refactor(api): move route from lib to src

Author: EmmanuelleBonnemay

api/lib/application/passwords/index.js

@@ -6,7 +6,6 @@ import * as certificationCenters from './application/certification-centers/index
 import * as frameworks from './application/frameworks/index.js';
 import * as memberships from './application/memberships/index.js';
 import * as organizations from './application/organizations/index.js';
-import * as passwords from './application/passwords/index.js';
 import * as scoOrganizationLearners from './application/sco-organization-learners/index.js';
 import * as targetProfiles from './application/target-profiles/index.js';
 import * as users from './application/users/index.js';
@@ -19,7 +18,6 @@ const routes = [
   healthcheck,
   memberships,
   organizations,
-  passwords,
   scoOrganizationLearners,
   targetProfiles,
   frameworks,

api/lib/routes.js

@@ -1,7 +1,11 @@
 import Joi from 'joi';
+import XRegExp from 'xregexp';
 
+import { config } from '../../../shared/config.js';
 import { passwordController } from './password.controller.js';
 
+const { passwordValidationPattern } = config.account;
+
 export const passwordRoutes = [
   {
     method: 'POST',
@@ -40,4 +44,25 @@ export const passwordRoutes = [
       tags: ['api', 'passwords'],
     },
   },
+  {
+    method: 'POST',
+    path: '/api/expired-password-updates',
+    config: {
+      auth: false,
+      handler: (request, h) => passwordController.updateExpiredPassword(request, h),
+      validate: {
+        payload: Joi.object({
+          data: {
+            attributes: {
+              'password-reset-token': Joi.string().required(),
+              'new-password': Joi.string().pattern(XRegExp(passwordValidationPattern)).required(),
+            },
+            type: Joi.string(),
+          },
+        }),
+      },
+      notes: ['Route publique', 'Cette route permet de mettre à jour un mot de passe expiré'],
+      tags: ['api', 'passwords'],
+    },
+  },
 ];

api/src/identity-access-management/application/password/password.route.js

@@ -1,5 +1,6 @@
 import { resetPasswordService } from '../../../../../src/identity-access-management/domain/services/reset-password.service.js';
 import { config } from '../../../../../src/shared/config.js';
+import { tokenService } from '../../../../../src/shared/domain/services/token-service.js';
 import { createServer, databaseBuilder, expect } from '../../../../test-helper.js';
 
 describe('Acceptance | Identity Access Management | Application | Route | password', function () {
@@ -97,23 +98,120 @@ describe('Acceptance | Identity Access Management | Application | Route | passwo
   });
 
