From 241b0e80b6d9e91cda1f03a9e3a6368710d1fe36 Mon Sep 17 00:00:00 2001 From: kolaente Date: Fri, 20 Mar 2026 10:11:59 +0100 Subject: [PATCH] test: add tests for disabled user password reset prevention --- pkg/db/fixtures/user_tokens.yml | 6 ++++++ pkg/db/fixtures/users.yml | 9 +++++++++ pkg/user/user_test.go | 27 +++++++++++++++++++++++++++ 3 files changed, 42 insertions(+) diff --git a/pkg/db/fixtures/user_tokens.yml b/pkg/db/fixtures/user_tokens.yml index f676297bd..1ef299e80 100644 --- a/pkg/db/fixtures/user_tokens.yml +++ b/pkg/db/fixtures/user_tokens.yml @@ -22,3 +22,9 @@ token: 'deletiontesttoken' kind: 3 created: 2021-07-12 00:00:14 +- + id: 5 + user_id: 17 + token: 'disableduserpasswordresettoken' + kind: 1 + created: 2024-01-01 00:00:00 diff --git a/pkg/db/fixtures/users.yml b/pkg/db/fixtures/users.yml index b2cc573c3..9bbee147e 100644 --- a/pkg/db/fixtures/users.yml +++ b/pkg/db/fixtures/users.yml @@ -127,3 +127,12 @@ default_project_id: 37 updated: 2018-12-02 15:13:12 created: 2018-12-01 15:13:12 +# Disabled user for security tests +- id: 17 + username: 'user17' + password: '$2a$04$X4aRMEt0ytgPwMIgv36cI..7X9.nhY/.tYwxpqSi0ykRHx2CwQ0S6' # 12345678 + email: 'user17@example.com' + status: 2 + issuer: local + updated: 2018-12-02 15:13:12 + created: 2018-12-01 15:13:12 diff --git a/pkg/user/user_test.go b/pkg/user/user_test.go index 03f42aa8e..7f0ab5cb6 100644 --- a/pkg/user/user_test.go +++ b/pkg/user/user_test.go @@ -470,6 +470,33 @@ func TestUserPasswordReset(t *testing.T) { require.Error(t, err) assert.True(t, IsErrInvalidPasswordResetToken(err)) }) + t.Run("disabled user cannot reset password", func(t *testing.T) { + db.LoadAndAssertFixtures(t) + s := db.NewSession() + defer s.Close() + + reset := &PasswordReset{ + Token: "disableduserpasswordresettoken", + NewPassword: "12345678", + } + _, err := ResetPassword(s, reset) + require.Error(t, err) + assert.True(t, IsErrAccountDisabled(err)) + }) +} + +func TestRequestPasswordResetTokenDisabledUser(t *testing.T) { + t.Run("disabled user cannot request password reset token", func(t *testing.T) { + db.LoadAndAssertFixtures(t) + s := db.NewSession() + defer s.Close() + + err := RequestUserPasswordResetTokenByEmail(s, &PasswordTokenRequest{ + Email: "user17@example.com", + }) + require.Error(t, err) + assert.True(t, IsErrAccountDisabled(err)) + }) } func TestCleanupOldTokens(t *testing.T) {