budibase/packages/core/test/authApi.changePassword.spec.js

161 lines
4.9 KiB
JavaScript

import {
setupApphierarchy,
validUser,
basicAppHierarchyCreator_WithFields,
} from "./specHelpers"
import {
parseTemporaryCode,
userAuthFile,
USERS_LIST_FILE,
getUserByName,
} from "../src/authApi/authCommon"
describe("authApi > changeMyPassword", () => {
it("should be able to authenticate after a change", async () => {
const { authApi, app } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const u = await validUser(app, authApi, "firstpassword")
const firstPasswordCheck = await authApi.authenticate(
u.name,
"firstpassword"
)
expect(firstPasswordCheck).not.toBeNull()
const changeResult = await authApi.changeMyPassword(
"firstpassword",
"secondpassword"
)
expect(changeResult).toBe(true)
const firstPasswordReCheck = await authApi.authenticate(
u.name,
"firstpassword"
)
expect(firstPasswordReCheck).toBeNull()
const secondPasswordCheck = await authApi.authenticate(
u.name,
"secondpassword"
)
expect(secondPasswordCheck).not.toBeNull()
})
it("should not change password if current password is incorrect", async () => {
const { authApi, app } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const u = await validUser(app, authApi, "firstpassword")
const changeResult = await authApi.changeMyPassword(
"not-firstpassword",
"secondpassword"
)
expect(changeResult).toBe(false)
const secondPasswordCheck = await authApi.authenticate(
u.name,
"secondpassword"
)
expect(secondPasswordCheck).toBeNull()
})
it("should be allowed with no permissions", async () => {
const { authApi, app } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const u = await validUser(app, authApi, "firstpassword")
app.withNoPermissions()
await authApi.changeMyPassword("firstpassword", "secondpassword")
})
})
describe("authApi > resetPasswordFlow", () => {
it("should successfully set password from temporary access", async () => {
const { authApi, app } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const u = await validUser(app, authApi, "firstpassword")
const tempCode = await authApi.createTemporaryAccess(u.name)
const result = await authApi.setPasswordFromTemporaryCode(
tempCode,
"secondpassword"
)
expect(result).toBe(true)
const secondPasswordCheck = await authApi.authenticate(
u.name,
"secondpassword"
)
expect(secondPasswordCheck).not.toBeNull()
})
it("should not set password when temporary access expired", async () => {
const { authApi, app } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const u = await validUser(app, authApi, "firstpassword")
const tempCode = await authApi.createTemporaryAccess(u.name)
const userAuth = await app.datastore.loadJson(userAuthFile(u.name))
userAuth.temporaryAccessExpiryEpoch = 0
await app.datastore.updateJson(userAuthFile(u.name), userAuth)
const result = await authApi.setPasswordFromTemporaryCode(
tempCode,
"secondpassword"
)
expect(result).toBe(false)
const secondPasswordCheck = await authApi.authenticate(
u.name,
"secondpassword"
)
expect(secondPasswordCheck).toBeNull()
})
it("should still be able to authenticate with password when temp access is set", async () => {
const { authApi, app } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const u = await validUser(app, authApi, "firstpassword")
await authApi.createTemporaryAccess(u.name)
const secondPasswordCheck = await authApi.authenticate(
u.name,
"firstpassword"
)
expect(secondPasswordCheck).not.toBeNull()
})
})
describe("authApi > createTemporaryAccess", () => {
it("should set users accessId annd userAuth hash and expiry", async () => {
const { authApi, app } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const u = await validUser(app, authApi, "firstpassword")
const tempCode = await authApi.createTemporaryAccess(u.name)
const tempInfo = parseTemporaryCode(tempCode)
const userAuth = await app.datastore.loadJson(userAuthFile(u.name))
const currentTime = await app.getEpochTime()
expect(
app.crypto.verify(userAuth.temporaryAccessHash, tempInfo.code)
).toBeTruthy()
expect(userAuth.temporaryAccessExpiryEpoch).toBeGreaterThan(currentTime)
const users = await app.datastore.loadJson(USERS_LIST_FILE)
const user = getUserByName(users, u.name)
expect(user.temporaryAccessId).toBe(tempInfo.id)
})
it("should be allowed with no permissions", async () => {
const { authApi, app } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const u = await validUser(app, authApi, "firstpassword")
app.withNoPermissions()
await authApi.createTemporaryAccess(u.name)
})
})