From e9c5f123383e461a890c95368dce6f79d3b84660 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Wed, 12 Aug 2020 09:15:31 +0200
Subject: Do not reuse reset password links

---
 server/tests/api/server/email.ts | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'server/tests/api')

diff --git a/server/tests/api/server/email.ts b/server/tests/api/server/email.ts
index b01a91d48..05c89d2a3 100644
--- a/server/tests/api/server/email.ts
+++ b/server/tests/api/server/email.ts
@@ -123,6 +123,10 @@ describe('Test emails', function () {
       await resetPassword(server.url, userId, verificationString, 'super_password2')
     })
 
+    it('Should not reset the password with the same verification string', async function () {
+      await resetPassword(server.url, userId, verificationString, 'super_password3', 403)
+    })
+
     it('Should login with this new password', async function () {
       user.password = 'super_password2'
 
-- 
cgit v1.2.3