Updates test for forgotPassword return data

redwoodjs · Nov 3, 2022 · b4a851e · b4a851e
1 parent a8b108e
commit b4a851e
Showing 1 changed file with 9 additions and 8 deletions.
diff --git a/packages/auth-providers-api/src/dbAuth/__tests__/DbAuthHandler.test.js b/packages/auth-providers-api/src/dbAuth/__tests__/DbAuthHandler.test.js
@@ -767,15 +767,16 @@ describe('dbAuth', () => {
       // base64 characters only, except =
       expect(resetUser.resetToken).toMatch(/^\w{16}$/)
       expect(resetUser.resetTokenExpiresAt instanceof Date).toEqual(true)
-      // response contains the user data, minus `hashedPassword` and `salt`
+
+      // response contains data returned from the handler
       expect(responseBody.id).toEqual(resetUser.id)
       expect(responseBody.email).toEqual(resetUser.email)
-      expect(responseBody.resetToken).toEqual(resetUser.resetToken)
-      expect(responseBody.resetTokenExpiresAt).toEqual(
-        resetUser.resetTokenExpiresAt.toISOString()
-      )
-      expect(responseBody.hashedPassword).toEqual(undefined)
-      expect(responseBody.salt).toEqual(undefined)
+
+      // response data should not include sensitive info
+      expect(responseBody.resetToken).toBeUndefined()
+      expect(responseBody.resetTokenExpiresAt).toBeUndefined()
+      expect(responseBody.hashedPassword).toBeUndefined()
+      expect(responseBody.salt).toBeUndefined()
     })
 
     it('returns a logout session cookie', async () => {
@@ -802,7 +803,7 @@ describe('dbAuth', () => {
       expect.assertions(1)
     })
 
-    it.only('removes the token from the forgotPassword response', async () => {
+    it('removes the token from the forgotPassword response', async () => {
       const user = await createDbUser()
       event.body = JSON.stringify({
         username: user.email,