Skip to content

Commit

Permalink
Merge pull request #98 from coopTilleuls/82-json-validation-on-post-f…
Browse files Browse the repository at this point in the history 
…orgot_passwordtokenvalue-is-incorrect

Fix JSON validation on update password
  • Loading branch information
@vincentchalamon
vincentchalamon committed Jul 28, 2022
2 parents 5517582 + 3da61ff commit 9ceb61b
Show file tree
Hide file tree
Showing 4 changed files with 45 additions and 19 deletions.
25 changes: 16 additions & 9 deletions EventListener/RequestEventListener.php
View file
Expand Up @@ -72,18 +72,25 @@ public function decodeRequest(KernelEvent $event): void
}

if ('coop_tilleuls_forgot_password.reset' === $routeName) {
if (!\in_array($fieldName, $this->authorizedFields, true)) {
throw new UnauthorizedFieldException($fieldName);
}
$request->attributes->set('propertyName', $fieldName);
$request->attributes->set('value', $data[$fieldName]);
} else {
if ($this->userPasswordField !== $fieldName) {
throw new MissingFieldHttpException($this->userPasswordField);
foreach ($data as $fieldName => $value) {
if (\in_array($fieldName, $this->authorizedFields, true)) {
$request->attributes->set('propertyName', $fieldName);
$request->attributes->set('value', $value);

return;
}
}

$request->attributes->set($fieldName, $data[$fieldName]);
throw new UnauthorizedFieldException($fieldName);
}

if (!empty($data[$this->userPasswordField])) {
$request->attributes->set($this->userPasswordField, $data[$this->userPasswordField]);

return;
}

throw new MissingFieldHttpException($this->userPasswordField);
}

public function getTokenFromRequest(KernelEvent $event): void
Expand Down
1 change: 1 addition & 0 deletions Resources/doc/getting_started.md
View file
Expand Up @@ -102,6 +102,7 @@ coop_tilleuls_forgot_password:
class: 'App\Entity\User' # User class fully qualified name (required)
email_field: 'email' # Email property in user class (optional, default value)
password_field: 'password' # Password property in user class (optional, default value)
authorized_fields: [ 'email' ] # User properties authorized to reset the password (optional, default value)
use_jms_serializer: false # Switch between symfony's serializer component or JMS Serializer
```

Expand Down
33 changes: 23 additions & 10 deletions features/bootstrap/FeatureContext.php
View file
Expand Up @@ -82,8 +82,8 @@ public function iHaveAnExpiredToken(): void
}

/**
* @Then I reset my password
* @Then I reset my password with my :propertyName ":value"
* @When I reset my password
* @When I reset my password with my :propertyName ":value"
*
* @param string $propertyName
* @param string $value
Expand Down Expand Up @@ -149,6 +149,7 @@ public function thePageShouldNotBeFound(): void
*/
public function theResponseShouldBeEmpty(): void
{
dump($this->client->getResponse()->getContent());
Assert::assertTrue(
$this->client->getResponse()->isEmpty(),
sprintf('Response is not valid: got %d', $this->client->getResponse()->getStatusCode())
Expand Down Expand Up @@ -179,7 +180,7 @@ public function theRequestShouldBeInvalidWithMessage($message): void
}

/**
* @Then I reset my password using invalid email address
* @When I reset my password using invalid email address
*/
public function iResetMyPasswordUsingInvalidEmailAddress(): void
{
Expand All @@ -198,15 +199,15 @@ public function iResetMyPasswordUsingInvalidEmailAddress(): void
}

/**
* @Then I reset my password using no parameter
* @When I reset my password using no parameter
*/
public function iResetMyPasswordUsingNoParameter(): void
{
$this->client->request('POST', '/api/forgot-password/');
}

/**
* @Then I update my password
* @When I update my password
*/
public function iUpdateMyPassword(): void
{
Expand All @@ -220,14 +221,26 @@ public function iUpdateMyPassword(): void
['CONTENT_TYPE' => 'application/json'],
<<<'JSON'
{
"ignoreMe": "bar",
"password": "foo"
}
JSON
);
}

/**
* @Then I update my password using no password
* @Then the password should have been updated
*/
public function thePasswordShouldHaveBeenUpdated(): void
{
$user = $this->doctrine->getManager()->getRepository(User::class)->findOneBy(['username' => 'JohnDoe']);

Assert::assertNotNull($user, 'Unable to retrieve User object.');
Assert::assertEquals('foo', $user->getPassword(), sprintf('User password hasn\'t be updated, expected "foo", got "%s".', $user->getPassword()));
}

/**
* @When I update my password using no password
*/
public function iUpdateMyPasswordUsingNoPassword(): void
{
Expand All @@ -237,7 +250,7 @@ public function iUpdateMyPasswordUsingNoPassword(): void
}

/**
* @Then I update my password using an invalid token
* @When I update my password using an invalid token
*/
public function iUpdateMyPasswordUsingAnInvalidToken(): void
{
Expand All @@ -256,7 +269,7 @@ public function iUpdateMyPasswordUsingAnInvalidToken(): void
}

/**
* @Then I update my password using an expired token
* @When I update my password using an expired token
*/
public function iUpdateMyPasswordUsingAnExpiredToken(): void
{
Expand All @@ -277,7 +290,7 @@ public function iUpdateMyPasswordUsingAnExpiredToken(): void
}

/**
* @Then I get a password token
* @When I get a password token
*/
public function iGetAPasswordToken(): void
{
Expand All @@ -302,7 +315,7 @@ public function iShouldGetAPasswordToken(): void
}

/**
* @Then I get a password token using an expired token
* @When I get a password token using an expired token
*/
public function iGetAPasswordTokenUsingAnExpiredToken(): void
{
Expand Down
5 changes: 5 additions & 0 deletions features/forgotPassword.feature
View file
Expand Up @@ -42,6 +42,11 @@ Feature: I need to be able to reset my password
When I update my password using no password
Then the request should be invalid with message 'No parameter sent.'

Scenario: I can update my password using a valid token and a password
When I update my password
Then the response should be empty
And the password should have been updated

Scenario: I can get a password token
When I get a password token
Then I should get a password token
Expand Down

0 comments on commit 9ceb61b

Please sign in to comment.