add an additional unit test just to make sure an admin can reset thei…

…r own password.
jqtruong · Jun 14, 2016 · 8a61208 · 8a61208
1 parent dd6f705
commit 8a61208
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/test/metabase/api/user_test.clj b/test/metabase/api/user_test.clj
@@ -233,6 +233,23 @@
     ;; now simply grab the lastest pass from the db and compare to the one we have from before reset
     (not= password (db/select-one-field :password User, :email (:email creds)))))
 
+;; Replicate the same test above with a superuser to ensure admins can reset their own password
+(expect-let [creds {:email    "[email protected]"
+                    :password "def"}
+             {:keys [id password]} (db/insert! User
+                                     :first_name   "test"
+                                     :last_name    "user"
+                                     :email        "[email protected]"
+                                     :password     "def"
+                                     :is_superuser true)]
+  true
+  (do
+    ;; use API to reset the users password
+    (metabase.http-client/client creds :put 200 (format "user/%d/password" id) {:password     "abc123!!DEF"
+                                                                                :old_password (:password creds)})
+    ;; now simply grab the lastest pass from the db and compare to the one we have from before reset
+    (not= password (db/select-one-field :password User, :email (:email creds)))))
+
 ;; Check that a non-superuser CANNOT update someone else's password
 (expect "You don't have permissions to do that."
   ((user->client :rasta) :put 403 (format "user/%d/password" (user->id :trashbird)) {:password "whateverUP12!!"