181 lines
5.4 KiB
JavaScript
181 lines
5.4 KiB
JavaScript
const statusCodes = require("../utilities/statusCodes");
|
|
const { readFile } = require("../utilities/fsawait");
|
|
const { timeout } = require("./helpers");
|
|
|
|
module.exports = (app) => {
|
|
|
|
it("should return unauthorized if username is incorrect", async () => {
|
|
await app.post("/_master/api/authenticate", {
|
|
username: "unknownuser",
|
|
password: app.masterAuth.password
|
|
})
|
|
.expect(statusCodes.UNAUTHORIZED);
|
|
})
|
|
|
|
it("should return unauthorized if password is incorrect", async () => {
|
|
await app.post("/_master/api/authenticate", {
|
|
username: app.masterAuth.username,
|
|
password: "incorrect_password"
|
|
})
|
|
.expect(statusCodes.UNAUTHORIZED);
|
|
})
|
|
|
|
it("should not get cookie when unauthorized", async () => {
|
|
const response = await app.post("/_master/api/authenticate", {
|
|
username: app.masterAuth.username,
|
|
password: "incorrect_password"
|
|
});
|
|
|
|
expect(response.header['set-cookie']).toBeUndefined();
|
|
|
|
});
|
|
|
|
it("should return ok correct username and password supplied", async () => {
|
|
|
|
const response = await app.post("/_master/api/authenticate", {
|
|
username: app.masterAuth.username,
|
|
password: app.masterAuth.password
|
|
})
|
|
.expect(statusCodes.OK);
|
|
|
|
app.masterAuth.cookie = response.header['set-cookie'];
|
|
});
|
|
|
|
const testUserName = "test_user";
|
|
let testPassword = "test_user_password";
|
|
it("should be able to create new user with authenticated cookie", async () => {
|
|
|
|
await app.post("/_master/api/createUser", {
|
|
user: {
|
|
name: testUserName,
|
|
accessLevels:["owner"],
|
|
enabled:true
|
|
|
|
},
|
|
password: testPassword
|
|
})
|
|
.set("cookie", app.masterAuth.cookie)
|
|
.expect(statusCodes.OK);
|
|
|
|
|
|
});
|
|
|
|
let newUserCookie;
|
|
it("should be able to authenticate with new user", async () => {
|
|
|
|
const responseNewUser = await app.post("/_master/api/authenticate", {
|
|
username: testUserName,
|
|
password: testPassword
|
|
})
|
|
.expect(statusCodes.OK);
|
|
|
|
newUserCookie = responseNewUser.header['set-cookie'];
|
|
|
|
expect(newUserCookie).toBeDefined();
|
|
expect(newUserCookie).not.toEqual(app.masterAuth.cookie);
|
|
|
|
app.get("/_master/api/users/")
|
|
.set("cookie", newUserCookie)
|
|
.expect(statusCodes.OK);
|
|
});
|
|
|
|
it("should not be able to perform requests when user is disabled", async () => {
|
|
|
|
await app.post("/_master/api/disableUser", {
|
|
username: testUserName
|
|
})
|
|
.set("cookie", app.masterAuth.cookie)
|
|
.expect(statusCodes.OK);
|
|
|
|
await app.get("/_master/api/users/")
|
|
.set("cookie", newUserCookie)
|
|
.expect(statusCodes.UNAUTHORIZED);
|
|
|
|
await app.post("/_master/api/authenticate", {
|
|
username: testUserName,
|
|
password: testPassword
|
|
})
|
|
.expect(statusCodes.UNAUTHORIZED);
|
|
|
|
});
|
|
|
|
it("should not be able to re-authenticate when user is disabled", async () => {
|
|
await app.post("/_master/api/authenticate", {
|
|
username: testUserName,
|
|
password: testPassword
|
|
})
|
|
.expect(statusCodes.UNAUTHORIZED);
|
|
});
|
|
|
|
it("should be able with re-authenticate when user is enabled again", async () => {
|
|
|
|
await app.post("/_master/api/enableUser", {
|
|
username: testUserName
|
|
})
|
|
.set("cookie", app.masterAuth.cookie)
|
|
.expect(statusCodes.OK);
|
|
|
|
await app.post("/_master/api/authenticate", {
|
|
username: testUserName,
|
|
password: testPassword
|
|
})
|
|
.expect(statusCodes.OK);
|
|
});
|
|
|
|
let testUserTempCode;
|
|
it("should be able to reset password with temporary access", async () => {
|
|
|
|
await app.post("/_master/api/createTemporaryAccess", {
|
|
username: testUserName
|
|
})
|
|
.expect(statusCodes.OK);
|
|
|
|
testPassword = "test_user_new_password";
|
|
|
|
// the behaviour that creates the below file is async,
|
|
/// to this timeout is giving it a change to work its magic
|
|
await timeout(10);
|
|
|
|
const testUserTempCode = await readFile(`./tests/.data/tempaccess${testUserName}`, "utf8");
|
|
|
|
await app.post("/_master/api/setPasswordFromTemporaryCode", {
|
|
username: testUserName,
|
|
tempCode:testUserTempCode,
|
|
newPassword:testPassword
|
|
})
|
|
.expect(statusCodes.OK);
|
|
|
|
await app.post("/_master/api/authenticate", {
|
|
username: testUserName,
|
|
password: testPassword
|
|
})
|
|
.expect(statusCodes.OK);
|
|
|
|
|
|
|
|
});
|
|
|
|
it("should not be able to set password with used temp code", async () => {
|
|
|
|
await app.post("/_master/api/setPasswordFromTemporaryCode", {
|
|
username: testUserName,
|
|
tempCode:testUserTempCode,
|
|
newPassword:"whatever"
|
|
})
|
|
.expect(statusCodes.OK);
|
|
|
|
await app.post("/_master/api/authenticate", {
|
|
username: testUserName,
|
|
password: "whatever"
|
|
})
|
|
.expect(statusCodes.UNAUTHORIZED);
|
|
|
|
await app.post("/_master/api/authenticate", {
|
|
username: testUserName,
|
|
password: testPassword
|
|
})
|
|
.expect(statusCodes.OK);
|
|
|
|
});
|
|
};
|