. */ namespace Tests\Feature; use App\Space; use App\AccountRecoveryToken; use Tests\TestCase; class ApiAccountRecoveryTokenTest extends TestCase { private Space $space; protected $tokenRoute = '/api/account_recovery_tokens/send-by-push'; protected $tokenRequestRoute = '/api/account_recovery_request_tokens'; protected $method = 'POST'; protected $pnProvider = 'fcm'; protected $pnParam = 'param'; protected $pnPrid = 'id'; public function setUp(): void { parent::setUp(); $this->space = Space::factory()->create(); } public function testMandatoryParameters() { $this->json($this->method, $this->tokenRoute)->assertStatus(422); $this->json($this->method, $this->tokenRoute, [ 'pn_provider' => null, 'pn_param' => null, 'pn_prid' => null, ])->assertStatus(422); } public function testThrottling() { AccountRecoveryToken::factory()->create([ 'pn_provider' => $this->pnProvider, 'pn_param' => $this->pnParam, 'pn_prid' => $this->pnPrid, ]); $this->json($this->method, $this->tokenRoute, [ 'pn_provider' => $this->pnProvider, 'pn_param' => $this->pnParam, 'pn_prid' => $this->pnPrid, ])->assertStatus(503); // Redeem all the tokens AccountRecoveryToken::where('used', false)->update(['used' => true]); $this->json($this->method, $this->tokenRoute, [ 'pn_provider' => $this->pnProvider, 'pn_param' => $this->pnParam, 'pn_prid' => $this->pnPrid, ])->assertStatus(429); } public function testTokenRecoveryPage() { $token = AccountRecoveryToken::factory()->create(); $phone = '+3312345'; $this->get($this->setSpaceOnRoute($this->space, route('account.recovery.show.phone', ['account_recovery_token' => 'bad_token']))) ->assertStatus(404); $this->get($this->setSpaceOnRoute($this->space, route('account.recovery.show.phone', ['account_recovery_token' => $token->token]))) ->assertDontSee($phone) ->assertStatus(200); $this->get($this->setSpaceOnRoute($this->space, route('account.recovery.show.phone', ['account_recovery_token' => $token->token, 'phone' => $phone]))) ->assertSee($phone) ->assertStatus(200); $token->consume(); $this->get($this->setSpaceOnRoute($this->space, route('account.recovery.show.phone', ['account_recovery_token' => $token->token]))) ->assertStatus(404); } }