Appwrite/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite.git synced 2026-05-26 13:51:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

reuse session from testCreateAccountSession instead of creating new session

Browse Source 
remove unnecessary 'origin' headers to match other tests
set status code to 201 for MFA challenge creation endpoint
This commit is contained in:
Ujjwaljain16
2025-12-10 01:58:47 +05:30
parent 676d53b18e
commit 768d293cf5
2 changed files with 27 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/api/account.php
+3 -1
View File
@@ -4874,7 +4874,9 @@ App::post('/v1/account/mfa/challenge')
->setParam('userId', $user->getId())
->setParam('challengeId', $challenge->getId());
$response->dynamic($challenge, Response::MODEL_MFA_CHALLENGE);
$response
->setStatusCode(Response::STATUS_CODE_CREATED)
->dynamic($challenge, Response::MODEL_MFA_CHALLENGE);
});
App::put('/v1/account/mfa/challenge')
tests/e2e/Services/Account/AccountCustomClientTest.php
+24 -45
View File
@@ -3074,33 +3074,18 @@ class AccountCustomClientTest extends Scope
}
/**
* @depends testCreateAccount
* @depends testCreateAccountSession
*/
public function testMFARecoveryCodeChallenge($data): void
{
$email = $data['email'] ?? '';
$password = $data['password'] ?? '';
// Create session first
$session = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([
'origin' => 'http://localhost',
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
]), [
'email' => $email,
'password' => $password,
]);
$this->assertEquals(201, $session['headers']['status-code']);
$sessionCookie = $session['cookies']['a_session_' . $this->getProject()['$id']];
{
$session = $data['session'] ?? '';
// Generate recovery codes
$response = $this->client->call(Client::METHOD_POST, '/account/mfa/recovery-codes', array_merge([
'origin' => 'http://localhost',
$response = $this->client->call(Client::METHOD_POST, '/account/mfa/recovery-codes', [
'content-type' => 'application/json',
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $sessionCookie,
'x-appwrite-project' => $this->getProject()['$id'],
]));
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session,
]);
$this->assertEquals(200, $response['headers']['status-code']);
$this->assertNotEmpty($response['body']['recoveryCodes']);
@@ -3108,12 +3093,11 @@ class AccountCustomClientTest extends Scope
$this->assertGreaterThan(0, count($recoveryCodes));
// Create recovery code challenge
$challenge = $this->client->call(Client::METHOD_POST, '/account/mfa/challenge', array_merge([
'origin' => 'http://localhost',
$challenge = $this->client->call(Client::METHOD_POST, '/account/mfa/challenge', [
'content-type' => 'application/json',
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $sessionCookie,
'x-appwrite-project' => $this->getProject()['$id'],
]), [
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session,
], [
'factor' => 'recoveryCode'
]);
@@ -3122,12 +3106,11 @@ class AccountCustomClientTest extends Scope
$challengeId = $challenge['body']['$id'];
// Test SUCCESS: Verify with valid recovery code (this tests the bug fix)
$verification = $this->client->call(Client::METHOD_PUT, '/account/mfa/challenge', array_merge([
'origin' => 'http://localhost',
$verification = $this->client->call(Client::METHOD_PUT, '/account/mfa/challenge', [
'content-type' => 'application/json',
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $sessionCookie,
'x-appwrite-project' => $this->getProject()['$id'],
]), [
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session,
], [
'challengeId' => $challengeId,
'otp' => $recoveryCodes[0]
]);
@@ -3137,23 +3120,21 @@ class AccountCustomClientTest extends Scope
$this->assertContains('recoveryCode', $verification['body']['factors']);
// Test that the code was consumed (can't use again)
$challenge2 = $this->client->call(Client::METHOD_POST, '/account/mfa/challenge', array_merge([
'origin' => 'http://localhost',
$challenge2 = $this->client->call(Client::METHOD_POST, '/account/mfa/challenge', [
'content-type' => 'application/json',
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $sessionCookie,
'x-appwrite-project' => $this->getProject()['$id'],
]), [
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session,
], [
'factor' => 'recoveryCode'
]);
$this->assertEquals(201, $challenge2['headers']['status-code']);
$verification2 = $this->client->call(Client::METHOD_PUT, '/account/mfa/challenge', array_merge([
'origin' => 'http://localhost',
$verification2 = $this->client->call(Client::METHOD_PUT, '/account/mfa/challenge', [
'content-type' => 'application/json',
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $sessionCookie,
'x-appwrite-project' => $this->getProject()['$id'],
]), [
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session,
], [
'challengeId' => $challenge2['body']['$id'],
'otp' => $recoveryCodes[0] // Same code should fail
]);
@@ -3161,23 +3142,21 @@ class AccountCustomClientTest extends Scope
$this->assertEquals(401, $verification2['headers']['status-code']);
// Test FAILURE: Invalid recovery code
$challenge3 = $this->client->call(Client::METHOD_POST, '/account/mfa/challenge', array_merge([
'origin' => 'http://localhost',
$challenge3 = $this->client->call(Client::METHOD_POST, '/account/mfa/challenge', [
'content-type' => 'application/json',
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $sessionCookie,
'x-appwrite-project' => $this->getProject()['$id'],
]), [
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session,
], [
'factor' => 'recoveryCode'
]);
$this->assertEquals(201, $challenge3['headers']['status-code']);
$verification3 = $this->client->call(Client::METHOD_PUT, '/account/mfa/challenge', array_merge([
'origin' => 'http://localhost',
$verification3 = $this->client->call(Client::METHOD_PUT, '/account/mfa/challenge', [
'content-type' => 'application/json',
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $sessionCookie,
'x-appwrite-project' => $this->getProject()['$id'],
]), [
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session,
], [
'challengeId' => $challenge3['body']['$id'],
'otp' => 'invalid-code-123'
]);