64 lines
2.1 KiB
PHP
64 lines
2.1 KiB
PHP
<?php
|
|
|
|
use App\Models\User;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Hash;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('updates the authenticated user password and keeps the current api token', function () {
|
|
$user = User::factory()->create([
|
|
'password' => Hash::make('OldPassword123!'),
|
|
]);
|
|
$currentToken = $user->createToken('current-device');
|
|
$otherToken = $user->createToken('other-device');
|
|
|
|
$this
|
|
->withHeader('Authorization', 'Bearer '.$currentToken->plainTextToken)
|
|
->patchJson('/api/auth/me/password', [
|
|
'currentPassword' => 'OldPassword123!',
|
|
'password' => 'NewPassword123!',
|
|
'passwordConfirmation' => 'NewPassword123!',
|
|
])
|
|
->assertOk()
|
|
->assertJsonPath('message', __('api.auth.password_updated'));
|
|
|
|
expect(Hash::check('NewPassword123!', $user->fresh()->password))->toBeTrue();
|
|
|
|
$this->assertDatabaseHas('personal_access_tokens', [
|
|
'id' => $currentToken->accessToken->getKey(),
|
|
]);
|
|
$this->assertDatabaseMissing('personal_access_tokens', [
|
|
'id' => $otherToken->accessToken->getKey(),
|
|
]);
|
|
});
|
|
|
|
it('rejects an invalid current password', function () {
|
|
$user = User::factory()->create([
|
|
'password' => Hash::make('OldPassword123!'),
|
|
]);
|
|
$currentToken = $user->createToken('current-device');
|
|
|
|
$this
|
|
->withHeader('Authorization', 'Bearer '.$currentToken->plainTextToken)
|
|
->patchJson('/api/auth/me/password', [
|
|
'currentPassword' => 'wrong-password',
|
|
'password' => 'NewPassword123!',
|
|
'passwordConfirmation' => 'NewPassword123!',
|
|
])
|
|
->assertUnprocessable()
|
|
->assertJsonValidationErrors(['current_password']);
|
|
|
|
expect(Hash::check('OldPassword123!', $user->fresh()->password))->toBeTrue();
|
|
});
|
|
|
|
it('requires authentication to update the password', function () {
|
|
$this
|
|
->patchJson('/api/auth/me/password', [
|
|
'currentPassword' => 'OldPassword123!',
|
|
'password' => 'NewPassword123!',
|
|
'passwordConfirmation' => 'NewPassword123!',
|
|
])
|
|
->assertUnauthorized();
|
|
});
|