Add WooCommerce password change action.

[joshcanhelp]

Changes

Add Auth0 password change functionality to WooCommerce edit account + tests.

References

Reported on the WP support forums.

Testing

This PR adds unit tests. It can also be tested manually by:

1. Start with Auth0 and WooCommerce installed and configured
2. Go to the edit account page for WooCommerce (front-end of the site)
3. Attempt to change the password to something invalid; expect a visible warning, no changes made, and an error in the error log
4. Attempt to change the password to something valid; expect the change to complete with no errors

• I included manual testing steps above, if applicable
• This change adds unit test coverage
• This change has been tested on the latest version of the platform

Checklist

• All existing and new tests complete without errors
• All code quality tools/guidelines in the Contribution guide have been run/followed
• All active GitHub CI checks have passed

[lbalmaceda]

sounds like part of another test case

[joshcanhelp]

First part is just setup to show that it's succeeding. Then we remove pieces and show that it's failing. Each failure case kicks back false regardless of how it fails so this is the best way to make sure that what we're actually doing is causing the failure.

[lbalmaceda]

First part is just setup to show that it's succeeding

This does sound like overkill. No need to add a success scenario before each failure case. Have a test asserting the success use case, have others asserting the failure cases (without repeating what you're already testing on other tests). If the test says "fails when password property is not provided" just call unset("password_field") and that will suffice.

[joshcanhelp]

@lbalmaceda - Responded and changes made. Thank you!

[codecov-io]

Codecov Report

Merging #585 into master will increase coverage by 0.01%.
The diff coverage is 100%.

@@             Coverage Diff              @@
##             master     #585      +/-   ##
============================================
+ Coverage     28.51%   28.52%   +0.01%     
- Complexity     1306     1308       +2     
============================================
  Files            51       51              
  Lines          4202     4203       +1     
============================================
+ Hits           1198     1199       +1     
  Misses         3004     3004

Impacted Files	Coverage Δ	Complexity Δ
lib/profile/WP_Auth0_Profile_Delete_Mfa.php	100% <ø> (ø)	12 <0> (ø)	⬇️
lib/profile/WP_Auth0_Profile_Delete_Data.php	100% <ø> (ø)	8 <0> (ø)	⬇️
lib/profile/WP_Auth0_Profile_Change_Password.php	100% <100%> (ø)	12 <0> (+2)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6126a34...803f6f5. Read the comment docs.

[lbalmaceda]

I don't agree with how the tests are written. You're writting 1 test like this:

1. prepare config
2. make method work fine / succeed
3. change something in the config
4. test that method now fails
5. repeat (3) and (5) for each property under test

while it should be

1. prepare successful config
2. test method works fine

1. prepare failure config A
2. test method fails with err a

1. prepare failure config B
2. test method fails with err b

etc.. I'm leaving a general comment because I found many tests like this on this PR. All marked as "belongs to some other test case". Please correct those.

[lbalmaceda]

First part is just setup to show that it's succeeding

This does sound like overkill. No need to add a success scenario before each failure case. Have a test asserting the success use case, have others asserting the failure cases (without repeating what you're already testing on other tests). If the test says "fails when password property is not provided" just call unset("password_field") and that will suffice.

[lbalmaceda]

Please clarify if this returns true when the password was changed or when the password was not changed. I'm confused with this line and the 3 above.

[lbalmaceda]

Test is called "test that <condition> skips (the 'password' I suppose) update". How do you know when it was or wasn't changed?

[lbalmaceda]

can this change in anyway when validate_new_password is called? If that doesn't happen, what I see is:

var a = 1;
assert(a).equals(1);

[joshcanhelp]

can this change in anyway when validate_new_password is called?

Yes, alters the global var

[lbalmaceda]

do you need to do $this->assertEmpty( $errors->get_error_messages() ); here, as done on the test above? applies to other tests as well

[joshcanhelp]

Good to make sure in some cases. I added it where I thought it was needed.

[lbalmaceda]

should you call something more explicit like $this->storeAuth0Data( null );?

[joshcanhelp]

No

[lbalmaceda]

sug. rename to testThatMissingAuth0UserDataSkipsUpdate

[lbalmaceda]

"missing user record" but here you're passing a user id, from a user that was created right at the beginning of the test. What I am missing?

[joshcanhelp]

What I am missing?

A lot 😆 ... $this->storeAuth0Data() creates meta data for some user, $_POST['user_id'] is a global POST var that clues the method in that there is a user to change.