Skip to content

Commit 203ff85

Browse files
staaldraadstaaldraad
committed
chore: move test cases
1 parent 2aa7002 commit 203ff85

File tree

1 file changed

+23
-39
lines changed

1 file changed

+23
-39
lines changed

internal/api/user_test.go

Lines changed: 23 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -289,27 +289,6 @@ func (ts *UserTestSuite) TestUserUpdatePassword() {
289289
notRecentlyLoggedIn.ID).Exec(),
290290
)
291291

292-
// create a recovery session (OTP) created recently (within 15 minutes)
293-
recentRecoverySession, err := models.NewSession(u.ID, nil)
294-
require.NoError(ts.T(), err)
295-
require.NoError(ts.T(), ts.API.db.Create(recentRecoverySession))
296-
require.NoError(ts.T(), models.AddClaimToSession(ts.API.db, recentRecoverySession.ID, models.OTP))
297-
recentRecoverySession, err = models.FindSessionByID(ts.API.db, recentRecoverySession.ID, true)
298-
require.NoError(ts.T(), err)
299-
300-
// create a recovery session (OTP) whose created_at is older than 15 minutes
301-
staleRecoverySession, err := models.NewSession(u.ID, nil)
302-
require.NoError(ts.T(), err)
303-
require.NoError(ts.T(), ts.API.db.Create(staleRecoverySession))
304-
require.NoError(ts.T(), models.AddClaimToSession(ts.API.db, staleRecoverySession.ID, models.OTP))
305-
require.NoError(ts.T(), ts.API.db.RawQuery(
306-
"update "+staleRecoverySession.TableName()+" set created_at = ? where id = ?",
307-
time.Now().Add(-20*time.Minute),
308-
staleRecoverySession.ID).Exec(),
309-
)
310-
staleRecoverySession, err = models.FindSessionByID(ts.API.db, staleRecoverySession.ID, true)
311-
require.NoError(ts.T(), err)
312-
313292
type expected struct {
314293
code int
315294
isAuthenticated bool
@@ -386,24 +365,6 @@ func (ts *UserTestSuite) TestUserUpdatePassword() {
386365
sessionId: r.SessionId,
387366
expected: expected{code: http.StatusBadRequest, isAuthenticated: false},
388367
},
389-
{
390-
desc: "Current password not required for recent recovery session (OTP, within 15 minutes)",
391-
newPassword: "newpassword123",
392-
nonce: "",
393-
requireReauthentication: false,
394-
requireCurrentPassword: true,
395-
sessionId: &recentRecoverySession.ID,
396-
expected: expected{code: http.StatusOK, isAuthenticated: true},
397-
},
398-
{
399-
desc: "Current password required for stale recovery session (OTP, older than 15 minutes)",
400-
newPassword: "newpassword456",
401-
nonce: "",
402-
requireReauthentication: false,
403-
requireCurrentPassword: true,
404-
sessionId: &staleRecoverySession.ID,
405-
expected: expected{code: http.StatusBadRequest, isAuthenticated: false},
406-
},
407368
}
408369

409370
for _, c := range cases {
@@ -459,6 +420,7 @@ func (ts *UserTestSuite) TestUserUpdatePasswordViaRecovery() {
459420
newPassword string
460421
currentPassword string
461422
recoveryType models.AuthenticationMethod
423+
staleSession bool
462424
expected expected
463425
}{
464426
{
@@ -479,6 +441,20 @@ func (ts *UserTestSuite) TestUserUpdatePasswordViaRecovery() {
479441
recoveryType: models.EmailChange,
480442
expected: expected{code: http.StatusBadRequest, isAuthenticated: true},
481443
},
444+
{
445+
desc: "Current password not required for recent OTP recovery session (within 15 minutes)",
446+
newPassword: "newpassword789",
447+
recoveryType: models.OTP,
448+
staleSession: false,
449+
expected: expected{code: http.StatusOK, isAuthenticated: true},
450+
},
451+
{
452+
desc: "Current password required for stale OTP recovery session (older than 15 minutes)",
453+
newPassword: "newpassword789",
454+
recoveryType: models.OTP,
455+
staleSession: true,
456+
expected: expected{code: http.StatusBadRequest, isAuthenticated: false},
457+
},
482458
}
483459

484460
for _, c := range cases {
@@ -493,6 +469,14 @@ func (ts *UserTestSuite) TestUserUpdatePasswordViaRecovery() {
493469
// Add AMR claim to session to simulate recovery flow
494470
require.NoError(ts.T(), models.AddClaimToSession(ts.API.db, session.ID, c.recoveryType))
495471

472+
if c.staleSession {
473+
require.NoError(ts.T(), ts.API.db.RawQuery(
474+
"update "+session.TableName()+" set created_at = ? where id = ?",
475+
time.Now().Add(-20*time.Minute),
476+
session.ID).Exec(),
477+
)
478+
}
479+
496480
// Reload session with AMR claims
497481
session, err = models.FindSessionByID(ts.API.db, session.ID, true)
498482
require.NoError(ts.T(), err)

0 commit comments

Comments
 (0)