   describe('GET /api/password-reset-demands/{temporaryKey}', function () {
-    it('returns 200 http status code', async function () {
-      // given
-      const temporaryKey = await resetPasswordService.generateTemporaryKey();
-      const options = {
-        method: 'GET',
-        url: `/api/password-reset-demands/${temporaryKey}`,
-      };
-      const userId = databaseBuilder.factory.buildUser({ email }).id;
-      databaseBuilder.factory.buildAuthenticationMethod.withPixAsIdentityProviderAndHashedPassword({ userId });
-      databaseBuilder.factory.buildResetPasswordDemand({ temporaryKey, email });
-      await databaseBuilder.commit();
-
-      // when
-      const response = await server.inject(options);
-
-      // then
-      expect(response.statusCode).to.equal(200);
+    const options = {
+      method: 'GET',
+      url: null,
+    };
+    context('when temporaryKey is not valid', function () {
+      it('replies with 401 status code', async function () {
+        // given
+        options.url = '/api/password-reset-demands/invalid-temporary-key';
+
+        // when
+        const response = await server.inject(options);
+
+        // then
+        expect(response.statusCode).to.equal(401);
+      });
+    });
+    context('when temporaryKey is valid', function () {
+      let temporaryKey;
+
+      beforeEach(async function () {
+        temporaryKey = await resetPasswordService.generateTemporaryKey();
+        options.url = `/api/password-reset-demands/${temporaryKey}`;
+      });
+
+      context('when temporaryKey is not linked to a reset password demand', function () {
+        it('replies with 404 status code', async function () {
+          // when
+          const response = await server.inject(options);
+
+          // then
+          expect(response.statusCode).to.equal(404);
+        });
+      });
+
+      context('when temporaryKey is linked to a password reset demand', function () {
+        beforeEach(async function () {
+          databaseBuilder.factory.buildUser({ email });
+          databaseBuilder.factory.buildResetPasswordDemand({ email, temporaryKey });
+
+          await databaseBuilder.commit();
+        });
+
+        it('replies with 200 status code', async function () {
+          // when
+          const response = await server.inject(options);
+
+          // then
+          expect(response.statusCode).to.equal(200);
+        });
+      });
+    });
+  });
+
+  describe('POST /api/expired-password-updates', function () {
+    context('Success cases', function () {
+      it('returns 201 HTTP status code', async function () {
+        // given
+        const user = databaseBuilder.factory.buildUser.withRawPassword({
+          shouldChangePassword: true,
+        });
+        await databaseBuilder.commit();
+        const passwordResetToken = tokenService.createPasswordResetToken(user.id);
+
+        const options = {
+          method: 'POST',
+          url: '/api/expired-password-updates',
+          payload: {
+            data: {
+              attributes: {
+                'password-reset-token': passwordResetToken,
+                'new-password': 'Password02',
+              },
+            },
+          },
+        };
+
+        // when
+        const response = await server.inject(options);
+
+        // then
+        expect(response.statusCode).to.equal(201);
+      });
+    });
+
+    context('Error cases', function () {
+      context('when shouldChangePassword is false', function () {
+        it('responds 403 HTTP status code', async function () {
+          // given
+          const user = databaseBuilder.factory.buildUser.withRawPassword({
+            shouldChangePassword: false,
+          });
+          await databaseBuilder.commit();
+          const passwordResetToken = tokenService.createPasswordResetToken(user.id);
+
+          const options = {
+            method: 'POST',
+            url: '/api/expired-password-updates',
+            payload: {
+              data: {
+                attributes: {
+                  'password-reset-token': passwordResetToken,
+                  'new-password': 'Password02',
+                },
+              },
+            },
+          };
+
+          // when
+          const response = await server.inject(options);
+
+          // then
+          expect(response.statusCode).to.equal(403);
+        });
+      });
     });
   });
 });

api/tests/identity-access-management/acceptance/application/password/password.route.test.js

@@ -52,4 +52,27 @@ describe('Integration | Identity Access Management | Application | Route | passw
       expect(response.statusCode).to.equal(200);
     });
   });
+
+  describe('POST /api/expired-password-updates', function () {
+    it('returns 201 http status code', async function () {
+      // given
+      const method = 'POST';
+      const url = '/api/expired-password-updates';
+      const payload = {
+        data: {
+          attributes: {
+            'password-reset-token': 'PASSWORD_RESET_TOKEN',
+            'new-password': 'Password123',
+          },
+        },
+      };
+      sinon.stub(passwordController, 'updateExpiredPassword').callsFake((request, h) => h.response().created());
+
+      // when
+      const response = await httpTestServer.request(method, url, payload);
+
+      // then
+      expect(response.statusCode).to.equal(201);
+    });
+  });
 });

api/tests/identity-access-management/integration/application/password/password.route.test.js

@@ -51,4 +51,54 @@ describe('Unit | Identity Access Management | Application | Route | password', f
       });
     });
   });
+
+  describe('POST /api/expired-password-updates', function () {
+    const method = 'POST';
+    const url = '/api/expired-password-updates';
+
+    it('returns 201 http status code', async function () {
+      // given
+      sinon.stub(passwordController, 'updateExpiredPassword').callsFake((request, h) => h.response().created());
+      const httpTestServer = new HttpTestServer();
+      await httpTestServer.register(routesUnderTest);
+
+      const payload = {
+        data: {
+          attributes: {
+            'password-reset-token': 'PASSWORD_RESET_TOKEN',
+            'new-password': 'Password123',
+          },
+        },
+      };
+
+      // when
+      const response = await httpTestServer.request(method, url, payload);
+
+      // then
+      expect(response.statusCode).to.equal(201);
+    });
+
+    context('When the payload has the wrong format or no passwordResetToken or newPassword is provided.', function () {
+      it('returns 400 http status code', async function () {
+        // given
+        const httpTestServer = new HttpTestServer();
+        await httpTestServer.register(routesUnderTest);
+
+        const payload = {
+          data: {
+            attributes: {
+              'password-reset-token': 'PASSWORD_RESET_TOKEN',
+              newPassword: null,
+            },
+          },
+        };
+
+        // when
+        const response = await httpTestServer.request(method, url, payload);
+
+        // then
+        expect(response.statusCode).to.equal(400);
+      });
+    });
+  });
 });