test: add tests for disabled user password reset prevention

This commit is contained in:
kolaente 2026-03-20 10:11:59 +01:00 committed by kolaente
parent 708ccab895
commit 241b0e80b6
3 changed files with 42 additions and 0 deletions

View File

@ -22,3 +22,9 @@
token: 'deletiontesttoken'
kind: 3
created: 2021-07-12 00:00:14
-
id: 5
user_id: 17
token: 'disableduserpasswordresettoken'
kind: 1
created: 2024-01-01 00:00:00

View File

@ -127,3 +127,12 @@
default_project_id: 37
updated: 2018-12-02 15:13:12
created: 2018-12-01 15:13:12
# Disabled user for security tests
- id: 17
username: 'user17'
password: '$2a$04$X4aRMEt0ytgPwMIgv36cI..7X9.nhY/.tYwxpqSi0ykRHx2CwQ0S6' # 12345678
email: 'user17@example.com'
status: 2
issuer: local
updated: 2018-12-02 15:13:12
created: 2018-12-01 15:13:12

View File

@ -470,6 +470,33 @@ func TestUserPasswordReset(t *testing.T) {
require.Error(t, err)
assert.True(t, IsErrInvalidPasswordResetToken(err))
})
t.Run("disabled user cannot reset password", func(t *testing.T) {
db.LoadAndAssertFixtures(t)
s := db.NewSession()
defer s.Close()
reset := &PasswordReset{
Token: "disableduserpasswordresettoken",
NewPassword: "12345678",
}
_, err := ResetPassword(s, reset)
require.Error(t, err)
assert.True(t, IsErrAccountDisabled(err))
})
}
func TestRequestPasswordResetTokenDisabledUser(t *testing.T) {
t.Run("disabled user cannot request password reset token", func(t *testing.T) {
db.LoadAndAssertFixtures(t)
s := db.NewSession()
defer s.Close()
err := RequestUserPasswordResetTokenByEmail(s, &PasswordTokenRequest{
Email: "user17@example.com",
})
require.Error(t, err)
assert.True(t, IsErrAccountDisabled(err))
})
}
func TestCleanupOldTokens(t *testing.T) {