Add tests and fixes

BrunoQuaresma · BrunoQuaresma · commit 212020aaf102 · 2022-05-05T14:01:01.000Z
diff --git a/coderd/coderdtest/coderdtest.go b/coderd/coderdtest/coderdtest.go
@@ -174,21 +174,22 @@ func NewProvisionerDaemon(t *testing.T, client *codersdk.Client) io.Closer {
 	return closer
 }
 
+var FirstUserParams = codersdk.CreateFirstUserRequest{
+	Email:            "testuser@coder.com",
+	Username:         "testuser",
+	Password:         "testpass",
+	OrganizationName: "testorg",
+}
+
 // CreateFirstUser creates a user with preset credentials and authenticates
 // with the passed in codersdk client.
 func CreateFirstUser(t *testing.T, client *codersdk.Client) codersdk.CreateFirstUserResponse {
-	req := codersdk.CreateFirstUserRequest{
-		Email:            "testuser@coder.com",
-		Username:         "testuser",
-		Password:         "testpass",
-		OrganizationName: "testorg",
-	}
-	resp, err := client.CreateFirstUser(context.Background(), req)
+	resp, err := client.CreateFirstUser(context.Background(), FirstUserParams)
 	require.NoError(t, err)
 
 	login, err := client.LoginWithPassword(context.Background(), codersdk.LoginWithPasswordRequest{
-		Email:    req.Email,
-		Password: req.Password,
+		Email:    FirstUserParams.Email,
+		Password: FirstUserParams.Password,
 	})
 	require.NoError(t, err)
 	client.SessionToken = login.SessionToken
diff --git a/coderd/users.go b/coderd/users.go
@@ -363,7 +363,7 @@ func (api *api) putUserSuspend(rw http.ResponseWriter, r *http.Request) {
 func (api *api) putUserPassword(rw http.ResponseWriter, r *http.Request) {
 	user := httpmw.UserParam(r)
 
-	var params codersdk.UpdateUserHashedPasswordRequest
+	var params codersdk.UpdateUserPasswordRequest
 	if !httpapi.Read(rw, r, &params) {
 		return
 	}
@@ -406,11 +406,12 @@ func (api *api) putUserPassword(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 	databaseError := api.Database.UpdateUserHashedPassword(r.Context(), database.UpdateUserHashedPasswordParams{
+		ID:             user.ID,
 		HashedPassword: []byte(hashedPassword),
 	})
 	if databaseError != nil {
 		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
-			Message: fmt.Sprintf("put user password: %s", err.Error()),
+			Message: fmt.Sprintf("put user password: %s", databaseError.Error()),
 		})
 		return
 	}
@@ -635,7 +636,6 @@ func (api *api) postLogin(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	// If the user doesn't exist, it will be a default struct.
-
 	equal, err := userpassword.Compare(string(user.HashedPassword), loginWithPassword.Password)
 	if err != nil {
 		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
diff --git a/coderd/users_test.go b/coderd/users_test.go
@@ -287,6 +287,57 @@ func TestUpdateUserProfile(t *testing.T) {
 	})
 }
 
+func TestUpdateUserPassword(t *testing.T) {
+	t.Parallel()
+
+	t.Run("WrongPassword", func(t *testing.T) {
+		t.Parallel()
+		client := coderdtest.New(t, nil)
+		coderdtest.CreateFirstUser(t, client)
+		err := client.UpdateUserPassword(context.Background(), codersdk.Me, codersdk.UpdateUserPasswordRequest{
+			Password:           "wrongpassword",
+			NewPassword:        "newpassword",
+			ConfirmNewPassword: "newpassword",
+		})
+		var apiErr *codersdk.Error
+		require.ErrorAs(t, err, &apiErr)
+		require.Equal(t, http.StatusUnauthorized, apiErr.StatusCode())
+	})
+
+	t.Run("DifferentPasswordConfirmation", func(t *testing.T) {
+		t.Parallel()
+		client := coderdtest.New(t, nil)
+		coderdtest.CreateFirstUser(t, client)
+		err := client.UpdateUserPassword(context.Background(), codersdk.Me, codersdk.UpdateUserPasswordRequest{
+			Password:           coderdtest.FirstUserParams.Password,
+			NewPassword:        "newpassword",
+			ConfirmNewPassword: "wrongconfirmation",
+		})
+		var apiErr *codersdk.Error
+		require.ErrorAs(t, err, &apiErr)
+		require.Equal(t, http.StatusBadRequest, apiErr.StatusCode())
+	})
+
+	t.Run("Success", func(t *testing.T) {
+		t.Parallel()
+		client := coderdtest.New(t, nil)
+		coderdtest.CreateFirstUser(t, client)
+		err := client.UpdateUserPassword(context.Background(), codersdk.Me, codersdk.UpdateUserPasswordRequest{
+			Password:           coderdtest.FirstUserParams.Password,
+			NewPassword:        "newpassword",
+			ConfirmNewPassword: "newpassword",
+		})
+		require.NoError(t, err, "update password request should be successful")
+
+		// Check if the user can login using the new password
+		_, err = client.LoginWithPassword(context.Background(), codersdk.LoginWithPasswordRequest{
+			Email:    coderdtest.FirstUserParams.Email,
+			Password: "newpassword",
+		})
+		require.NoError(t, err, "login should be successful")
+	})
+}
+
 func TestGrantRoles(t *testing.T) {
 	t.Parallel()
 	t.Run("UpdateIncorrectRoles", func(t *testing.T) {
diff --git a/codersdk/users.go b/codersdk/users.go
@@ -72,7 +72,7 @@ type UpdateUserProfileRequest struct {
 	Username string `json:"username" validate:"required,username"`
 }
 
-type UpdateUserHashedPasswordRequest struct {
+type UpdateUserPasswordRequest struct {
 	Password           string `json:"password" validate:"required"`
 	NewPassword        string `json:"new_password" validate:"required"`
 	ConfirmNewPassword string `json:"confirm_new_password" validate:"required"`
@@ -187,6 +187,19 @@ func (c *Client) SuspendUser(ctx context.Context, userID uuid.UUID) (User, error
 	return user, json.NewDecoder(res.Body).Decode(&user)
 }
 
+// Update user password
+func (c *Client) UpdateUserPassword(ctx context.Context, userID uuid.UUID, req UpdateUserPasswordRequest) error {
+	res, err := c.request(ctx, http.MethodPut, fmt.Sprintf("/api/v2/users/%s/password", uuidOrMe(userID)), req)
+	if err != nil {
+		return err
+	}
+	defer res.Body.Close()
+	if res.StatusCode != http.StatusNoContent {
+		return readBodyAsError(res)
+	}
+	return nil
+}
+
 // UpdateUserRoles grants the userID the specified roles.
 // Include ALL roles the user has.
 func (c *Client) UpdateUserRoles(ctx context.Context, userID uuid.UUID, req UpdateRoles) (User, error) {
