budibase/packages/server/tests/authenticate.js

183 lines
5.5 KiB
JavaScript
Raw Normal View History

2019-06-14 18:01:01 +02:00
const statusCodes = require("../utilities/statusCodes");
2019-06-28 23:59:27 +02:00
const { readFile } = require("../utilities/fsawait");
const { timeout } = require("./helpers");
2019-06-14 18:01:01 +02:00
2019-07-07 10:03:37 +02:00
module.exports = (app, appName) => {
const credentials = app.credentials[appName];
2019-06-14 18:01:01 +02:00
it("should return unauthorized if username is incorrect", async () => {
2019-07-07 10:03:37 +02:00
await app.post(`/${appName}/api/authenticate`, {
2019-06-14 18:01:01 +02:00
username: "unknownuser",
2019-07-07 10:03:37 +02:00
password: credentials.password
2019-06-14 18:01:01 +02:00
})
.expect(statusCodes.UNAUTHORIZED);
})
it("should return unauthorized if password is incorrect", async () => {
2019-07-07 10:03:37 +02:00
await app.post(`/${appName}/api/authenticate`, {
username: credentials.username,
2019-06-14 18:01:01 +02:00
password: "incorrect_password"
})
.expect(statusCodes.UNAUTHORIZED);
})
it("should not get cookie when unauthorized", async () => {
2019-07-07 10:03:37 +02:00
const response = await app.post(`/${appName}/api/authenticate`, {
username: credentials.username,
2019-06-14 18:01:01 +02:00
password: "incorrect_password"
});
expect(response.header['set-cookie']).toBeUndefined();
});
2019-06-15 00:03:01 +02:00
it("should return ok correct username and password supplied", async () => {
2019-07-07 10:03:37 +02:00
const response = await app.post(`/${appName}/api/authenticate`, {
username: credentials.username,
password: credentials.password
2019-06-15 00:03:01 +02:00
})
.expect(statusCodes.OK);
2019-07-07 10:03:37 +02:00
credentials.cookie = response.header['set-cookie'];
2019-06-15 00:03:01 +02:00
});
2019-07-07 10:03:37 +02:00
const testUserName = appName + "_test_user";
2019-06-25 23:48:22 +02:00
let testPassword = "test_user_password";
2019-06-15 00:03:01 +02:00
it("should be able to create new user with authenticated cookie", async () => {
2019-07-07 10:03:37 +02:00
await app.post(`/${appName}/api/createUser`, {
2019-06-14 18:01:01 +02:00
user: {
2019-06-15 00:03:01 +02:00
name: testUserName,
2019-06-14 18:01:01 +02:00
accessLevels:["owner"],
enabled:true
},
2019-06-15 00:03:01 +02:00
password: testPassword
2019-06-14 18:01:01 +02:00
})
2019-07-07 10:03:37 +02:00
.set("cookie", credentials.cookie)
2019-06-14 18:01:01 +02:00
.expect(statusCodes.OK);
2019-06-15 00:03:01 +02:00
});
let newUserCookie;
it("should be able to authenticate with new user", async () => {
2019-07-07 10:03:37 +02:00
const responseNewUser = await app.post(`/${appName}/api/authenticate`, {
2019-06-15 00:03:01 +02:00
username: testUserName,
password: testPassword
})
.expect(statusCodes.OK);
2019-06-14 18:01:01 +02:00
2019-06-15 00:03:01 +02:00
newUserCookie = responseNewUser.header['set-cookie'];
2019-06-14 18:01:01 +02:00
expect(newUserCookie).toBeDefined();
2019-07-07 10:03:37 +02:00
expect(newUserCookie).not.toEqual(credentials.cookie);
2019-06-15 00:03:01 +02:00
app.get("/_master/api/users/")
.set("cookie", newUserCookie)
.expect(statusCodes.OK);
2019-06-14 18:01:01 +02:00
});
2019-06-15 00:03:01 +02:00
2019-06-19 23:05:53 +02:00
it("should not be able to perform requests when user is disabled", async () => {
2019-07-07 10:03:37 +02:00
