fix: add OTP expiration check in ResetPassword by lakhansamani · Pull Request #494 · authorizerdev/authorizer
@@ -1,15 +1,25 @@
package integration_tests
import ( "fmt" "strings" "testing" "time"
"github.com/authorizerdev/authorizer/internal/constants" "github.com/authorizerdev/authorizer/internal/graph/model" "github.com/authorizerdev/authorizer/internal/refs" "github.com/authorizerdev/authorizer/internal/storage/schemas" "github.com/google/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" )
// ensure imports are used var _ = time.Now var _ = fmt.Sprintf var _ = strings.Contains
// TestResetPassword tests the reset password functionality func TestResetPassword(t *testing.T) { cfg := getTestConfig() Expand Down Expand Up @@ -54,6 +64,68 @@ func TestResetPassword(t *testing.T) { assert.Nil(t, res) })
t.Run("should fail reset password with expired OTP", func(t *testing.T) { cfg2 := getTestConfig() cfg2.IsSMSServiceEnabled = true cfg2.EnableMobileBasicAuthentication = true cfg2.EnablePhoneVerification = true ts2 := initTestSetup(t, cfg2) req2, ctx2 := createContext(ts2)
mobile := "+14155550199" signupReq2 := &model.SignUpRequest{ PhoneNumber: &mobile, Password: password, ConfirmPassword: password, } _, err := ts2.GraphQLProvider.SignUp(ctx2, signupReq2) require.NoError(t, err)
// Get user and OTP user, err := ts2.StorageProvider.GetUserByPhoneNumber(ctx2, mobile) require.NoError(t, err)
otpData, err := ts2.StorageProvider.GetOTPByPhoneNumber(ctx2, mobile) require.NoError(t, err)
// Set OTP to expired expiredOTP := &schemas.OTP{ ID: otpData.ID, Email: otpData.Email, PhoneNumber: otpData.PhoneNumber, Otp: otpData.Otp, ExpiresAt: time.Now().Add(-10 * time.Minute).Unix(), } _, err = ts2.StorageProvider.UpsertOTP(ctx2, expiredOTP) require.NoError(t, err)
// Get MFA session allData, err := ts2.MemoryStoreProvider.GetAllData() require.NoError(t, err) sessionKey := "" for k := range allData { if strings.Contains(k, user.ID) { splitData := strings.Split(k, ":") if len(splitData) > 1 { sessionKey = splitData[1] break } } } req2.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.MfaCookieName+"_session", sessionKey))
resetReq := &model.ResetPasswordRequest{ Otp: refs.NewStringRef(otpData.Otp), PhoneNumber: refs.NewStringRef(mobile), Password: "NewPassword@123", ConfirmPassword: "NewPassword@123", } res, err := ts2.GraphQLProvider.ResetPassword(ctx2, resetReq) assert.Error(t, err) assert.Nil(t, res) assert.Contains(t, err.Error(), "expired") })
t.Run("should reset password with verification token", func(t *testing.T) { forgotPasswordReq := &model.ForgotPasswordRequest{ Email: refs.NewStringRef(email), Expand Down
import ( "fmt" "strings" "testing" "time"
"github.com/authorizerdev/authorizer/internal/constants" "github.com/authorizerdev/authorizer/internal/graph/model" "github.com/authorizerdev/authorizer/internal/refs" "github.com/authorizerdev/authorizer/internal/storage/schemas" "github.com/google/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" )
// ensure imports are used var _ = time.Now var _ = fmt.Sprintf var _ = strings.Contains
// TestResetPassword tests the reset password functionality func TestResetPassword(t *testing.T) { cfg := getTestConfig() Expand Down Expand Up @@ -54,6 +64,68 @@ func TestResetPassword(t *testing.T) { assert.Nil(t, res) })
t.Run("should fail reset password with expired OTP", func(t *testing.T) { cfg2 := getTestConfig() cfg2.IsSMSServiceEnabled = true cfg2.EnableMobileBasicAuthentication = true cfg2.EnablePhoneVerification = true ts2 := initTestSetup(t, cfg2) req2, ctx2 := createContext(ts2)
mobile := "+14155550199" signupReq2 := &model.SignUpRequest{ PhoneNumber: &mobile, Password: password, ConfirmPassword: password, } _, err := ts2.GraphQLProvider.SignUp(ctx2, signupReq2) require.NoError(t, err)
// Get user and OTP user, err := ts2.StorageProvider.GetUserByPhoneNumber(ctx2, mobile) require.NoError(t, err)
otpData, err := ts2.StorageProvider.GetOTPByPhoneNumber(ctx2, mobile) require.NoError(t, err)
// Set OTP to expired expiredOTP := &schemas.OTP{ ID: otpData.ID, Email: otpData.Email, PhoneNumber: otpData.PhoneNumber, Otp: otpData.Otp, ExpiresAt: time.Now().Add(-10 * time.Minute).Unix(), } _, err = ts2.StorageProvider.UpsertOTP(ctx2, expiredOTP) require.NoError(t, err)
// Get MFA session allData, err := ts2.MemoryStoreProvider.GetAllData() require.NoError(t, err) sessionKey := "" for k := range allData { if strings.Contains(k, user.ID) { splitData := strings.Split(k, ":") if len(splitData) > 1 { sessionKey = splitData[1] break } } } req2.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.MfaCookieName+"_session", sessionKey))
resetReq := &model.ResetPasswordRequest{ Otp: refs.NewStringRef(otpData.Otp), PhoneNumber: refs.NewStringRef(mobile), Password: "NewPassword@123", ConfirmPassword: "NewPassword@123", } res, err := ts2.GraphQLProvider.ResetPassword(ctx2, resetReq) assert.Error(t, err) assert.Nil(t, res) assert.Contains(t, err.Error(), "expired") })
t.Run("should reset password with verification token", func(t *testing.T) { forgotPasswordReq := &model.ForgotPasswordRequest{ Email: refs.NewStringRef(email), Expand Down