1
0
mirror of https://github.com/google/nomulus synced 2026-06-09 16:33:02 +00:00

Use existing pw reset code if creating from an existing instance (#3091)

this means that modifying requests changes them in place in the db
This commit is contained in:
gbrodman
2026-06-22 13:33:17 -04:00
committed by GitHub
parent 84e97aa2db
commit ae61922318
2 changed files with 13 additions and 1 deletions
@@ -118,7 +118,9 @@ public class PasswordResetRequest extends ImmutableObject implements Buildable {
checkArgumentNotNull(getInstance().requester, "Requester must be specified");
checkArgumentNotNull(getInstance().destinationEmail, "Destination email must be specified");
checkArgumentNotNull(getInstance().registrarId, "Registrar ID must be specified");
getInstance().verificationCode = UUID.randomUUID().toString();
if (getInstance().verificationCode == null) {
getInstance().verificationCode = UUID.randomUUID().toString();
}
return super.build();
}
@@ -85,6 +85,16 @@ public class PasswordResetVerifyActionTest extends ConsoleActionBaseTestCase {
.isTrue();
}
@Test
void testFailure_post_replay() throws Exception {
createAction("POST", verificationCode, "newPassword1").run();
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
// Attempting to reuse the same code should fail
createAction("POST", verificationCode, "newPassword2").run();
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_BAD_REQUEST);
}
@Test
void testFailure_get_invalidVerificationCode() throws Exception {
createAction("GET", "invalid", null).run();