budibase/packages/server/tests/authenticate.js

124 lines
3.6 KiB
JavaScript
Raw Normal View History

2019-06-14 18:01:01 +02:00
const statusCodes = require("../utilities/statusCodes");
module.exports = (app) => {
it("should return unauthorized if username is incorrect", async () => {
await app.post("/_master/api/authenticate", {
username: "unknownuser",
password: app.masterAuth.password
})
.expect(statusCodes.UNAUTHORIZED);
})
it("should return unauthorized if password is incorrect", async () => {
await app.post("/_master/api/authenticate", {
username: app.masterAuth.username,
password: "incorrect_password"
})
.expect(statusCodes.UNAUTHORIZED);
})
it("should not get cookie when unauthorized", async () => {
const response = await app.post("/_master/api/authenticate", {
username: app.masterAuth.username,
password: "incorrect_password"
});
expect(response.header['set-cookie']).toBeUndefined();
});
2019-06-15 00:03:01 +02:00
let ownerCookie;
it("should return ok correct username and password supplied", async () => {
2019-06-14 18:01:01 +02:00
const response = await app.post("/_master/api/authenticate", {
username: app.masterAuth.username,
password: app.masterAuth.password
2019-06-15 00:03:01 +02:00
})
.expect(statusCodes.OK);
ownerCookie = response.header['set-cookie'];
});
const testUserName = "test_user";
const testPassword = "test_user_password";
it("should be able to create new user with authenticated cookie", async () => {
2019-06-14 18:01:01 +02:00
await app.post("/_master/api/createUser", {
user: {
2019-06-15 00:03:01 +02:00
name: testUserName,
2019-06-14 18:01:01 +02:00
accessLevels:["owner"],
enabled:true
},
2019-06-15 00:03:01 +02:00
password: testPassword
2019-06-14 18:01:01 +02:00
})
2019-06-15 00:03:01 +02:00
.set("cookie", ownerCookie)
2019-06-14 18:01:01 +02:00
.expect(statusCodes.OK);
2019-06-15 00:03:01 +02:00
});
let newUserCookie;
it("should be able to authenticate with new user", async () => {
2019-06-14 18:01:01 +02:00
const responseNewUser = await app.post("/_master/api/authenticate", {
2019-06-15 00:03:01 +02:00
username: testUserName,
password: testPassword
})
.expect(statusCodes.OK);
2019-06-14 18:01:01 +02:00
2019-06-15 00:03:01 +02:00
newUserCookie = responseNewUser.header['set-cookie'];
2019-06-14 18:01:01 +02:00
expect(newUserCookie).toBeDefined();
2019-06-15 00:03:01 +02:00
expect(newUserCookie).not.toEqual(ownerCookie);
app.get("/_master/api/users/")
.set("cookie", newUserCookie)
.expect(statusCodes.OK);
2019-06-14 18:01:01 +02:00
});
2019-06-15 00:03:01 +02:00
2019-06-19 23:05:53 +02:00
it("should not be able to perform requests when user is disabled", async () => {
await app.post("/_master/api/disableUser", {
username: testUserName
})
.set("cookie", ownerCookie)
.expect(statusCodes.OK);
await app.get("/_master/api/users/")
.set("cookie", newUserCookie)
2019-06-21 15:00:24 +02:00
.expect(statusCodes.UNAUTHORIZED);
2019-06-19 23:05:53 +02:00
await app.post("/_master/api/authenticate", {
username: testUserName,
password: testPassword
})
.expect(statusCodes.UNAUTHORIZED);
});
it("should not be able to re-authenticate when user is disabled", async () => {
await app.post("/_master/api/authenticate", {
username: testUserName,
password: testPassword
})
.expect(statusCodes.UNAUTHORIZED);
});
it("should be able with re-authenticate when user is enabled again", async () => {
2019-06-21 09:42:37 +02:00
await app.post("/_master/api/enableUser", {
username: testUserName
})
.set("cookie", ownerCookie)
.expect(statusCodes.OK);
2019-06-19 23:05:53 +02:00
await app.post("/_master/api/authenticate", {
username: testUserName,
password: testPassword
})
.expect(statusCodes.OK);
});
2019-06-14 18:01:01 +02:00
};