hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
isekai-main
v1.18.x
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b56d9e12b5'
${ noResults }
nodebb/test/authentication.js

545 lines
15 KiB
JavaScript
Raw Normal View History Unescape Escape

more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
'use strict';
ESlint no-undef, remove global comments
8 years ago
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
upgrade to winston 3.1, closes #6590 (#6838) * upgrade to winston 3.1 * fix winston in web/install and tests
6 years ago
var assert = require('assert');
feat: banned-users group
4 years ago
var async = require('async');
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
var nconf = require('nconf');
var request = require('request');
feat: banned-users group
4 years ago
const util = require('util');
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
var db = require('./mocks/databasemock');
more test fixes
8 years ago
var user = require('../src/user');
feat: update unban logic/invocation and refactor User.bans module * auto unban when User.getUsersFields is called and the user is banned but has expired * cleanups and removal of expiry_readable * expiry_readable make an alias for backward compatibility * User.bans.func vs User.*ban*Func * console.log cleanups, plus todo message added * use code util.deprecate * fix: remove ununsed winston require
6 years ago
var utils = require('../src/utils');
tests for login
8 years ago
var meta = require('../src/meta');
Allow local login,closes #6800 (#6803) * WIP * reset groups cache after every suite
6 years ago
var privileges = require('../src/privileges');
closes #5642
8 years ago
var helpers = require('./helpers');
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
chore: eslint prefer-arrow-callback
4 years ago
describe('authentication', () => {
tests for login
8 years ago
function loginUser(username, password, callback) {
var jar = request.jar();
request({
chore: eslint prefer-template
4 years ago
url: `${nconf.get('url')}/api/config`,
tests for login
8 years ago
json: true,
jar: jar,
chore: eslint prefer-arrow-callback
4 years ago
}, (err, response, body) => {
tests for login
8 years ago
if (err) {
return callback(err);
}
chore: eslint prefer-template
4 years ago
request.post(`${nconf.get('url')}/login`, {
tests for login
8 years ago
form: {
username: username,
password: password,
},
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
},
chore: eslint prefer-arrow-callback
4 years ago
}, (err, response, body) => {
tests for login
8 years ago
callback(err, response, body, jar);
});
});
}
feat: banned-users group
4 years ago
const loginUserPromisified = util.promisify(loginUser);
tests for login
8 years ago
more auth tests
8 years ago
function registerUser(email, username, password, callback) {
var jar = request.jar();
request({
chore: eslint prefer-template
4 years ago
url: `${nconf.get('url')}/api/config`,
more auth tests
8 years ago
json: true,
jar: jar,
chore: eslint prefer-arrow-callback
4 years ago
}, (err, response, body) => {
more auth tests
8 years ago
if (err) {
return callback(err);
}
chore: eslint prefer-template
4 years ago
request.post(`${nconf.get('url')}/register`, {
more auth tests
8 years ago
form: {
email: email,
username: username,
password: password,
Squashed commit of the following: commit 9c86d9b2904e14927cd7e9679b92aec0951d1063 Merge: ebfa63a 5a7f811 Author: Julian Lam <[email protected]> Date: Thu Jul 20 08:41:39 2017 -0400 Merge branch 'noscript-login' of https://github.com/An-dz/NodeBB into noscript commit 5a7f81185e8f9bd7d2d011c3d495988be7e437a3 Author: André Zanghelini <an_dz@simutrans-forum> Date: Mon Jul 17 23:07:14 2017 -0300 Rename clashing variable 'next' commit ebfa63a984073a58c17aa408c363cdb03ef89985 Merge: c1801cd f159d0d Author: Julian Lam <[email protected]> Date: Mon Jul 17 16:30:40 2017 -0400 Merge branch 'noscript-logout' of https://github.com/An-dz/NodeBB into noscript commit c1801cda14e6363491e30b659902e2ae71f7e1f7 Merge: 7a5f9f3 9fd542d Author: Julian Lam <[email protected]> Date: Mon Jul 17 16:30:31 2017 -0400 Merge branch 'noscript-register' of https://github.com/An-dz/NodeBB into noscript commit 7a5f9f35abc834bb72ddddc9ca07d34f2fde8353 Merge: 44851f9 d37b95c Author: Julian Lam <[email protected]> Date: Mon Jul 17 16:30:10 2017 -0400 Merge branch 'noscript-compose' of https://github.com/An-dz/NodeBB into noscript commit f159d0d9ef1b7f600e830a96fdb4b9c87c79bb4a