feat(ST-l9kkxh2m): /reset-password pagina + resetPasswordAction + hashPassword

- lib/auth.ts: hashPassword(password) geëxporteerd (bcrypt, rounds=12) - actions/auth.ts: resetPasswordAction met Zod-validatie (min 8, superRefine gelijkheid), prisma.user.update (password_hash + must_reset_password=false), redirect /dashboard - app/(auth)/reset-password/page.tsx: server guard (userId check + must_reset_password check) - app/(auth)/reset-password/reset-form.tsx: client form (nieuw wachtwoord + bevestiging) - __tests__/actions/auth.test.ts: 3 tests voor resetPasswordAction
2026-05-05 14:30:59 +02:00 · 2026-05-05 14:30:59 +02:00 · a19ae89e37
commit a19ae89e37
parent 71281038ff
5 changed files with 206 additions and 3 deletions
--- a/tests/actions/auth.test.ts
+++ b/tests/actions/auth.test.ts
@ -1,10 +1,19 @@
 import { describe, it, expect, vi, beforeEach } from 'vitest'

-const { redirectMock, verifyUserMock, headerGetMock, sessionSaveMock } = vi.hoisted(() => ({
+const {
+  redirectMock,
+  verifyUserMock,
+  headerGetMock,
+  sessionSaveMock,
+  requireSessionMock,
+  prismaUserUpdateMock,
+} = vi.hoisted(() => ({
  redirectMock: vi.fn((path: string) => { throw new Error(`REDIRECT:${path}`) }),
  verifyUserMock: vi.fn(),
  headerGetMock: vi.fn(),
  sessionSaveMock: vi.fn(),
+  requireSessionMock: vi.fn(),
+  prismaUserUpdateMock: vi.fn(),
 }))

 vi.mock('next/navigation', () => ({ redirect: redirectMock }))
@ -23,10 +32,15 @@ vi.mock('@/lib/session', () => ({ sessionOptions: { cookieName: 't', password: '
 vi.mock('@/lib/auth', () => ({
  verifyUser: verifyUserMock,
  registerUser: vi.fn(),
+  hashPassword: vi.fn().mockResolvedValue('hashed'),
+}))
+vi.mock('@/lib/auth-guard', () => ({ requireSession: requireSessionMock }))
+vi.mock('@/lib/prisma', () => ({
+  prisma: { user: { update: prismaUserUpdateMock } },
 }))
 vi.mock('@/lib/rate-limit', () => ({ checkRateLimit: vi.fn().mockReturnValue(true) }))

-import { loginAction } from '@/actions/auth'
+import { loginAction, resetPasswordAction } from '@/actions/auth'

 const IPHONE_UA = 'Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) Mobile/15E148 Safari/604.1'
 const IPAD_UA = 'Mozilla/5.0 (iPad; CPU OS 17_4 like Mac OS X) Safari/604.1'
@ -44,6 +58,8 @@ beforeEach(() => {
  verifyUserMock.mockReset()
  headerGetMock.mockReset()
  sessionSaveMock.mockReset()
+  requireSessionMock.mockReset()
+  prismaUserUpdateMock.mockReset()
 })

 describe('loginAction UA-redirect', () => {
@ -83,3 +99,37 @@ describe('loginAction UA-redirect', () => {
    await expect(loginAction(undefined, fd('demo', 'demo123pw'))).rejects.toThrow('REDIRECT:/m/products/p1/solo')
  })
 })
+
+describe('resetPasswordAction', () => {
+  function fdReset(password: string, confirm: string) {
+    const f = new FormData()
+    f.set('password', password)
+    f.set('confirm', confirm)
+    return f
+  }
+
+  it('redirect /dashboard na succesvolle reset', async () => {
+    requireSessionMock.mockResolvedValue({ userId: 'u1' })
+    prismaUserUpdateMock.mockResolvedValue({})
+    await expect(resetPasswordAction(undefined, fdReset('nieuwpass1', 'nieuwpass1'))).rejects.toThrow('REDIRECT:/dashboard')
+    expect(prismaUserUpdateMock).toHaveBeenCalledWith(
+      expect.objectContaining({
+        where: { id: 'u1' },
+        data: expect.objectContaining({ password_hash: 'hashed', must_reset_password: false }),
+      })
+    )
+  })
+
+  it('fout als wachtwoorden niet overeenkomen', async () => {
+    requireSessionMock.mockResolvedValue({ userId: 'u1' })
+    const result = await resetPasswordAction(undefined, fdReset('nieuwpass1', 'anderpass1'))
+    expect(result).toMatchObject({ error: expect.objectContaining({ confirm: expect.any(Array) }) })
+    expect(prismaUserUpdateMock).not.toHaveBeenCalled()
+  })
+
+  it('fout als wachtwoord te kort is', async () => {
+    requireSessionMock.mockResolvedValue({ userId: 'u1' })
+    const result = await resetPasswordAction(undefined, fdReset('kort', 'kort'))
+    expect(result).toMatchObject({ error: expect.objectContaining({ password: expect.any(Array) }) })
+  })
+})