//HERE
await app.post(`/${appName}/api/disableUser`, {
2019-06-19 23:05:53 +02:00
username: testUserName
})
2019-07-07 10:03:37 +02:00
.set("cookie", credentials.cookie)
2019-06-19 23:05:53 +02:00
.expect(statusCodes.OK);
2019-07-07 10:03:37 +02:00
await app.get(`/${appName}/api/users`)
2019-06-19 23:05:53 +02:00
.set("cookie", newUserCookie)
2019-06-21 15:00:24 +02:00
.expect(statusCodes.UNAUTHORIZED);
2019-06-19 23:05:53 +02:00
2019-07-07 10:03:37 +02:00
await app.post(`/${appName}/api/authenticate`, {
2019-06-19 23:05:53 +02:00
username: testUserName,
password: testPassword
})
.expect(statusCodes.UNAUTHORIZED);
});
it("should not be able to re-authenticate when user is disabled", async () => {
2019-07-07 10:03:37 +02:00
await app.post(`/${appName}/api/authenticate`, {
2019-06-19 23:05:53 +02:00
username: testUserName,
password: testPassword
})
.expect(statusCodes.UNAUTHORIZED);
});
it("should be able with re-authenticate when user is enabled again", async () => {
2019-06-21 09:42:37 +02:00
2019-07-07 10:03:37 +02:00
await app.post(`/${appName}/api/enableUser`, {
2019-06-21 09:42:37 +02:00
username: testUserName
})
2019-07-07 10:03:37 +02:00
.set("cookie", credentials.cookie)
2019-06-21 09:42:37 +02:00
.expect(statusCodes.OK);
2019-07-07 10:03:37 +02:00
await app.post(`/${appName}/api/authenticate`, {
2019-06-19 23:05:53 +02:00
username: testUserName,
password: testPassword
})
.expect(statusCodes.OK);
});
2019-06-25 23:48:22 +02:00
2019-06-28 23:59:27 +02:00
let testUserTempCode;
2019-06-25 23:48:22 +02:00
it("should be able to reset password with temporary access", async () => {
2019-06-28 23:59:27 +02:00
2019-07-07 10:03:37 +02:00
await app.post(`/${appName}/api/createTemporaryAccess`, {
2019-06-25 23:48:22 +02:00
username: testUserName
})
.expect(statusCodes.OK);
testPassword = "test_user_new_password";
2019-06-28 23:59:27 +02:00
// the behaviour that creates the below file is async,
/// to this timeout is giving it a change to work its magic
await timeout(10);
2019-06-25 23:48:22 +02:00
2019-06-28 23:59:27 +02:00
const testUserTempCode = await readFile(`./tests/.data/tempaccess${testUserName}`, "utf8");
2019-07-07 10:03:37 +02:00
await app.post(`/${appName}/api/setPasswordFromTemporaryCode`, {
2019-06-25 23:48:22 +02:00
username: testUserName,
2019-06-28 23:59:27 +02:00
tempCode:testUserTempCode,
2019-06-25 23:48:22 +02:00
newPassword:testPassword
})
.expect(statusCodes.OK);
2019-07-07 10:03:37 +02:00
await app.post(`/${appName}/api/authenticate`, {
2019-06-25 23:48:22 +02:00
username: testUserName,
password: testPassword
})
.expect(statusCodes.OK);
2019-06-28 23:59:27 +02:00
});
it("should not be able to set password with used temp code", async () => {
2019-07-07 10:03:37 +02:00
await app.post(`/${appName}/api/setPasswordFromTemporaryCode`, {
2019-06-28 23:59:27 +02:00
username: testUserName,
tempCode:testUserTempCode,
newPassword:"whatever"
})
.expect(statusCodes.OK);
2019-07-07 10:03:37 +02:00
await app.post(`/${appName}/api/authenticate`, {
2019-06-28 23:59:27 +02:00
username: testUserName,
password: "whatever"
})
.expect(statusCodes.UNAUTHORIZED);
2019-07-07 10:03:37 +02:00
await app.post(`/${appName}/api/authenticate`, {
2019-06-28 23:59:27 +02:00
username: testUserName,
password: testPassword
})
.expect(statusCodes.OK);
2019-06-25 23:48:22 +02:00
});
2019-06-14 18:01:01 +02:00
};