Author: André Zanghelini <an_dz@simutrans-forum> Date: Thu Jul 6 12:16:38 2017 -0300 Prevent form submit Required for theme change commit d37b95cb71d32d4483190609798e244c331db165 Author: André Zanghelini <an_dz@simutrans-forum> Date: Thu Jul 6 01:49:52 2017 -0300 Prevent link action with scripts Required for the theme change that changes the buttons to `a` tags. commit 9fd542d8970b7d1a4126f4edc4b44eab7d708fb0 Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 19:57:56 2017 -0300 Fix tests commit cdad5bf8c2891ad76f7441fd4d8a74b058a14e6d Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 19:09:17 2017 -0300 Update error handling commit 4ff11cd136a4fb98483f837e2cebc741380dfe76 Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 17:29:08 2017 -0300 Remove async waterfall commit df01d44e821a70c984b89e9585a325c3e02c6e37 Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 16:59:43 2017 -0300 Set noscript compose as noscript at start commit 4bcc380da72239b8315cc849a77a3036e06e4a12 Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 16:59:12 2017 -0300 Remove last useless next commit b5eac6fea11e209934c0648a7e75ad07a2167123 Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 18:35:08 2017 -0300 Last function requires no next commit 20a5cce6e6e32a454c304c448383707ec44c75a8 Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 18:06:58 2017 -0300 Remove more useless next calls commit 85ee22a79bcbbb1995106f43d4c74d6ba9206cab Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 17:46:07 2017 -0300 Remove useless next calls commit 7d984c47ad24faac1fe537dee4a5a7d697e8634c Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 15:45:31 2017 -0300 Support old themes commit 4a09dfbd08253115c342a9e829c4e6940cecb8cc Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 15:37:23 2017 -0300 Moved all error handling into helpers function commit 391aa6e67ef9ab67304005e14ac0633cdb630713 Author: André Zanghelini <an_dz@simutrans-forum> Date: Thu Jun 8 15:37:37 2017 -0300 ESLint - Fix mixed conditionals commit 80ccc6fd581d791f31e7ab62de8de611837bfc3c Author: André Zanghelini <an_dz@simutrans-forum> Date: Sat Jun 3 18:08:15 2017 -0300 Compose without scripts commit 2aca811256721238ca0cede4954213d369009885 Author: André Zanghelini <an_dz@simutrans-forum> Date: Sat Jun 3 18:00:44 2017 -0300 Register without scripts commit 097bb51577fb26f8e22f86dc274cb670ab606a8a Author: André Zanghelini <an_dz@simutrans-forum> Date: Sat Jun 3 16:42:15 2017 -0300 Logout without scripts commit d497e08109891079656fee1c145043a9c0e55f2e Author: André Zanghelini <an_dz@simutrans-forum> Date: Sat Jun 3 16:27:10 2017 -0300 Login without script
8 years ago
'password-confirm': password,
fixing tests that broke due to gdpr requirement
7 years ago
gdpr_consent: true,
more auth tests
8 years ago
},
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
},
chore: eslint prefer-arrow-callback
4 years ago
}, (err, response, body) => {
more auth tests
8 years ago
callback(err, response, body, jar);
});
});
}
tests for login
8 years ago
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
var jar = request.jar();
closes #4544
8 years ago
var regularUid;
chore: eslint prefer-arrow-callback
4 years ago
before((done) => {
user.create({ username: 'regular', password: 'regularpwd', email: '[email protected]' }, (err, uid) => {
fix eslint errors
8 years ago
assert.ifError(err);
closes #4544
8 years ago
regularUid = uid;
try require from root
8 years ago
done();
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to create user if username is too short', (done) => {
closes #5907
7 years ago
helpers.registerUser({
username: 'a',
password: '123456',
'password-confirm': '123456',
email: '[email protected]',
chore: eslint prefer-arrow-callback
4 years ago
}, (err, jar, response, body) => {
closes #5907
7 years ago
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
done();
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to create user if userslug is too short', (done) => {
closes #5907
7 years ago
helpers.registerUser({
username: '----a-----',
password: '123456',
'password-confirm': '123456',
email: '[email protected]',
chore: eslint prefer-arrow-callback
4 years ago
}, (err, jar, response, body) => {
closes #5907
7 years ago
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
done();
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to create user if userslug is too short', (done) => {
closes #5907
