2018-01-17 09:46:16 +01:00
|
|
|
'use strict';
|
|
|
|
|
2021-04-22 10:07:10 +02:00
|
|
|
import { createServices } from '../../services';
|
|
|
|
import { createTestConfig } from '../../../test/config/test-config';
|
|
|
|
|
2018-12-17 09:24:49 +01:00
|
|
|
const test = require('ava');
|
2018-01-17 09:46:16 +01:00
|
|
|
const supertest = require('supertest');
|
2020-04-14 22:29:11 +02:00
|
|
|
const { EventEmitter } = require('events');
|
|
|
|
const store = require('../../../test/fixtures/store');
|
2018-01-17 09:46:16 +01:00
|
|
|
const getApp = require('../../app');
|
2021-04-22 23:40:52 +02:00
|
|
|
const User = require('../../types/user');
|
2018-01-17 09:46:16 +01:00
|
|
|
|
|
|
|
const eventBus = new EventEmitter();
|
|
|
|
|
2021-04-22 23:40:52 +02:00
|
|
|
const currentUser = new User({ id: 1337, email: 'test@mail.com' });
|
2018-01-17 09:46:16 +01:00
|
|
|
|
|
|
|
function getSetup() {
|
|
|
|
const base = `/random${Math.round(Math.random() * 1000)}`;
|
|
|
|
const stores = store.createStores();
|
2021-04-22 16:05:59 +02:00
|
|
|
stores.userStore.insert(currentUser);
|
|
|
|
|
2021-04-22 10:07:10 +02:00
|
|
|
const config = createTestConfig({
|
|
|
|
preHook: a => {
|
|
|
|
a.use((req, res, next) => {
|
|
|
|
req.user = currentUser;
|
|
|
|
next();
|
|
|
|
});
|
2018-01-17 09:46:16 +01:00
|
|
|
},
|
2021-04-22 10:07:10 +02:00
|
|
|
server: { baseUriPath: base },
|
|
|
|
});
|
|
|
|
const services = createServices(stores, config);
|
|
|
|
const app = getApp(config, stores, services, eventBus);
|
2018-01-17 09:46:16 +01:00
|
|
|
return {
|
|
|
|
base,
|
2021-04-22 16:05:59 +02:00
|
|
|
userStore: stores.userStore,
|
2018-01-17 09:46:16 +01:00
|
|
|
request: supertest(app),
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2021-04-22 16:05:59 +02:00
|
|
|
test('should return current user', t => {
|
2018-01-17 09:46:16 +01:00
|
|
|
t.plan(1);
|
|
|
|
const { request, base } = getSetup();
|
|
|
|
|
|
|
|
return request
|
|
|
|
.get(`${base}/api/admin/user`)
|
|
|
|
.expect(200)
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(res => {
|
2021-04-22 10:07:10 +02:00
|
|
|
t.is(res.body.user.email, currentUser.email);
|
2018-01-17 09:46:16 +01:00
|
|
|
});
|
|
|
|
});
|
2021-04-22 16:05:59 +02:00
|
|
|
const owaspPassword = 't7GTx&$Y9pcsnxRv6';
|
|
|
|
|
|
|
|
test('should allow user to change password', async t => {
|
|
|
|
t.plan(2);
|
|
|
|
const { request, base, userStore } = getSetup();
|
|
|
|
const before = await userStore.get(currentUser);
|
|
|
|
t.falsy(before.passwordHash);
|
|
|
|
await request
|
|
|
|
.post(`${base}/api/admin/user/change-password`)
|
|
|
|
.send({ password: owaspPassword, confirmPassword: owaspPassword })
|
|
|
|
.expect(200);
|
|
|
|
const updated = await userStore.get(currentUser);
|
|
|
|
t.truthy(updated.passwordHash);
|
|
|
|
});
|
2018-01-17 09:46:16 +01:00
|
|
|
|
2021-04-22 16:05:59 +02:00
|
|
|
test('should deny if password and confirmPassword are not equal', async t => {
|
2018-01-17 09:46:16 +01:00
|
|
|
t.plan(0);
|
|
|
|
const { request, base } = getSetup();
|
2021-04-22 16:05:59 +02:00
|
|
|
return request
|
|
|
|
.post(`${base}/api/admin/user/change-password`)
|
|
|
|
.send({ password: owaspPassword, confirmPassword: 'somethingelse' })
|
|
|
|
.expect(400);
|
|
|
|
});
|
2018-01-17 09:46:16 +01:00
|
|
|
|
2021-04-22 16:05:59 +02:00
|
|
|
test('should deny if password does not fulfill owasp criteria', async t => {
|
|
|
|
t.plan(0);
|
|
|
|
const { request, base } = getSetup();
|
2018-01-17 09:46:16 +01:00
|
|
|
return request
|
2021-04-22 16:05:59 +02:00
|
|
|
.post(`${base}/api/admin/user/change-password`)
|
|
|
|
.send({ password: 'hunter123', confirmPassword: 'hunter123' })
|
|
|
|
.expect(400);
|
2018-01-17 09:46:16 +01:00
|
|
|
});
|