mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-13 14:44:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

test(backend): add regression test for issue #3135

Browse source 
When a PasswordTooWeakError is encountered the newly created user should be removed again. This should prevent registration error from "burning" usernames for further use.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2023-01-08 15:15:56 +01:00 committed by David Mehren
parent 47d1765b12
commit 8ee2d809c7
1 changed files with 163 additions and 129 deletions
Download patch file Download diff file Expand all files Collapse all files

292
backend/test/private-api/auth.e2e-spec.ts
View file

@ -10,6 +10,7 @@
*/ */
import request from 'supertest'; import request from 'supertest';
import { NotInDBError } from '../../src/errors/errors';
import { LoginDto } from '../../src/identity/local/login.dto'; import { LoginDto } from '../../src/identity/local/login.dto';
import { RegisterDto } from '../../src/identity/local/register.dto'; import { RegisterDto } from '../../src/identity/local/register.dto';
import { UpdatePasswordDto } from '../../src/identity/local/update-password.dto'; import { UpdatePasswordDto } from '../../src/identity/local/update-password.dto';
@ -65,6 +66,7 @@ describe('Auth', () => {
(await newUser.identities)[0].passwordHash ?? '', (await newUser.identities)[0].passwordHash ?? '',
), ),
).resolves.toBeTruthy(); ).resolves.toBeTruthy();
await testSetup.userService.deleteUser(newUser);
}); });
describe('fails', () => { describe('fails', () => {
it('when the user already exits', async () => { it('when the user already exits', async () => {
@ -96,151 +98,183 @@ describe('Auth', () => {
testSetup.configService.get('authConfig').local.enableRegister = true; testSetup.configService.get('authConfig').local.enableRegister = true;
}); });
}); });
}); it('correctly deletes a user if the PasswordTooWeakError is encountered', async () => {
const registrationDto: RegisterDto = {
describe('PUT /auth/local', () => { displayName: displayName,
const newPassword = 'new_password'; password: 'test1234',
let cookie = '';
beforeEach(async () => {
const loginDto: LoginDto = {
password: password,
username: username, username: username,
}; };
const response = await request(testSetup.app.getHttpServer()) const response = await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login') .post('/api/private/auth/local')
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(JSON.stringify(loginDto)) .send(JSON.stringify(registrationDto))
.expect(201);
cookie = response.get('Set-Cookie')[0];
});
it('works', async () => {
// Change password
const changePasswordDto: UpdatePasswordDto = {
currentPassword: password,
newPassword: newPassword,
};
await request(testSetup.app.getHttpServer())
.put('/api/private/auth/local')
.set('Content-Type', 'application/json')
.set('Cookie', cookie)
.send(JSON.stringify(changePasswordDto))
.expect(200);
// Successfully login with new password
const loginDto: LoginDto = {
password: newPassword,
username: username,
};
const response = await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginDto))
.expect(201);
cookie = response.get('Set-Cookie')[0];
// Reset password
const changePasswordBackDto: UpdatePasswordDto = {
currentPassword: newPassword,
newPassword: password,
};
await request(testSetup.app.getHttpServer())
.put('/api/private/auth/local')
.set('Content-Type', 'application/json')
.set('Cookie', cookie)
.send(JSON.stringify(changePasswordBackDto))
.expect(200);
});
it('fails, when registration is disabled', async () => {
testSetup.configService.get('authConfig').local.enableLogin = false;
// Try to change password
const changePasswordDto: UpdatePasswordDto = {
currentPassword: password,
newPassword: newPassword,
};
await request(testSetup.app.getHttpServer())
.put('/api/private/auth/local')
.set('Content-Type', 'application/json')
.set('Cookie', cookie)
.send(JSON.stringify(changePasswordDto))
.expect(400); .expect(400);
// enable login again expect(response.text).toContain('PasswordTooWeakError');
testSetup.configService.get('authConfig').local.enableLogin = true; await expect(() =>
// new password doesn't work for login testSetup.userService.getUserByUsername(username, [
const loginNewPasswordDto: LoginDto = { UserRelationEnum.IDENTITIES,
password: newPassword, ]),
username: username, ).rejects.toThrow(NotInDBError);
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginNewPasswordDto))
.expect(401);
// old password does work for login
const loginOldPasswordDto: LoginDto = {
password: password,
username: username,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginOldPasswordDto))
.expect(201);
});
it('fails, when old password is wrong', async () => {
// Try to change password
const changePasswordDto: UpdatePasswordDto = {
currentPassword: 'wrong',
newPassword: newPassword,
};
await request(testSetup.app.getHttpServer())
.put('/api/private/auth/local')
.set('Content-Type', 'application/json')
.set('Cookie', cookie)
