tenant = Tenant::factory()->create(); $this->user = User::factory()->create([ 'tenant_id' => $this->tenant->id, 'password_hash' => Hash::make('current-pass-123'), ]); $this->actingAs($this->user); }); test('POST /api/account/change-password меняет пароль при верном текущем', function () { $response = $this->postJson('/api/account/change-password', [ 'current_password' => 'current-pass-123', 'password' => 'brand-new-pass-456', 'password_confirmation' => 'brand-new-pass-456', ]); $response->assertOk(); expect($response->json('last_password_change_at'))->not->toBeNull(); $this->user->refresh(); expect(Hash::check('brand-new-pass-456', $this->user->password_hash))->toBeTrue(); expect(Hash::check('current-pass-123', $this->user->password_hash))->toBeFalse(); // Событие записано в auth_log. $logged = DB::table('auth_log') ->where('user_id', $this->user->id) ->where('event', 'password_changed') ->exists(); expect($logged)->toBeTrue(); }); test('POST /api/account/change-password: 422 при неверном текущем пароле', function () { $this->postJson('/api/account/change-password', [ 'current_password' => 'wrong-current-pass', 'password' => 'brand-new-pass-456', 'password_confirmation' => 'brand-new-pass-456', ])->assertStatus(422)->assertJsonValidationErrorFor('current_password'); // Пароль НЕ изменён. $this->user->refresh(); expect(Hash::check('current-pass-123', $this->user->password_hash))->toBeTrue(); }); test('POST /api/account/change-password: 422 при коротком новом пароле', function () { $this->postJson('/api/account/change-password', [ 'current_password' => 'current-pass-123', 'password' => 'short', 'password_confirmation' => 'short', ])->assertStatus(422)->assertJsonValidationErrorFor('password'); }); test('POST /api/account/change-password: 422 при несовпадении подтверждения', function () { $this->postJson('/api/account/change-password', [ 'current_password' => 'current-pass-123', 'password' => 'brand-new-pass-456', 'password_confirmation' => 'different-pass-789', ])->assertStatus(422)->assertJsonValidationErrorFor('password'); }); test('POST /api/account/change-password без auth: 401', function () { auth()->logout(); $this->postJson('/api/account/change-password', [ 'current_password' => 'current-pass-123', 'password' => 'brand-new-pass-456', 'password_confirmation' => 'brand-new-pass-456', ])->assertStatus(401); }); test('GET /api/account/security возвращает дату смены и недавние входы', function () { // Лог: один вход + одна смена пароля. DB::table('auth_log')->insert([ 'actor_type' => 'tenant_user', 'tenant_id' => $this->tenant->id, 'user_id' => $this->user->id, 'email' => $this->user->email, 'event' => 'login_success', 'ip_address' => '10.0.0.1', 'user_agent' => 'Mozilla/5.0 (Windows NT 10.0) Chrome/120.0', 'created_at' => now(), ]); $response = $this->getJson('/api/account/security'); $response->assertOk(); expect($response->json('recent_logins'))->toBeArray(); expect($response->json('recent_logins.0.device'))->toContain('Chrome'); expect($response->json('recent_logins.0.current'))->toBeTrue(); expect($response->json())->toHaveKey('last_password_change_at'); });