124 lines
5.0 KiB
JavaScript
124 lines
5.0 KiB
JavaScript
|
import {setupApphierarchy, validUser,
|
||
|
|
basicAppHierarchyCreator_WithFields} from "./specHelpers";
|
||
|
|
import { parseTemporaryCode,
|
||
|
|
userAuthFile,
|
||
|
|
USERS_LIST_FILE,
|
||
|
|
getUserByName} from "../src/authApi/authCommon";
|
||
|
|
|
||
|
|
|
||
|
|
describe("authApi > changeMyPassword", () => {
|
||
|
|
|
||
|
|
it("should be able to authenticate after a change", async () => {
|
||
|
|
const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
|
||
|
|
const u = await validUser(app, authApi, "firstpassword");
|
||
|
|
const firstPasswordCheck = await authApi.authenticate(u.name, "firstpassword");
|
||
|
|
expect(firstPasswordCheck).not.toBeNull();
|
||
|
|
const changeResult = await authApi.changeMyPassword("firstpassword", "secondpassword");
|
||
|
|
expect(changeResult).toBe(true);
|
||
|
|
const firstPasswordReCheck = await authApi.authenticate(u.name, "firstpassword");
|
||
|
|
expect(firstPasswordReCheck).toBeNull();
|
||
|
|
const secondPasswordCheck = await authApi.authenticate(u.name, "secondpassword");
|
||
|
|
expect(secondPasswordCheck).not.toBeNull();
|
||
|
|
});
|
||
|
|
|
||
|
|
it("should not change password if current password is incorrect", async () => {
|
||
|
|
const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
|
||
|
|
const u = await validUser(app, authApi, "firstpassword");
|
||
|
|
const changeResult = await authApi.changeMyPassword("not-firstpassword", "secondpassword");
|
||
|
|
expect(changeResult).toBe(false);
|
||
|
|
const secondPasswordCheck = await authApi.authenticate(u.name, "secondpassword");
|
||
|
|
expect(secondPasswordCheck).toBeNull();
|
||
|
|
});
|
||
|
|
|
||
|
|
it("should be allowed with no permissions", async () => {
|
||
|
|
const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
|
||
|
|
const u = await validUser(app, authApi, "firstpassword");
|
||
|
|
app.withNoPermissions();
|
||
|
|
await authApi.changeMyPassword("firstpassword", "secondpassword");
|
||
|
|
});
|
||
|
|
|
||
|
|
});
|
||
|
|
|
||
|
|
|
||
|
|
describe("authApi > resetPasswordFlow", () => {
|
||
|
|
|
||
|
|
it("should successfully set password from temporary access", async () => {
|
||
|
|
const {authApi,app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
|
||
|
|
const u = await validUser(app,authApi, "firstpassword");
|
||
|
|
|
||
|
|
const tempCode = await authApi.createTemporaryAccess(u.name);
|
||
|
|
|
||
|
|
const result = await authApi.setPasswordFromTemporaryCode(tempCode,"secondpassword");
|
||
|
|
expect(result).toBe(true);
|
||
|
|
const secondPasswordCheck = await authApi.authenticate(u.name, "secondpassword");
|
||
|
|
expect(secondPasswordCheck).not.toBeNull();
|
||
|
|
|
||
|
|
});
|
||
|
|
|
||
|
|
it("should not set password when temporary access expired", async () => {
|
||
|
|
const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
|
||
|
|
const u = await validUser(app, authApi, "firstpassword");
|
||
|
|
|
||
|
|
const tempCode = await authApi.createTemporaryAccess(u.name);
|
||
|
|
|
||
|
|
const userAuth = await app.datastore.loadJson(
|
||
|
|
userAuthFile(u.name)
|
||
|
|
);
|
||
|
|
userAuth.temporaryAccessExpiryEpoch = 0;
|
||
|
|
await app.datastore.updateJson(
|
||
|
|
userAuthFile(u.name), userAuth
|
||
|
|
);
|
||
|
|
const result = await authApi.setPasswordFromTemporaryCode(tempCode,"secondpassword");
|
||
|
|
expect(result).toBe(false);
|
||
|
|
const secondPasswordCheck = await authApi.authenticate(u.name, "secondpassword");
|
||
|
|
expect(secondPasswordCheck).toBeNull();
|
||
|
|
|
||
|
|
});
|
||
|
|
|
||
|
|
it("should still be able to authenticate with password when temp access is set", async () => {
|
||
|
|
const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
|
||
|
|
const u = await validUser(app, authApi, "firstpassword");
|
||
|
|
|
||
|
|
await authApi.createTemporaryAccess(u.name);
|
||
|
|
|
||
|
|
const secondPasswordCheck = await authApi.authenticate(u.name, "firstpassword");
|
||
|
|
expect(secondPasswordCheck).not.toBeNull();
|
||
|
|
|
||
|
|
});
|
||
|
|
|
||
|
|
});
|
||
|
|
|
||
|
|
describe("authApi > createTemporaryAccess", () => {
|
||
|
|
|
||
|
|
it("should set users accessId annd userAuth hash and expiry", async () => {
|
||
|
|
|
||
|
|
const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
|
||
|
|
const u = await validUser(app, authApi, "firstpassword");
|
||
|
|
|
||
|
|
const tempCode = await authApi.createTemporaryAccess(u.name);
|
||
|
|
const tempInfo = parseTemporaryCode(tempCode);
|
||
|
|
|
||
|
|
const userAuth = await app.datastore.loadJson(
|
||
|
|
userAuthFile(u.name)
|
||
|
|
);
|
||
|
|
|
||
|
|
const currentTime = await app.getEpochTime();
|
||
|
|
expect(app.crypto.verify(userAuth.temporaryAccessHash, tempInfo.code)).toBeTruthy();
|
||
|
|
expect(userAuth.temporaryAccessExpiryEpoch).toBeGreaterThan(currentTime);
|
||
|
|
|
||
|
|
const users = await app.datastore.loadJson(USERS_LIST_FILE);
|
||
|
|
const user = getUserByName(users, u.name);
|
||
|
|
|
||
|
|
expect(user.temporaryAccessId).toBe(tempInfo.id);
|
||
|
|
|
||
|
|
});
|
||
|
|
|
||
|
|
it("should be allowed with no permissions", async () => {
|
||
|
|
const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
|
||
|
|
const u = await validUser(app, authApi, "firstpassword");
|
||
|
|
app.withNoPermissions();
|
||
|
|
await authApi.createTemporaryAccess(u.name);
|
||
|
|
});
|
||
|
|
|
||
|
|
});
|