add test batches
This commit is contained in:
+55
@@ -0,0 +1,55 @@
|
||||
<?php
|
||||
|
||||
namespace Tests\Feature\Api\V1\FullSurface;
|
||||
|
||||
use Tests\Feature\Api\V1\FullSurface\Support\FullSurfaceE2EContractCase;
|
||||
|
||||
class ApiBatch13AccountRecoveryCredentialChangeContractTest extends FullSurfaceE2EContractCase
|
||||
{
|
||||
public function test_password_reset_and_credential_routes_do_not_leak_user_existence_or_tokens(): void
|
||||
{
|
||||
$routes = $this->apiRoutesContainingAny(['password', 'reset', 'forgot', 'verify', 'verification', 'credential', 'profile']);
|
||||
|
||||
foreach ($routes as $route) {
|
||||
$method = $this->primaryMethod($route);
|
||||
$payload = $this->payloadFor($method, $route->uri()) + [
|
||||
'email' => 'does-not-exist-batch13@example.test',
|
||||
'token' => str_repeat('x', 2048),
|
||||
'password' => 'short',
|
||||
'password_confirmation' => 'different',
|
||||
'current_password' => 'wrong-password',
|
||||
];
|
||||
|
||||
$response = $this->requestAs($this->actorFor($route->uri()), $method, $route->uri(), $payload);
|
||||
$this->assertControlled($response, $method, $route->uri());
|
||||
|
||||
$body = strtolower($response->getContent());
|
||||
$this->assertStringNotContainsString('password_resets', $body);
|
||||
$this->assertStringNotContainsString('remember_token', $body);
|
||||
$this->assertStringNotContainsString('reset_token', $body);
|
||||
}
|
||||
}
|
||||
|
||||
public function test_low_privilege_users_cannot_change_other_users_credentials(): void
|
||||
{
|
||||
$routes = $this->apiRoutesContainingAny(['users', 'profile', 'password', 'credential']);
|
||||
|
||||
foreach ($routes as $route) {
|
||||
$method = $this->primaryMethod($route);
|
||||
if (! in_array($method, ['POST', 'PUT', 'PATCH'], true)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$response = $this->requestAs($this->parent, $method, $route->uri(), [
|
||||
'user_id' => $this->admin->id,
|
||||
'email' => $this->admin->email,
|
||||
'password' => 'NewPassword123!',
|
||||
'password_confirmation' => 'NewPassword123!',
|
||||
'role' => 'administrator',
|
||||
]);
|
||||
|
||||
$this->assertControlled($response, $method, $route->uri());
|
||||
$this->assertNotContains($response->getStatusCode(), [200, 201]);
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user