mirror of
				https://github.com/strapi/strapi.git
				synced 2025-10-25 06:51:12 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			141 lines
		
	
	
		
			3.8 KiB
		
	
	
	
		
			JavaScript
		
	
	
	
	
	
			
		
		
	
	
			141 lines
		
	
	
		
			3.8 KiB
		
	
	
	
		
			JavaScript
		
	
	
	
	
	
| 'use strict';
 | |
| 
 | |
| const { createStrapiInstance } = require('api-tests/strapi');
 | |
| const { createRequest } = require('api-tests/request');
 | |
| const { createAuthenticatedUser } = require('../utils');
 | |
| 
 | |
| let strapi;
 | |
| let rq;
 | |
| 
 | |
| const internals = {
 | |
|   user: {
 | |
|     username: 'test',
 | |
|     email: 'test@strapi.io',
 | |
|     password: 'Test1234',
 | |
|     confirmed: true,
 | |
|     provider: 'local',
 | |
|   },
 | |
|   newPassword: 'Test12345',
 | |
| };
 | |
| 
 | |
| const data = {};
 | |
| 
 | |
| describe('Auth API', () => {
 | |
|   beforeAll(async () => {
 | |
|     strapi = await createStrapiInstance({ bypassAuth: false });
 | |
| 
 | |
|     const { jwt, user } = await createAuthenticatedUser({ strapi, userInfo: internals.user });
 | |
| 
 | |
|     data.user = user;
 | |
| 
 | |
|     rq = createRequest({ strapi }).setURLPrefix('/api/auth').setToken(jwt);
 | |
|   });
 | |
| 
 | |
|   afterAll(async () => {
 | |
|     await strapi.destroy();
 | |
|   });
 | |
| 
 | |
|   describe('Change Password', () => {
 | |
|     test('Fails on unauthenticated request', async () => {
 | |
|       const nonAuthRequest = createRequest({ strapi });
 | |
| 
 | |
|       const res = await nonAuthRequest({
 | |
|         method: 'POST',
 | |
|         url: '/api/auth/change-password',
 | |
|         body: {},
 | |
|       });
 | |
| 
 | |
|       expect(res.statusCode).toBe(403);
 | |
|       expect(res.body.error.name).toBe('ForbiddenError');
 | |
|       expect(res.body.error.message).toBe('Forbidden');
 | |
|     });
 | |
| 
 | |
|     test('Fails on invalid confirm password', async () => {
 | |
|       const res = await rq({
 | |
|         method: 'POST',
 | |
|         url: '/change-password',
 | |
|         body: {
 | |
|           password: 'newPassword',
 | |
|           passwordConfirmation: 'somethingElse',
 | |
|           currentPassword: internals.user.password,
 | |
|         },
 | |
|       });
 | |
| 
 | |
|       expect(res.statusCode).toBe(400);
 | |
|       expect(res.body.error.name).toBe('ValidationError');
 | |
|       expect(res.body.error.message).toBe('Passwords do not match');
 | |
|     });
 | |
| 
 | |
|     test('Fails on invalid current password', async () => {
 | |
|       const res = await rq({
 | |
|         method: 'POST',
 | |
|         url: '/change-password',
 | |
|         body: {
 | |
|           password: 'newPassword',
 | |
|           passwordConfirmation: 'newPassword',
 | |
|           currentPassword: 'badPassword',
 | |
|         },
 | |
|       });
 | |
| 
 | |
|       expect(res.statusCode).toBe(400);
 | |
|       expect(res.body.error.name).toBe('ValidationError');
 | |
|       expect(res.body.error.message).toBe('The provided current password is invalid');
 | |
|     });
 | |
| 
 | |
|     test('Fails when current and new password are the same', async () => {
 | |
|       const res = await rq({
 | |
|         method: 'POST',
 | |
|         url: '/change-password',
 | |
|         body: {
 | |
|           password: internals.user.password,
 | |
|           passwordConfirmation: internals.user.password,
 | |
|           currentPassword: internals.user.password,
 | |
|         },
 | |
|       });
 | |
| 
 | |
|       expect(res.statusCode).toBe(400);
 | |
|       expect(res.body.error.name).toBe('ValidationError');
 | |
|       expect(res.body.error.message).toBe(
 | |
|         'Your new password must be different than your current password'
 | |
|       );
 | |
|     });
 | |
| 
 | |
|     test('Returns user info and jwt token on success', async () => {
 | |
|       const res = await rq({
 | |
|         method: 'POST',
 | |
|         url: '/change-password',
 | |
|         body: {
 | |
|           password: internals.newPassword,
 | |
|           passwordConfirmation: internals.newPassword,
 | |
|           currentPassword: internals.user.password,
 | |
|         },
 | |
|       });
 | |
| 
 | |
|       expect(res.statusCode).toBe(200);
 | |
|       expect(res.body).toMatchObject({
 | |
|         jwt: expect.any(String),
 | |
|         user: {
 | |
|           id: data.user.id,
 | |
|           email: data.user.email,
 | |
|           username: data.user.username,
 | |
|         },
 | |
|       });
 | |
|     });
 | |
| 
 | |
|     test('Can login with new password after success', async () => {
 | |
|       const rq = createRequest({ strapi }).setURLPrefix('/api/auth');
 | |
| 
 | |
|       const res = await rq({
 | |
|         method: 'POST',
 | |
|         url: '/local',
 | |
|         body: {
 | |
|           identifier: internals.user.email,
 | |
|           password: internals.newPassword,
 | |
|         },
 | |
|       });
 | |
| 
 | |
|       expect(res.statusCode).toBe(200);
 | |
|     });
 | |
|   });
 | |
| });
 | 
