From 188f2067461188185d3fd114a11484e1abe16f8e Mon Sep 17 00:00:00 2001
From: Philip Molares <philip.molares@udo.edu>
Date: Sun, 25 Sep 2022 11:21:09 +0200
Subject: [PATCH] test(e2e): add tests for too weak passwords

Signed-off-by: Philip Molares <philip.molares@udo.edu>
---
 .../register-and-login.e2e-spec.ts            | 53 +++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/test/private-api/register-and-login.e2e-spec.ts b/test/private-api/register-and-login.e2e-spec.ts
index 62e74bd6f..132fac5c4 100644
--- a/test/private-api/register-and-login.e2e-spec.ts
+++ b/test/private-api/register-and-login.e2e-spec.ts
@@ -85,6 +85,20 @@ describe('Register and Login', () => {
       .expect(409);
   });
 
+  test('a user cannot create a local account with a weak password', async () => {
+    // register a new user
+    const registrationDto: RegisterDto = {
+      displayName: DISPLAYNAME,
+      password: 'test123',
+      username: USERNAME,
+    };
+    await request(testSetup.app.getHttpServer())
+      .post('/api/private/auth/local')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify(registrationDto))
+      .expect(400);
+  });
+
   test('a user can create a local account and change the password', async () => {
     // register a new user
     const registrationDto: RegisterDto = {
@@ -140,4 +154,43 @@ describe('Register and Login', () => {
     // allowed to request profile now
     await session.get('/api/private/me').expect(200);
   });
+
+  test('a user can create a local account and cannot change the password to a weak one', async () => {
+    // register a new user
+    const registrationDto: RegisterDto = {
+      displayName: DISPLAYNAME,
+      password: PASSWORD,
+      username: USERNAME,
+    };
+    await request(testSetup.app.getHttpServer())
+      .post('/api/private/auth/local')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify(registrationDto))
+      .expect(201);
+
+    // log in with the new user and create a session
+    const loginDto: LoginDto = {
+      password: PASSWORD,
+      username: USERNAME,
+    };
+    const newPassword = 'pasword1';
+    const session = request.agent(testSetup.app.getHttpServer());
+    await session
+      .post('/api/private/auth/local/login')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify(loginDto))
+      .expect(201);
+
+    // change the password
+    await session
+      .put('/api/private/auth/local')
+      .set('Content-Type', 'application/json')
+      .send(
+        JSON.stringify({
+          currentPassword: PASSWORD,
+          newPassword: newPassword,
+        }),
+      )
+      .expect(400);
+  });
 });