User password change (#280)

* start passwordChangeHandler * add user scope * add user module / api path * add password change request * make comment clearer * add user to processor * required true * add processor call to handler * don't pass tc or channel * change password func + tests * add some first docs about password management * update swagger docs * add api tests * go fmt * test fixes
2025-06-05 21:59:39 +02:00 · 2021-10-14 14:26:04 +02:00
parent a07e62e49e
commit 107685e22e
14 changed files with 749 additions and 0 deletions
--- a/internal/processing/user/changepassword_test.go
+++ b/internal/processing/user/changepassword_test.go
@@ -0,0 +1,74 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package user_test
+
+import (
+	"context"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"golang.org/x/crypto/bcrypt"
+)
+
+type ChangePasswordTestSuite struct {
+	UserStandardTestSuite
+}
+
+func (suite *ChangePasswordTestSuite) TestChangePasswordOK() {
+	user := suite.testUsers["local_account_1"]
+
+	errWithCode := suite.user.ChangePassword(context.Background(), user, "password", "verygoodnewpassword")
+	suite.NoError(errWithCode)
+
+	err := bcrypt.CompareHashAndPassword([]byte(user.EncryptedPassword), []byte("verygoodnewpassword"))
+	suite.NoError(err)
+
+	// get user from the db again
+	dbUser := &gtsmodel.User{}
+	err = suite.db.GetByID(context.Background(), user.ID, dbUser)
+	suite.NoError(err)
+
+	// check the password has changed
+	err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("verygoodnewpassword"))
+	suite.NoError(err)
+}
+
+func (suite *ChangePasswordTestSuite) TestChangePasswordIncorrectOld() {
+	user := suite.testUsers["local_account_1"]
+
+	errWithCode := suite.user.ChangePassword(context.Background(), user, "ooooopsydoooopsy", "verygoodnewpassword")
+	suite.EqualError(errWithCode, "crypto/bcrypt: hashedPassword is not the hash of the given password")
+	suite.Equal(http.StatusBadRequest, errWithCode.Code())
+	suite.Equal("bad request: old password did not match", errWithCode.Safe())
+}
+
+func (suite *ChangePasswordTestSuite) TestChangePasswordWeakNew() {
+	user := suite.testUsers["local_account_1"]
+
+	errWithCode := suite.user.ChangePassword(context.Background(), user, "password", "1234")
+	suite.EqualError(errWithCode, "insecure password, try including more special characters, using lowercase letters, using uppercase letters or using a longer password")
+	suite.Equal(http.StatusBadRequest, errWithCode.Code())
+	suite.Equal("bad request: insecure password, try including more special characters, using lowercase letters, using uppercase letters or using a longer password", errWithCode.Safe())
+}
+
+func TestChangePasswordTestSuite(t *testing.T) {
+	suite.Run(t, &ChangePasswordTestSuite{})
+}