7 years ago
helpers.registerUser({
username: ' a',
password: '123456',
'password-confirm': '123456',
email: '[email protected]',
chore: eslint prefer-arrow-callback
4 years ago
}, (err, jar, response, body) => {
closes #5907
7 years ago
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
done();
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to create user if userslug is too short', (done) => {
closes #5907
7 years ago
helpers.registerUser({
username: 'a ',
password: '123456',
'password-confirm': '123456',
email: '[email protected]',
chore: eslint prefer-arrow-callback
4 years ago
}, (err, jar, response, body) => {
closes #5907
7 years ago
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
done();
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should register and login a user', (done) => {
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
request({
chore: eslint prefer-template
4 years ago
url: `${nconf.get('url')}/api/config`,
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
json: true,
ESlint comma-dangle
8 years ago
jar: jar,
chore: eslint prefer-arrow-callback
4 years ago
}, (err, response, body) => {
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
assert.ifError(err);
chore: eslint prefer-template
4 years ago
request.post(`${nconf.get('url')}/register`, {
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
form: {
email: '[email protected]',
username: 'admin',
password: 'adminpwd',
Squashed commit of the following: commit 9c86d9b2904e14927cd7e9679b92aec0951d1063 Merge: ebfa63a 5a7f811 Author: Julian Lam <[email protected]> Date: Thu Jul 20 08:41:39 2017 -0400 Merge branch 'noscript-login' of https://github.com/An-dz/NodeBB into noscript commit 5a7f81185e8f9bd7d2d011c3d495988be7e437a3 Author: André Zanghelini <an_dz@simutrans-forum> Date: Mon Jul 17 23:07:14 2017 -0300 Rename clashing variable 'next' commit ebfa63a984073a58c17aa408c363cdb03ef89985 Merge: c1801cd f159d0d Author: Julian Lam <[email protected]> Date: Mon Jul 17 16:30:40 2017 -0400 Merge branch 'noscript-logout' of https://github.com/An-dz/NodeBB into noscript commit c1801cda14e6363491e30b659902e2ae71f7e1f7 Merge: 7a5f9f3 9fd542d Author: Julian Lam <[email protected]> Date: Mon Jul 17 16:30:31 2017 -0400 Merge branch 'noscript-register' of https://github.com/An-dz/NodeBB into noscript commit 7a5f9f35abc834bb72ddddc9ca07d34f2fde8353 Merge: 44851f9 d37b95c Author: Julian Lam <[email protected]> Date: Mon Jul 17 16:30:10 2017 -0400 Merge branch 'noscript-compose' of https://github.com/An-dz/NodeBB into noscript commit f159d0d9ef1b7f600e830a96fdb4b9c87c79bb4a Author: André Zanghelini <an_dz@simutrans-forum> Date: Thu Jul 6 12:16:38 2017 -0300 Prevent form submit Required for theme change commit d37b95cb71d32d4483190609798e244c331db165 Author: André Zanghelini <an_dz@simutrans-forum> Date: Thu Jul 6 01:49:52 2017 -0300 Prevent link action with scripts Required for the theme change that changes the buttons to `a` tags. commit 9fd542d8970b7d1a4126f4edc4b44eab7d708fb0 Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 19:57:56 2017 -0300 Fix tests commit cdad5bf8c2891ad76f7441fd4d8a74b058a14e6d Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 19:09:17 2017 -0300 Update error handling commit 4ff11cd136a4fb98483f837e2cebc741380dfe76 Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 17:29:08 2017 -0300 Remove async waterfall commit df01d44e821a70c984b89e9585a325c3e02c6e37 Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 16:59:43 2017 -0300 Set noscript compose as noscript at start commit 4bcc380da72239b8315cc849a77a3036e06e4a12 Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 16:59:12 2017 -0300 Remove last useless next commit b5eac6fea11e209934c0648a7e75ad07a2167123 Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 18:35:08 2017 -0300 Last function requires no next commit 20a5cce6e6e32a454c304c448383707ec44c75a8 Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 18:06:58 2017 -0300 Remove more useless next calls commit 85ee22a79bcbbb1995106f43d4c74d6ba9206cab Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 17:46:07 2017 -0300 Remove useless next calls commit 7d984c47ad24faac1fe537dee4a5a7d697e8634c Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 15:45:31 2017 -0300 Support old themes commit 4a09dfbd08253115c342a9e829c4e6940cecb8cc Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 15:37:23 2017 -0300 Moved all error handling