fix: add test to forgot password

AI-READI · Jul 16, 2024 · 49da375 · 49da375
1 parent 622865f
commit 49da375
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 3 deletions.
diff --git a/apis/authentication.py b/apis/authentication.py
@@ -643,6 +643,9 @@ def post(self):
         if not user:
             raise ValidationError("Email doesnt exist")
 
+        if data["token"] != user.password_reset_token:
+            return "You have already reset your password", 400
+
         validate_pass = user.check_password(data["new_password"])
         if validate_pass:
             return "old and new password can not be same. Please select a new one", 422
@@ -685,6 +688,9 @@ def confirm_new_password(instance):
         user.set_password(data["new_password"])
         model.db.session.commit()
 
+        user.update_password_reset(None)
+        model.db.session.commit()
+
         email_address = user.email_address if user else ""
         first_name = user.user_details.first_name if user else ""
         last_name = user.user_details.last_name if user else ""

diff --git a/tests/functional/test_user.py b/tests/functional/test_user.py
@@ -167,7 +167,7 @@ def test_post_reset_password(flask_app):
     assert logout_response.status_code == 204
 
 
-def test_post_reset_password_is_not_same_old(flask_app):
+def test_post_reset_password_invalidation(flask_app):
     """
     Given a Flask application configured for testing
     WHEN the '/auth/password/reset-password' endpoint is requested (POST)
@@ -191,8 +191,8 @@ def test_post_reset_password_is_not_same_old(flask_app):
         "/auth/reset-password",
         json={
             "token": token,
-            "confirm_password": "uniquepassword4testing!",
-            "new_password": "uniquepassword4testing!",
+            "confirm_password": "invalidatepassword4testing!",
+            "new_password": "invalidatepassword4testing!",
         },
     )
 
@@ -207,6 +207,38 @@ def test_post_reset_password_is_not_same_old(flask_app):
         },
     )
 
+    assert reset_response_old.status_code == 400
+
+
+def test_post_reset_password_is_not_same_old(flask_app):
+    """
+    Given a Flask application configured for testing
+    WHEN the '/auth/password/reset-password' endpoint is requested (POST)
+    THEN check that the response is valid and the password is changed
+    """
+    _test_client = flask_app.test_client()
+
+    forgot_response = _test_client.post(
+        "/auth/forgot-password",
+        json={
+            "email_address": "[email protected]",
+
+        },
+    )
+    assert forgot_response.status_code == 200
+
+    token = forgot_response.headers["X-Token"]
+    assert token is not None
+
+    reset_response_old = _test_client.post(
+        "/auth/reset-password",
+        json={
+            "token": token,
+            "confirm_password": "invalidatepassword4testing!",
+            "new_password": "invalidatepassword4testing!",
+        },
+    )
+
     assert reset_response_old.status_code == 422