From 5eca1a916052c23f304eb6410a1d2cdfcc6a624d Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Wed, 19 Jan 2022 10:45:51 +0100
Subject: [PATCH] add: change password via api test, add helper methods to
 ApiTestTrait.

---
 tests/Helper/ApiTestTrait.php                 | 30 +++++++
 .../Api/Users/ChangePasswordApiTest.php       | 78 +++++++++++++++++++
 tests/TestCase/Api/Users/EditUserApiTest.php  | 20 +----
 3 files changed, 109 insertions(+), 19 deletions(-)
 create mode 100644 tests/TestCase/Api/Users/ChangePasswordApiTest.php

diff --git a/tests/Helper/ApiTestTrait.php b/tests/Helper/ApiTestTrait.php
index 8e20a36..56728f4 100644
--- a/tests/Helper/ApiTestTrait.php
+++ b/tests/Helper/ApiTestTrait.php
@@ -129,4 +129,34 @@ trait ApiTestTrait
         }
         $this->assertEmpty($record);
     }
+
+    /** 
+     * Parses the response body and returns the decoded JSON
+     * 
+     * @return void
+     * @throws \Exception
+     * 
+     * @see https://book.cakephp.org/4/en/orm-query-builder.html
+     */
+    public function getJsonResponseAsArray(): array
+    {
+        if ($this->_response->getHeaders()['Content-Type'][0] !== 'application/json') {
+            throw new \Exception('The response is not a JSON response');
+        }
+
+        return json_decode((string)$this->_response->getBody(), true);
+    }
+
+    /** 
+     * Gets a database records as an array
+     * 
+     * @param string $table The table name
+     * @param array $conditions The conditions to check
+     * @return array
+     * @throws \Cake\Datasource\Exception\RecordNotFoundException
+     */
+    public function getRecordFromDb(string $table, array $conditions): array
+    {
+        return $this->getTableLocator()->get($table)->find()->where($conditions)->first()->toArray();
+    }
 }
diff --git a/tests/TestCase/Api/Users/ChangePasswordApiTest.php b/tests/TestCase/Api/Users/ChangePasswordApiTest.php
new file mode 100644
index 0000000..f1c1b82
--- /dev/null
+++ b/tests/TestCase/Api/Users/ChangePasswordApiTest.php
@@ -0,0 +1,78 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\UsersFixture;
+use App\Test\Helper\ApiTestTrait;
+use Cake\Auth\FormAuthenticate;
+use Cake\Http\ServerRequest;
+use Cake\Http\Response;
+use Cake\Controller\ComponentRegistry;
+
+class ChangePasswordApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/users/edit';
+
+    /** @var \Cake\Auth\FormAuthenticate */
+    protected $auth;
+
+    /** @var \Cake\Controller\ComponentRegistry */
+    protected $collection;
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeOpenApiValidator($_ENV['OPENAPI_SPEC'] ?? APP . '../webroot/docs/openapi.yaml');
+
+        $this->collection = new ComponentRegistry();
+        $this->auth = new FormAuthenticate($this->collection, [
+            'userModel' => 'Users',
+        ]);
+    }
+
+    public function testChangePasswordOwnUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+        $newPassword = 'Test12345678!';
+
+        $this->put(
+            self::ENDPOINT,
+            [
+                'password' => $newPassword,
+            ]
+        );
+
+        $this->assertResponseOk();
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'put');
+
+        // Test new password with form login
+        $request = new ServerRequest([
+            'url' => 'users/login',
+            'post' => [
+                'username' => UsersFixture::USER_REGULAR_USER_USERNAME,
+                'password' => $newPassword
+            ],
+        ]);
+        $result = $this->auth->authenticate($request, new Response());
+
+        $this->assertEquals(UsersFixture::USER_REGULAR_USER_ID, $result['id']);
+        $this->assertEquals(UsersFixture::USER_REGULAR_USER_USERNAME, $result['username']);
+    }
+}
diff --git a/tests/TestCase/Api/Users/EditUserApiTest.php b/tests/TestCase/Api/Users/EditUserApiTest.php
index 39673ee..d52aea9 100644
--- a/tests/TestCase/Api/Users/EditUserApiTest.php
+++ b/tests/TestCase/Api/Users/EditUserApiTest.php
@@ -10,6 +10,7 @@ use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\UsersFixture;
 use App\Test\Fixture\RolesFixture;
 use App\Test\Helper\ApiTestTrait;
+use Authentication\PasswordHasher\DefaultPasswordHasher;
 
 class EditUserApiTest extends TestCase
 {
@@ -65,23 +66,4 @@ class EditUserApiTest extends TestCase
         //TODO: $this->assertRequestMatchesOpenApiSpec();
         $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'put');
     }
-
-    public function testEditSelfUser(): void
-    {
-        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
-        $this->put(
-            self::ENDPOINT,
-            [
-                'username' => 'test',
-            ]
-        );
-
-        $this->assertResponseOk();
-        $this->assertDbRecordExists('Users', [
-            'id' => UsersFixture::USER_REGULAR_USER_ID,
-            'username' => 'test'
-        ]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'put');
-    }
 }