into helpers function commit 391aa6e67ef9ab67304005e14ac0633cdb630713 Author: André Zanghelini <an_dz@simutrans-forum> Date: Thu Jun 8 15:37:37 2017 -0300 ESLint - Fix mixed conditionals commit 80ccc6fd581d791f31e7ab62de8de611837bfc3c Author: André Zanghelini <an_dz@simutrans-forum> Date: Sat Jun 3 18:08:15 2017 -0300 Compose without scripts commit 2aca811256721238ca0cede4954213d369009885 Author: André Zanghelini <an_dz@simutrans-forum> Date: Sat Jun 3 18:00:44 2017 -0300 Register without scripts commit 097bb51577fb26f8e22f86dc274cb670ab606a8a Author: André Zanghelini <an_dz@simutrans-forum> Date: Sat Jun 3 16:42:15 2017 -0300 Logout without scripts commit d497e08109891079656fee1c145043a9c0e55f2e Author: André Zanghelini <an_dz@simutrans-forum> Date: Sat Jun 3 16:27:10 2017 -0300 Login without script
8 years ago
'password-confirm': 'adminpwd',
more auth tests
8 years ago
userLang: 'it',
fixing tests that broke due to gdpr requirement
7 years ago
gdpr_consent: true,
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
},
json: true,
jar: jar,
headers: {
ESlint comma-dangle
8 years ago
'x-csrf-token': body.csrf_token,
},
chore: eslint prefer-arrow-callback
4 years ago
}, (err, response, body) => {
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
assert.ifError(err);
assert(body);
request({
chore: eslint prefer-template
4 years ago
url: `${nconf.get('url')}/api/self`,
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
json: true,
ESlint comma-dangle
8 years ago
jar: jar,
chore: eslint prefer-arrow-callback
4 years ago
}, (err, response, body) => {
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
assert.ifError(err);
assert(body);
assert.equal(body.username, 'admin');
assert.equal(body.email, '[email protected]');
chore: eslint prefer-arrow-callback
4 years ago
user.getSettings(body.uid, (err, settings) => {
more auth tests
8 years ago
assert.ifError(err);
assert.equal(settings.userLang, 'it');
done();
});
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
});
});
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should logout a user', (done) => {
helpers.logoutUser(jar, (err) => {
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
assert.ifError(err);
closes #5642
8 years ago
request({
chore: eslint prefer-template
4 years ago
url: `${nconf.get('url')}/api/me`,
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
json: true,
jar: jar,
chore: eslint prefer-arrow-callback
4 years ago
}, (err, res, body) => {
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
assert.ifError(err);
Add `/me*` route which redirects to `/user/[userslug]*` (#6063) * Add `/me*` route which redirects to the current user's information - `/me` -> `/user/[usertslug]` - `/me/bookmarks` -> `/user/[userslug]/bookmarks` - `/me/settings` -> `/user/[userslug]/settings` etc * Add tests for `/me/*`
7 years ago
assert.equal(res.statusCode, 401);
fix(writeapi): tests
4 years ago
assert.strictEqual(body.status.code, 'not-authorised');
closes #5642
8 years ago
done();
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
});
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should login a user', (done) => {
loginUser('regular', 'regularpwd', (err, response, body, jar) => {
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
assert.ifError(err);
tests for login
8 years ago
assert(body);
request({
chore: eslint prefer-template
4 years ago
url: `${nconf.get('url')}/api/self`,
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
json: true,
jar: jar,
chore: eslint prefer-arrow-callback
4 years ago
}, (err, response, body) => {
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
assert.ifError(err);
assert(body);
tests for login
8 years ago
assert.equal(body.username, 'regular');
assert.equal(body.email, '[email protected]');
chore: eslint prefer-arrow-callback
4 years ago
db.getObject(`uid:${regularUid}:sessionUUID:sessionId`, (err, sessions) => {
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
assert.ifError(err);
tests for login
8 years ago
assert(sessions);
assert(Object.keys(sessions).length > 0);
done();
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
});
});
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should revoke all sessions', (done) => {
closes #4544
8 years ago
var socketAdmin = require('../src/socket.io/admin');
chore: eslint prefer-arrow-callback
4 years ago
db.sortedSetCard(`uid:${regularUid}:sessions`, (err, count) => {
closes #4544
8 years ago