.send(JSON.stringify(changePasswordDto))
.expect(401);
// old password still does work for login
const loginOldPasswordDto: LoginDto = {
password: password,
username: username,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginOldPasswordDto))
.expect(201);
}); });
}); });
describe('POST /auth/local/login', () => { describe('Already existing user', () => {
it('works', async () => { beforeAll(async () => {
testSetup.configService.get('authConfig').local.enableLogin = true; const registrationDto: RegisterDto = {
const loginDto: LoginDto = { displayName: displayName,
password: password, password: password,
username: username, username: username,
}; };
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login') .post('/api/private/auth/local')
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(JSON.stringify(loginDto)) .send(JSON.stringify(registrationDto))
.expect(201); .expect(201);
}); });
}); describe('PUT /auth/local', () => {
const newPassword = 'new_password';
let cookie = '';
beforeEach(async () => {
const loginDto: LoginDto = {
password: password,
username: username,
};
const response = await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginDto))
.expect(201);
cookie = response.get('Set-Cookie')[0];
});
it('works', async () => {
// Change password
const changePasswordDto: UpdatePasswordDto = {
currentPassword: password,
newPassword: newPassword,
};
await request(testSetup.app.getHttpServer())
.put('/api/private/auth/local')
.set('Content-Type', 'application/json')
.set('Cookie', cookie)
.send(JSON.stringify(changePasswordDto))
.expect(200);
// Successfully login with new password
const loginDto: LoginDto = {
password: newPassword,
username: username,
};
const response = await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginDto))
.expect(201);
cookie = response.get('Set-Cookie')[0];
// Reset password
const changePasswordBackDto: UpdatePasswordDto = {
currentPassword: newPassword,
newPassword: password,
};
await request(testSetup.app.getHttpServer())
.put('/api/private/auth/local')
.set('Content-Type', 'application/json')
.set('Cookie', cookie)
.send(JSON.stringify(changePasswordBackDto))
.expect(200);
});
it('fails, when registration is disabled', async () => {
testSetup.configService.get('authConfig').local.enableLogin = false;
// Try to change password
const changePasswordDto: UpdatePasswordDto = {
currentPassword: password,
newPassword: newPassword,
};
await request(testSetup.app.getHttpServer())
.put('/api/private/auth/local')
.set('Content-Type', 'application/json')
.set('Cookie', cookie)
.send(JSON.stringify(changePasswordDto))
.expect(400);
// enable login again
testSetup.configService.get('authConfig').local.enableLogin = true;
// new password doesn't work for login
const loginNewPasswordDto: LoginDto = {
password: newPassword,
username: username,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginNewPasswordDto))
.expect(401);
// old password does work for login
const loginOldPasswordDto: LoginDto = {
password: password,
username: username,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginOldPasswordDto))
.expect(201);
});
it('fails, when old password is wrong', async () => {
// Try to change password
const changePasswordDto: UpdatePasswordDto = {
currentPassword: 'wrong',
newPassword: newPassword,
};
await request(testSetup.app.getHttpServer())
.put('/api/private/auth/local')
.set('Content-Type', 'application/json')
.set('Cookie', cookie)
.send(JSON.stringify(changePasswordDto))
.expect(401);
// old password still does work for login
const loginOldPasswordDto: LoginDto = {
password: password,
username: username,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginOldPasswordDto))
.expect(201);
});
});
describe('DELETE /auth/logout', () => { describe('POST /auth/local/login', () => {
it('works', async () => { it('works', async () => {
testSetup.configService.get('authConfig').local.enableLogin = true; testSetup.configService.get('authConfig').local.enableLogin = true;
const loginDto: LoginDto = { const loginDto: LoginDto = {
password: password, password: password,
username: username, username: username,
}; };
const response = await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login') .post('/api/private/auth/local/login')
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(JSON.stringify(loginDto)) .send(JSON.stringify(loginDto))
.expect(201); .expect(201);
const cookie = response.get('Set-Cookie')[0]; });
await request(testSetup.app.getHttpServer()) });
.delete('/api/private/auth/logout')
.set('Cookie', cookie) describe('DELETE /auth/logout', () => {
.expect(204); it('works', async () => {
testSetup.configService.get('authConfig').local.enableLogin = true;
const loginDto: LoginDto = {
password: password,
username: username,
};
const response = await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginDto))
.expect(201);
const cookie = response.get('Set-Cookie')[0];
await request(testSetup.app.getHttpServer())
.delete('/api/private/auth/logout')
.set('Cookie', cookie)
.expect(204);
});
}); });
}); });
}); });