File: //home/aliazzsr/api.crm.vqode.com/tests/api/AuthSetPasswordCept.php
<?php
$I = new ApiTester($scenario);
$I->wantTo('fail setting password by nonexistent token');
$I->comment('setting password by nonexistent token');
$I->sendPOST('auth/set-password', [
'email' => ApiTester::ADMIN_USER,
'token' => $I->fake()->randomAscii,
'password' => ApiTester::PASSWORD_DEFAULT,
]);
$I->seeResponseCodeIs(\Codeception\Util\HttpCode::UNPROCESSABLE_ENTITY);
$I->comment('setting new password using token generated');
$I->sendPOST('auth/reset-password', ['email' => ApiTester::ADMIN_USER]);
$token = $I->grabFromDatabase('user', 'token', ['email' => ApiTester::ADMIN_USER]);
$oldHash = $I->grabFromDatabase('user', 'password', ['email' => ApiTester::ADMIN_USER]);
$I->sendPOST('auth/set-password', [
'email' => ApiTester::ADMIN_USER,
'token' => $token,
'password' => ApiTester::PASSWORD_DEFAULT,
]);
$I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
$newHash = $I->grabFromDatabase('user', 'password', ['email' => ApiTester::ADMIN_USER]);
$I->assertNotEquals($newHash, $oldHash);
$I->comment('resetting password using the same token twice and fail');
$I->sendPOST('auth/set-password', [
'email' => ApiTester::ADMIN_USER,
'token' => $token,
'password' => ApiTester::PASSWORD_DEFAULT,
]);
$I->seeResponseCodeIs(\Codeception\Util\HttpCode::UNPROCESSABLE_ENTITY);
$I->comment('failing on reset password using an expired token');
$I->sendPOST('auth/reset-password', ['email' => ApiTester::ADMIN_USER]);
$token = $I->grabFromDatabase('user', 'token', ['email' => ApiTester::ADMIN_USER]);
$I->updateInDatabase('user', ['token_expires_at' => '2000-01-01 01:00:00'], ['email' => ApiTester::ADMIN_USER]);
$I->sendPOST('auth/set-password', [
'email' => ApiTester::ADMIN_USER,
'token' => $token,
'password' => ApiTester::PASSWORD_DEFAULT,
]);
$I->seeResponseCodeIs(\Codeception\Util\HttpCode::UNPROCESSABLE_ENTITY);