assert.ifError(err);
assert(count);
chore: eslint prefer-arrow-callback
4 years ago
socketAdmin.deleteAllSessions({ uid: 1 }, {}, (err) => {
closes #4544
8 years ago
assert.ifError(err);
chore: eslint prefer-arrow-callback
4 years ago
db.sortedSetCard(`uid:${regularUid}:sessions`, (err, count) => {
closes #4544
8 years ago
assert.ifError(err);
assert(!count);
done();
});
});
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to login if ip address is invalid', (done) => {
dont allow login with invalid ip, escape ip display on user/info page
7 years ago
var jar = request.jar();
request({
chore: eslint prefer-template
4 years ago
url: `${nconf.get('url')}/api/config`,
dont allow login with invalid ip, escape ip display on user/info page
7 years ago
json: true,
jar: jar,
chore: eslint prefer-arrow-callback
4 years ago
}, (err, response, body) => {
dont allow login with invalid ip, escape ip display on user/info page
7 years ago
if (err) {
return done(err);
}
chore: eslint prefer-template
4 years ago
request.post(`${nconf.get('url')}/login`, {
dont allow login with invalid ip, escape ip display on user/info page
7 years ago
form: {
username: 'regular',
password: 'regularpwd',
},
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
'x-forwarded-for': '<script>alert("xss")</script>',
},
chore: eslint prefer-arrow-callback
4 years ago
}, (err, response, body) => {
dont allow login with invalid ip, escape ip display on user/info page
7 years ago
assert.ifError(err);
assert.equal(response.statusCode, 500);
done();
});
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to login if user does not exist', (done) => {
loginUser('doesnotexist', 'nopassword', (err, response, body) => {
test login for non-existant user
8 years ago
assert.ifError(err);
tests for login
8 years ago
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-login-credentials]]');
done();
});
});
test login for non-existant user
8 years ago
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to login if username is empty', (done) => {
loginUser('', 'some password', (err, response, body) => {
tests for login
8 years ago
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-username-or-password]]');
done();
test login for non-existant user
8 years ago
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to login if password is empty', (done) => {
loginUser('someuser', '', (err, response, body) => {
tests for login
8 years ago
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-username-or-password]]');
done();
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to login if username and password are empty', (done) => {
loginUser('', '', (err, response, body) => {
tests for login
8 years ago
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-username-or-password]]');
done();
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to login if user does not have password field in db', (done) => {
user.create({ username: 'hasnopassword', email: '[email protected]' }, (err, uid) => {
change isPasswordCorrect to return false if user does not have password
6 years ago
assert.ifError(err);
chore: eslint prefer-arrow-callback
4 years ago
loginUser('hasnopassword', 'doesntmatter', (err, response, body) => {
change isPasswordCorrect to return false if user does not have password
6 years ago
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-login-credentials]]');
done();
});
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to login if password is longer than 4096', (done) => {
tests for login
8 years ago
var longPassword;
for (var i = 0; i < 5000; i++) {
longPassword += 'a';
}
chore: eslint prefer-arrow-callback
4 years ago
loginUser('someuser', longPassword, (err, response, body) => {
tests for login
8 years ago
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:password-too-long]]');
done();
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to login if local login is disabled', (done) => {
privileges.global.rescind(['groups:local:login'], 'registered-users', (err) => {
tests for login
8 years ago
assert.ifError(err);
chore: eslint prefer-arrow-callback
4 years ago
loginUser('regular', 'regularpwd', (err, response, body) => {
Allow local login,closes #6800 (#6803) * WIP * reset groups cache after every suite
6 years ago
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:local-login-disabled]]');
