testing, and returns a function
   * that can be used to delete the location from the backend server.
   */
  async function useLocation(api: UserClient): Promise<[LocationOut, () => Promise<void>]> {
-    const { response, data } = await api.locations.create({
-      name: `__test__.location.name_${increment}`,
-      description: `__test__.location.description_${increment}`,
-    });
+    const { response, data } = await api.locations.create(factories.location());
    expect(response.status).toBe(201);
-    increment++;

    const cleanup = async () => {
      const { response } = await api.locations.delete(data.id);
@ -29,10 +24,7 @@ describe("locations lifecycle (create, update, delete)", () => {
  test("user should be able to create a location", async () => {
    const api = await sharedUserClient();

-    const locationData = {
-      name: "test-location",
-      description: "test-description",
-    };
+    const locationData = factories.location();

    const { response, data } = await api.locations.create(locationData);

--- a/frontend/lib/api/test/user/user.test.ts
+++ b/frontend/lib/api/test/user/user.test.ts
@ -0,0 +1,27 @@
+import { faker } from "@faker-js/faker";
+import { describe, expect, test } from "vitest";
+import { factories } from "../factories";
+
+describe("basic user workflows", () => {
+  test("user should be able to change password", async () => {
+    const { client, user } = await factories.client.singleUse();
+    const password = faker.internet.password();
+
+    // Change Password
+    {
+      const response = await client.user.changePassword(user.password, password);
+      expect(response.error).toBeFalsy();
+      expect(response.status).toBe(204);
+    }
+
+    // Ensure New Login is Valid
+    {
+      const pub = factories.client.public();
+      const response = await pub.login(user.email, password);
+      expect(response.error).toBeFalsy();
+      expect(response.status).toBe(200);
+    }
+
+    await client.user.delete();
+  }, 20000);
+});