import { setupApphierarchy, validUser, basicAppHierarchyCreator_WithFields, } from "./specHelpers" import { parseTemporaryCode, userAuthFile, USERS_LIST_FILE, getUserByName, } from "../src/authApi/authCommon" describe("authApi > changeMyPassword", () => { it("should be able to authenticate after a change", async () => { const { authApi, app } = await setupApphierarchy( basicAppHierarchyCreator_WithFields ) const u = await validUser(app, authApi, "firstpassword") const firstPasswordCheck = await authApi.authenticate( u.name, "firstpassword" ) expect(firstPasswordCheck).not.toBeNull() const changeResult = await authApi.changeMyPassword( "firstpassword", "secondpassword" ) expect(changeResult).toBe(true) const firstPasswordReCheck = await authApi.authenticate( u.name, "firstpassword" ) expect(firstPasswordReCheck).toBeNull() const secondPasswordCheck = await authApi.authenticate( u.name, "secondpassword" ) expect(secondPasswordCheck).not.toBeNull() }) it("should not change password if current password is incorrect", async () => { const { authApi, app } = await setupApphierarchy( basicAppHierarchyCreator_WithFields ) const u = await validUser(app, authApi, "firstpassword") const changeResult = await authApi.changeMyPassword( "not-firstpassword", "secondpassword" ) expect(changeResult).toBe(false) const secondPasswordCheck = await authApi.authenticate( u.name, "secondpassword" ) expect(secondPasswordCheck).toBeNull() }) it("should be allowed with no permissions", async () => { const { authApi, app } = await setupApphierarchy( basicAppHierarchyCreator_WithFields ) const u = await validUser(app, authApi, "firstpassword") app.withNoPermissions() await authApi.changeMyPassword("firstpassword", "secondpassword") }) }) describe("authApi > resetPasswordFlow", () => { it("should successfully set password from temporary access", async () => { const { authApi, app } = await setupApphierarchy( basicAppHierarchyCreator_WithFields ) const u = await validUser(app, authApi, "firstpassword") const tempCode = await authApi.createTemporaryAccess(u.name) const result = await authApi.setPasswordFromTemporaryCode( tempCode, "secondpassword" ) expect(result).toBe(true) const secondPasswordCheck = await authApi.authenticate( u.name, "secondpassword" ) expect(secondPasswordCheck).not.toBeNull() }) it("should not set password when temporary access expired", async () => { const { authApi, app } = await setupApphierarchy( basicAppHierarchyCreator_WithFields ) const u = await validUser(app, authApi, "firstpassword") const tempCode = await authApi.createTemporaryAccess(u.name) const userAuth = await app.datastore.loadJson(userAuthFile(u.name)) userAuth.temporaryAccessExpiryEpoch = 0 await app.datastore.updateJson(userAuthFile(u.name), userAuth) const result = await authApi.setPasswordFromTemporaryCode( tempCode, "secondpassword" ) expect(result).toBe(false) const secondPasswordCheck = await authApi.authenticate( u.name, "secondpassword" ) expect(secondPasswordCheck).toBeNull() }) it("should still be able to authenticate with password when temp access is set", async () => { const { authApi, app } = await setupApphierarchy( basicAppHierarchyCreator_WithFields ) const u = await validUser(app, authApi, "firstpassword") await authApi.createTemporaryAccess(u.name) const secondPasswordCheck = await authApi.authenticate( u.name, "firstpassword" ) expect(secondPasswordCheck).not.toBeNull() }) }) describe("authApi > createTemporaryAccess", () => { it("should set users accessId annd userAuth hash and expiry", async () => { const { authApi, app } = await setupApphierarchy( basicAppHierarchyCreator_WithFields ) const u = await validUser(app, authApi, "firstpassword") const tempCode = await authApi.createTemporaryAccess(u.name) const tempInfo = parseTemporaryCode(tempCode) const userAuth = await app.datastore.loadJson(userAuthFile(u.name)) const currentTime = await app.getEpochTime() expect( app.crypto.verify(userAuth.temporaryAccessHash, tempInfo.code) ).toBeTruthy() expect(userAuth.temporaryAccessExpiryEpoch).toBeGreaterThan(currentTime) const users = await app.datastore.loadJson(USERS_LIST_FILE) const user = getUserByName(users, u.name) expect(user.temporaryAccessId).toBe(tempInfo.id) }) it("should be allowed with no permissions", async () => { const { authApi, app } = await setupApphierarchy( basicAppHierarchyCreator_WithFields ) const u = await validUser(app, authApi, "firstpassword") app.withNoPermissions() await authApi.createTemporaryAccess(u.name) }) })