feat: add privilege give/rescind hooks (#8336) * feat: add privilege give/rescind hooks action:privileges.categories.give/rescind action:privileges.global.give/rescind breaking change, privileges.categories.give/rescind and privileges.global.give/rescind use full privilege name for groups ie `groups:find` instead of `find` * fix: tests, privileges renamed
5 years ago
privileges.global.give(['groups:local:login'], 'registered-users', done);
Allow local login,closes #6800 (#6803) * WIP * reset groups cache after every suite
6 years ago
});
tests for login
8 years ago
});
});
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to register if registraton is disabled', (done) => {
more auth tests
8 years ago
meta.config.registrationType = 'disabled';
chore: eslint prefer-arrow-callback
4 years ago
registerUser('[email protected]', 'someuser', 'somepassword', (err, response, body) => {
more auth tests
8 years ago
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, 'Forbidden');
done();
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should return error if invitation is not valid', (done) => {
more auth tests
8 years ago
meta.config.registrationType = 'invite-only';
chore: eslint prefer-arrow-callback
4 years ago
registerUser('[email protected]', 'someuser', 'somepassword', (err, response, body) => {
more auth tests
8 years ago
meta.config.registrationType = 'normal';
assert.ifError(err);
assert.equal(response.statusCode, 400);
fix: more tests for #9217
4 years ago
assert.equal(body, '[[register:invite.error-invite-only]]');
more auth tests
8 years ago
done();
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to register if email is falsy', (done) => {
registerUser('', 'someuser', 'somepassword', (err, response, body) => {
more auth tests
8 years ago
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:invalid-email]]');
done();
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to register if username is falsy or too short', (done) => {
registerUser('[email protected]', '', 'somepassword', (err, response, body) => {
more auth tests
8 years ago
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
chore: eslint prefer-arrow-callback
4 years ago
registerUser('[email protected]', 'a', 'somepassword', (err, response, body) => {
more auth tests
8 years ago
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
done();
});
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to register if username is too long', (done) => {
registerUser('[email protected]', 'thisisareallylongusername', '123456', (err, response, body) => {
more auth tests
8 years ago
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-long]]');
done();
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should queue user if ip is used before', (done) => {
fix: #7567, allow invite and approval at the same time
6 years ago
meta.config.registrationApprovalType = 'admin-approval-ip';
chore: eslint prefer-arrow-callback
4 years ago
registerUser('[email protected]', 'anotheruser', 'anotherpwd', (err, response, body) => {
fix: #7567, allow invite and approval at the same time
6 years ago
meta.config.registrationApprovalType = 'normal';
more auth tests
8 years ago
assert.ifError(err);
assert.equal(response.statusCode, 200);
assert.equal(body.message, '[[register:registration-added-to-queue]]');
done();
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should be able to login with email', (done) => {
user.create({ username: 'ginger', password: '123456', email: '[email protected]' }, (err) => {
more auth tests
8 years ago
assert.ifError(err);
chore: eslint prefer-arrow-callback
4 years ago
loginUser('[email protected]', '123456', (err, response) => {
more auth tests
8 years ago
assert.ifError(err);
assert.equal(response.statusCode, 200);
done();
});
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should fail to login if login type is username and an email is sent', (done) => {
more auth tests
8 years ago
meta.config.allowLoginWith = 'username';
chore: eslint prefer-arrow-callback
4 years ago
loginUser('[email protected]', '123456', (err, response, body) => {
more auth tests
8 years ago
meta.config.allowLoginWith = 'username-email';
assert.ifError(err);
fix: broken test due to change in response code
4 years ago
assert.equal(response.statusCode, 400);
more auth tests
8 years ago
assert.equal(body, '[[error:wrong-login-type-username]]');
done();
});
});
chore: eslint prefer-arrow-callback
4 years ago
it('should send 200 if not logged in', (done) => {
more auth tests
8 years ago
