92 lines
3.6 KiB
PHP
92 lines
3.6 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Tests\Identity;
|
|
|
|
use Netig\Netslim\Identity\Application\PasswordResetApplicationService;
|
|
use Netig\Netslim\Identity\Application\UseCase\RequestPasswordReset;
|
|
use Netig\Netslim\Identity\Application\UseCase\ResetPassword;
|
|
use Netig\Netslim\Identity\Application\UseCase\ValidatePasswordResetToken;
|
|
use Netig\Netslim\Identity\Domain\Entity\User;
|
|
use Netig\Netslim\Identity\Domain\Exception\InvalidResetTokenException;
|
|
use Netig\Netslim\Identity\Domain\Policy\LoginRateLimitPolicy;
|
|
use Netig\Netslim\Identity\Domain\Policy\PasswordPolicy;
|
|
use Netig\Netslim\Identity\Domain\Policy\PasswordResetTokenPolicy;
|
|
use Netig\Netslim\Identity\Infrastructure\PdoLoginAttemptRepository;
|
|
use Netig\Netslim\Identity\Infrastructure\PdoPasswordResetRepository;
|
|
use Netig\Netslim\Identity\Infrastructure\PdoUserRepository;
|
|
use Netig\Netslim\Kernel\Mail\Application\MailServiceInterface;
|
|
use Netig\Netslim\Kernel\Persistence\Infrastructure\Migrator;
|
|
use Netig\Netslim\Kernel\Persistence\Infrastructure\PdoTransactionManager;
|
|
use PDO;
|
|
use PHPUnit\Framework\TestCase;
|
|
|
|
#[\PHPUnit\Framework\Attributes\AllowMockObjectsWithoutExpectations]
|
|
|
|
final class PasswordResetServiceIntegrationTest extends TestCase
|
|
{
|
|
private PDO $db;
|
|
|
|
private PasswordResetApplicationService $service;
|
|
|
|
private PdoUserRepository $users;
|
|
|
|
private PdoPasswordResetRepository $resets;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
$this->db = new PDO('sqlite::memory:', options: [
|
|
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
|
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
|
|
]);
|
|
$this->db->sqliteCreateFunction('strip_tags', 'strip_tags', 1);
|
|
Migrator::run($this->db);
|
|
|
|
$this->users = new PdoUserRepository($this->db);
|
|
$this->resets = new PdoPasswordResetRepository($this->db);
|
|
$mail = new class () implements MailServiceInterface {
|
|
public function send(string $to, string $subject, string $template, array $context = []): void {}
|
|
};
|
|
|
|
$this->service = new PasswordResetApplicationService(
|
|
new RequestPasswordReset(
|
|
$this->resets,
|
|
$this->users,
|
|
$mail,
|
|
new PasswordResetTokenPolicy(),
|
|
new PdoLoginAttemptRepository($this->db),
|
|
new LoginRateLimitPolicy(),
|
|
),
|
|
new ValidatePasswordResetToken($this->resets, $this->users),
|
|
new ResetPassword(
|
|
$this->resets,
|
|
$this->users,
|
|
new PdoTransactionManager($this->db),
|
|
new PasswordPolicy(),
|
|
),
|
|
);
|
|
}
|
|
|
|
public function testResetPasswordConsumesTokenOnlyOnceAndUpdatesPassword(): void
|
|
{
|
|
$userId = $this->users->create(new User(0, 'alice', 'alice@example.com', password_hash('ancienpass12', PASSWORD_BCRYPT)));
|
|
$tokenRaw = 'token-brut-integration';
|
|
$tokenHash = hash('sha256', $tokenRaw);
|
|
$this->resets->create($userId, $tokenHash, date('Y-m-d H:i:s', time() + 3600));
|
|
|
|
$this->service->resetPassword($tokenRaw, 'nouveaupass12');
|
|
|
|
$user = $this->users->findById($userId);
|
|
self::assertNotNull($user);
|
|
self::assertTrue(password_verify('nouveaupass12', $user->getPasswordHash()));
|
|
|
|
$row = $this->db->query("SELECT used_at FROM password_resets WHERE token_hash = '{$tokenHash}'")->fetch();
|
|
self::assertIsArray($row);
|
|
self::assertNotEmpty($row['used_at']);
|
|
|
|
$this->expectException(InvalidResetTokenException::class);
|
|
$this->service->resetPassword($tokenRaw, 'encoreplusfort1');
|
|
}
|
|
}
|