first commit

tests/Identity/PasswordResetServiceIntegrationTest.php

@@ -0,0 +1,91 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tests\Identity;
+
+use Netig\Netslim\Identity\Application\PasswordResetApplicationService;
+use Netig\Netslim\Identity\Application\UseCase\RequestPasswordReset;
+use Netig\Netslim\Identity\Application\UseCase\ResetPassword;
+use Netig\Netslim\Identity\Application\UseCase\ValidatePasswordResetToken;
+use Netig\Netslim\Identity\Domain\Entity\User;
+use Netig\Netslim\Identity\Domain\Exception\InvalidResetTokenException;
+use Netig\Netslim\Identity\Domain\Policy\LoginRateLimitPolicy;
+use Netig\Netslim\Identity\Domain\Policy\PasswordPolicy;
+use Netig\Netslim\Identity\Domain\Policy\PasswordResetTokenPolicy;
+use Netig\Netslim\Identity\Infrastructure\PdoLoginAttemptRepository;
+use Netig\Netslim\Identity\Infrastructure\PdoPasswordResetRepository;
+use Netig\Netslim\Identity\Infrastructure\PdoUserRepository;
+use Netig\Netslim\Kernel\Mail\Application\MailServiceInterface;
+use Netig\Netslim\Kernel\Persistence\Infrastructure\Migrator;
+use Netig\Netslim\Kernel\Persistence\Infrastructure\PdoTransactionManager;
+use PDO;
+use PHPUnit\Framework\TestCase;
+
+#[\PHPUnit\Framework\Attributes\AllowMockObjectsWithoutExpectations]
+
+final class PasswordResetServiceIntegrationTest extends TestCase
+{
+    private PDO $db;
+
+    private PasswordResetApplicationService $service;
+
+    private PdoUserRepository $users;
+
+    private PdoPasswordResetRepository $resets;
+
+    protected function setUp(): void
+    {
+        $this->db = new PDO('sqlite::memory:', options: [
+            PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+        ]);
+        $this->db->sqliteCreateFunction('strip_tags', 'strip_tags', 1);
+        Migrator::run($this->db);
+
+        $this->users = new PdoUserRepository($this->db);
+        $this->resets = new PdoPasswordResetRepository($this->db);
+        $mail = new class () implements MailServiceInterface {
+            public function send(string $to, string $subject, string $template, array $context = []): void {}
+        };
+
+        $this->service = new PasswordResetApplicationService(
+            new RequestPasswordReset(
+                $this->resets,
+                $this->users,
+                $mail,
+                new PasswordResetTokenPolicy(),
+                new PdoLoginAttemptRepository($this->db),
+                new LoginRateLimitPolicy(),
+            ),
+            new ValidatePasswordResetToken($this->resets, $this->users),
+            new ResetPassword(
+                $this->resets,
+                $this->users,
+                new PdoTransactionManager($this->db),
+                new PasswordPolicy(),
+            ),
+        );
+    }
+
+    public function testResetPasswordConsumesTokenOnlyOnceAndUpdatesPassword(): void
+    {
+        $userId = $this->users->create(new User(0, 'alice', 'alice@example.com', password_hash('ancienpass12', PASSWORD_BCRYPT)));
+        $tokenRaw = 'token-brut-integration';
+        $tokenHash = hash('sha256', $tokenRaw);
+        $this->resets->create($userId, $tokenHash, date('Y-m-d H:i:s', time() + 3600));
+
+        $this->service->resetPassword($tokenRaw, 'nouveaupass12');
+
+        $user = $this->users->findById($userId);
+        self::assertNotNull($user);
+        self::assertTrue(password_verify('nouveaupass12', $user->getPasswordHash()));
+
+        $row = $this->db->query("SELECT used_at FROM password_resets WHERE token_hash = '{$tokenHash}'")->fetch();
+        self::assertIsArray($row);
+        self::assertNotEmpty($row['used_at']);
+
+        $this->expectException(InvalidResetTokenException::class);
+        $this->service->resetPassword($tokenRaw, 'encoreplusfort1');
+    }
+}