var jar = request.jar();
request({
chore: eslint prefer-template
4 years ago
url: `${nconf.get('url')}/api/config`,
more auth tests
8 years ago
json: true,
jar: jar,
chore: eslint prefer-arrow-callback
4 years ago
}, (err, response, body) => {
more auth tests
8 years ago
assert.ifError(err);
chore: eslint prefer-template
4 years ago
request.post(`${nconf.get('url')}/logout`, {
more auth tests
8 years ago
form: {},
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
},
chore: eslint prefer-arrow-callback
4 years ago
}, (err, res, body) => {
more auth tests
8 years ago
assert.ifError(err);
assert.equal(res.statusCode, 200);
assert.equal(body, 'not-logged-in');
done();
});
});
});
chore: eslint prefer-arrow-callback
4 years ago
describe('banned user authentication', () => {
feat: banned-users group
4 years ago
const bannedUser = {
username: 'banme',
pw: '123456',
uid: null,
};
chore: eslint prefer-arrow-callback
4 years ago
before(async () => {
feat: banned-users group
4 years ago
bannedUser.uid = await user.create({ username: 'banme', password: '123456', email: '[email protected]' });
});
chore: eslint prefer-arrow-callback
4 years ago
it('should prevent banned user from logging in', (done) => {
user.bans.ban(bannedUser.uid, 0, 'spammer', (err) => {
more auth tests
8 years ago
assert.ifError(err);
chore: eslint prefer-arrow-callback
4 years ago
loginUser(bannedUser.username, bannedUser.pw, (err, res, body) => {
more auth tests
8 years ago
assert.ifError(err);
assert.equal(res.statusCode, 403);
assert.equal(body, '[[error:user-banned-reason, spammer]]');
chore: eslint prefer-arrow-callback
4 years ago
user.bans.unban(bannedUser.uid, (err) => {
more auth tests
8 years ago
assert.ifError(err);
var expiry = Date.now() + 10000;
chore: eslint prefer-arrow-callback
4 years ago
user.bans.ban(bannedUser.uid, expiry, '', (err) => {
more auth tests
8 years ago
assert.ifError(err);
chore: eslint prefer-arrow-callback
4 years ago
loginUser(bannedUser.username, bannedUser.pw, (err, res, body) => {
more auth tests
8 years ago
assert.ifError(err);
assert.equal(res.statusCode, 403);
chore: eslint prefer-template
4 years ago
assert.equal(body, `[[error:user-banned-reason-until, ${utils.toISOString(expiry)}, No reason given.]]`);
more auth tests
8 years ago
done();
});
});
});
});
});
});
feat: banned-users group
4 years ago
chore: eslint prefer-arrow-callback
4 years ago
it('should allow banned user to log in if the "banned-users" group has "local-login" privilege', async () => {
feat: banned-users group
4 years ago
await privileges.global.give(['groups:local:login'], 'banned-users');
const res = await loginUserPromisified(bannedUser.username, bannedUser.pw);
assert.strictEqual(res.statusCode, 200);
});
chore: eslint prefer-arrow-callback
4 years ago
it('should allow banned user to log in if the user herself has "local-login" privilege', async () => {
feat: banned-users group
4 years ago
await privileges.global.rescind(['groups:local:login'], 'banned-users');
await privileges.categories.give(['local:login'], 0, bannedUser.uid);
const res = await loginUserPromisified(bannedUser.username, bannedUser.pw);
assert.strictEqual(res.statusCode, 200);
});
more auth tests
8 years ago
});
chore: eslint prefer-arrow-callback
4 years ago
it('should lockout account on 3 failed login attempts', (done) => {
test account lock
8 years ago
meta.config.loginAttempts = 3;
var uid;
async.waterfall([
function (next) {
user.create({ username: 'lockme', password: '123456' }, next);
},
function (_uid, next) {
uid = _uid;
loginUser('lockme', 'abcdef', next);
},
function (res, body, jar, next) {
loginUser('lockme', 'abcdef', next);
},
function (res, body, jar, next) {
loginUser('lockme', 'abcdef', next);
},
function (res, body, jar, next) {
loginUser('lockme', 'abcdef', next);
},
function (res, body, jar, next) {
meta.config.loginAttempts = 5;
test login after lock
8 years ago
assert.equal(res.statusCode, 403);
assert.equal(body, '[[error:account-locked]]');
loginUser('lockme', 'abcdef', next);
},
function (res, body, jar, next) {
test account lock
8 years ago
assert.equal(res.statusCode, 403);
assert.equal(body, '[[error:account-locked]]');
chore: eslint prefer-template
4 years ago
db.exists(`lockout:${uid}`, next);
test account lock
8 years ago
},
function (locked, next) {
assert(locked);
next();
},
], done);
});
more tests register/login/logout tests ability to test socket.io emits for logged in users
8 years ago
});