api/tests/Feature/UpdatePasswordTest.php

64 lines
2.1 KiB
PHP

<?php
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Hash;
uses(RefreshDatabase::class);
it('updates the authenticated user password and keeps the current api token', function () {
$user = User::factory()->create([
'password' => Hash::make('OldPassword123!'),
]);
$currentToken = $user->createToken('current-device');
$otherToken = $user->createToken('other-device');
$this
->withHeader('Authorization', 'Bearer '.$currentToken->plainTextToken)
->patchJson('/api/auth/me/password', [
'currentPassword' => 'OldPassword123!',
'password' => 'NewPassword123!',
'passwordConfirmation' => 'NewPassword123!',
])
->assertOk()
->assertJsonPath('message', __('api.auth.password_updated'));
expect(Hash::check('NewPassword123!', $user->fresh()->password))->toBeTrue();
$this->assertDatabaseHas('personal_access_tokens', [
'id' => $currentToken->accessToken->getKey(),
]);
$this->assertDatabaseMissing('personal_access_tokens', [
'id' => $otherToken->accessToken->getKey(),
]);
});
it('rejects an invalid current password', function () {
$user = User::factory()->create([
'password' => Hash::make('OldPassword123!'),
]);
$currentToken = $user->createToken('current-device');
$this
->withHeader('Authorization', 'Bearer '.$currentToken->plainTextToken)
->patchJson('/api/auth/me/password', [
'currentPassword' => 'wrong-password',
'password' => 'NewPassword123!',
'passwordConfirmation' => 'NewPassword123!',
])
->assertUnprocessable()
->assertJsonValidationErrors(['current_password']);
expect(Hash::check('OldPassword123!', $user->fresh()->password))->toBeTrue();
});
it('requires authentication to update the password', function () {
$this
->patchJson('/api/auth/me/password', [
'currentPassword' => 'OldPassword123!',
'password' => 'NewPassword123!',
'passwordConfirmation' => 'NewPassword123!',
])
->assertUnauthorized();
});