hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tests for login

Browse Source
v1.18.x
Barış Soner Uşaklı 8 years ago
parent fa5026c92e
commit 1e83d33283
2 changed files with 121 additions and 77 deletions
Show Stats Download Patch File Download Diff File

54
src/controllers/authentication.js
Unescape Escape View File

@ -282,14 +282,14 @@ authenticationController.doLogin = function (req, uid, callback) {
if (!uid) { if (!uid) {
return callback(); return callback();
} }
async.waterfall([
req.login({ uid: uid }, function (err) { function (next) {
if (err) { req.login({ uid: uid }, next);
return callback(err); },
} function (next) {
authenticationController.onSuccessfulLogin(req, uid, next);
authenticationController.onSuccessfulLogin(req, uid, callback); },
}); ], callback);
}; };
authenticationController.onSuccessfulLogin = function (req, uid, callback) { authenticationController.onSuccessfulLogin = function (req, uid, callback) {
@ -312,28 +312,30 @@ authenticationController.onSuccessfulLogin = function (req, uid, callback) {
version: req.useragent.version, version: req.useragent.version,
}); });
// Associate login session with user async.waterfall([
async.parallel([
function (next) {
user.auth.addSession(uid, req.sessionID, next);
},
function (next) { function (next) {
db.setObjectField('uid:' + uid + ':sessionUUID:sessionId', uuid, req.sessionID, next); async.parallel([
function (next) {
user.auth.addSession(uid, req.sessionID, next);
},
function (next) {
db.setObjectField('uid:' + uid + ':sessionUUID:sessionId', uuid, req.sessionID, next);
},
function (next) {
user.updateLastOnlineTime(uid, next);
},
], function (err) {
next(err);
});
}, },
function (next) { function (next) {
user.updateLastOnlineTime(uid, next); // Force session check for all connected socket.io clients with the same session id
}, sockets.in('sess_' + req.sessionID).emit('checkSession', uid);
], function (err) {
if (err) {
return callback(err);
}
// Force session check for all connected socket.io clients with the same session id
sockets.in('sess_' + req.sessionID).emit('checkSession', uid);
plugins.fireHook('action:user.loggedIn', { uid: uid, req: req }); plugins.fireHook('action:user.loggedIn', { uid: uid, req: req });
callback(); next();
}); },
], callback);
}; };
authenticationController.localLogin = function (req, username, password, next) { authenticationController.localLogin = function (req, username, password, next) {

144
test/authentication.js
Unescape Escape View File

@ -7,8 +7,37 @@ var request = require('request');
var db = require('./mocks/databasemock'); var db = require('./mocks/databasemock');
var user = require('../src/user'); var user = require('../src/user');
var meta = require('../src/meta');
describe('authentication', function () { describe('authentication', function () {
function loginUser(username, password, callback) {
var jar = request.jar();
request({
url: nconf.get('url') + '/api/config',
json: true,
jar: jar,
}, function (err, response, body) {
if (err) {
return callback(err);
}
request.post(nconf.get('url') + '/login', {
form: {
username: username,
password: password,
},
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
},
}, function (err, response, body) {
callback(err, response, body, jar);
});
});
}
var jar = request.jar(); var jar = request.jar();
var regularUid; var regularUid;
before(function (done) { before(function (done) {
@ -89,43 +118,24 @@ describe('authentication', function () {
}); });
it('should login a user', function (done) { it('should login a user', function (done) {
var jar = request.jar(); loginUser('regular', 'regularpwd', function (err, response, body, jar) {
request({
url: nconf.get('url') + '/api/config',
json: true,
jar: jar,
}, function (err, response, body) {
assert.ifError(err); assert.ifError(err);
assert(body);
request.post(nconf.get('url') + '/login', { request({
form: { url: nconf.get('url') + '/api/me',
username: 'regular',
password: 'regularpwd',
},
json: true, json: true,
jar: jar, jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
},
}, function (err, response, body) { }, function (err, response, body) {
assert.ifError(err); assert.ifError(err);
assert(body); assert(body);
assert.equal(body.username, 'regular');
request({ assert.equal(body.email, 'regular@nodebb.org');
url: nconf.get('url') + '/api/me', db.getObject('uid:' + regularUid + ':sessionUUID:sessionId', function (err, sessions) {
json: true,
jar: jar,
}, function (err, response, body) {
assert.ifError(err); assert.ifError(err);
assert(body); assert(sessions);
assert.equal(body.username, 'regular'); assert(Object.keys(sessions).length > 0);
assert.equal(body.email, 'regular@nodebb.org'); done();
db.getObject('uid:' + regularUid + ':sessionUUID:sessionId', function (err, sessions) {
assert.ifError(err);
assert(sessions);
assert(Object.keys(sessions).length > 0);
done();
});
}); });
}); });
}); });
@ -148,33 +158,65 @@ describe('authentication', function () {
}); });
it('should fail to login if user does not exist', function (done) { it('should fail to login if user does not exist', function (done) {
var jar = request.jar(); loginUser('doesnotexist', 'nopassword', function (err, response, body) {
request({
url: nconf.get('url') + '/api/config',
json: true,
jar: jar,
}, function (err, response, body) {
assert.ifError(err); assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-login-credentials]]');
done();
});
});
request.post(nconf.get('url') + '/login', { it('should fail to login if username is empty', function (done) {
form: { loginUser('', 'some password', function (err, response, body) {
username: 'doesnotexist', assert.ifError(err);
password: 'nopassword', assert.equal(response.statusCode, 403);
}, assert.equal(body, '[[error:invalid-username-or-password]]');
json: true, done();
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
},
}, function (err, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-login-credentials]]');
done();
});
}); });
}); });
it('should fail to login if password is empty', function (done) {
loginUser('someuser', '', function (err, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-username-or-password]]');
done();
});
});
it('should fail to login if username and password are empty', function (done) {
loginUser('', '', function (err, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-username-or-password]]');
done();
});
});
it('should fail to login if password is longer than 4096', function (done) {
var longPassword;
for (var i = 0; i < 5000; i++) {
longPassword += 'a';
}
loginUser('someuser', longPassword, function (err, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:password-too-long]]');
done();
});
});
it('should fail to login if local login is disabled', function (done) {
meta.config.allowLocalLogin = 0;
loginUser('someuser', 'somepass', function (err, response, body) {
meta.config.allowLocalLogin = 1;
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:local-login-disabled]]');
done();
});
});
after(function (done) { after(function (done) {
db.emptydb(done); db.emptydb(done);

Write Preview
Loading…
Cancel
Save