2021-04-09 13:46:53 +02:00
|
|
|
import test from 'ava';
|
|
|
|
import UserService from './user-service';
|
|
|
|
import UserStoreMock from '../../test/fixtures/fake-user-store';
|
|
|
|
import AccessServiceMock from '../../test/fixtures/access-service-mock';
|
|
|
|
import noLogger from '../../test/fixtures/no-logger';
|
|
|
|
import { IUnleashConfig } from '../types/core';
|
2021-04-16 15:29:23 +02:00
|
|
|
import { ResetTokenStoreMock } from '../../test/fixtures/fake-reset-token-store';
|
|
|
|
import ResetTokenService from './reset-token-service';
|
|
|
|
import { EmailService } from './email-service';
|
|
|
|
import OwaspValidationError from '../error/owasp-validation-error';
|
2021-04-09 13:46:53 +02:00
|
|
|
|
|
|
|
const config: IUnleashConfig = {
|
|
|
|
getLogger: noLogger,
|
|
|
|
baseUriPath: '',
|
|
|
|
authentication: { enableApiToken: true, createAdminUser: false },
|
2021-04-16 15:29:23 +02:00
|
|
|
unleashUrl: 'http://localhost:4242',
|
|
|
|
email: undefined,
|
2021-04-09 13:46:53 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
test('Should create new user', async t => {
|
|
|
|
const userStore = new UserStoreMock();
|
|
|
|
const accessService = new AccessServiceMock();
|
2021-04-16 15:29:23 +02:00
|
|
|
const resetTokenStore = new ResetTokenStoreMock();
|
|
|
|
const resetTokenService = new ResetTokenService(
|
|
|
|
{ userStore, resetTokenStore },
|
|
|
|
config,
|
|
|
|
);
|
|
|
|
const emailService = new EmailService(config.email, config.getLogger);
|
|
|
|
|
|
|
|
const service = new UserService({ userStore }, config, {
|
|
|
|
accessService,
|
|
|
|
resetTokenService,
|
|
|
|
emailService,
|
|
|
|
});
|
2021-04-09 13:46:53 +02:00
|
|
|
const user = await service.createUser({
|
|
|
|
username: 'test',
|
|
|
|
rootRole: 1,
|
|
|
|
});
|
|
|
|
const storedUser = await userStore.get(user);
|
|
|
|
const allUsers = await userStore.getAll();
|
|
|
|
|
|
|
|
t.truthy(user.id);
|
|
|
|
t.is(user.username, 'test');
|
|
|
|
t.is(allUsers.length, 1);
|
|
|
|
t.is(storedUser.username, 'test');
|
|
|
|
});
|
|
|
|
|
|
|
|
test('Should create default user', async t => {
|
|
|
|
const userStore = new UserStoreMock();
|
|
|
|
const accessService = new AccessServiceMock();
|
2021-04-16 15:29:23 +02:00
|
|
|
const resetTokenStore = new ResetTokenStoreMock();
|
|
|
|
const resetTokenService = new ResetTokenService(
|
|
|
|
{ userStore, resetTokenStore },
|
|
|
|
config,
|
|
|
|
);
|
|
|
|
const emailService = new EmailService(config.email, config.getLogger);
|
|
|
|
|
|
|
|
const service = new UserService({ userStore }, config, {
|
|
|
|
accessService,
|
|
|
|
resetTokenService,
|
|
|
|
emailService,
|
|
|
|
});
|
2021-04-09 13:46:53 +02:00
|
|
|
|
|
|
|
await service.initAdminUser();
|
|
|
|
|
|
|
|
const user = await service.loginUser('admin', 'admin');
|
|
|
|
t.is(user.username, 'admin');
|
|
|
|
});
|
|
|
|
|
|
|
|
test('Should be a valid password', async t => {
|
|
|
|
const userStore = new UserStoreMock();
|
|
|
|
const accessService = new AccessServiceMock();
|
2021-04-16 15:29:23 +02:00
|
|
|
const resetTokenStore = new ResetTokenStoreMock();
|
|
|
|
const resetTokenService = new ResetTokenService(
|
|
|
|
{ userStore, resetTokenStore },
|
|
|
|
config,
|
|
|
|
);
|
|
|
|
|
|
|
|
const emailService = new EmailService(config.email, config.getLogger);
|
|
|
|
|
|
|
|
const service = new UserService({ userStore }, config, {
|
|
|
|
accessService,
|
|
|
|
resetTokenService,
|
|
|
|
emailService,
|
|
|
|
});
|
2021-04-09 13:46:53 +02:00
|
|
|
|
|
|
|
const valid = service.validatePassword('this is a strong password!');
|
|
|
|
|
|
|
|
t.true(valid);
|
|
|
|
});
|
|
|
|
|
|
|
|
test('Password must be at least 10 chars', async t => {
|
|
|
|
const userStore = new UserStoreMock();
|
|
|
|
const accessService = new AccessServiceMock();
|
2021-04-16 15:29:23 +02:00
|
|
|
const resetTokenStore = new ResetTokenStoreMock();
|
|
|
|
const resetTokenService = new ResetTokenService(
|
|
|
|
{ userStore, resetTokenStore },
|
|
|
|
config,
|
|
|
|
);
|
|
|
|
const emailService = new EmailService(config.email, config.getLogger);
|
|
|
|
|
|
|
|
const service = new UserService({ userStore }, config, {
|
|
|
|
accessService,
|
|
|
|
resetTokenService,
|
|
|
|
emailService,
|
|
|
|
});
|
2021-04-09 13:46:53 +02:00
|
|
|
|
|
|
|
t.throws(() => service.validatePassword('admin'), {
|
|
|
|
message: 'The password must be at least 10 characters long.',
|
2021-04-16 15:29:23 +02:00
|
|
|
instanceOf: OwaspValidationError,
|
2021-04-09 13:46:53 +02:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
test('The password must contain at least one uppercase letter.', async t => {
|
|
|
|
const userStore = new UserStoreMock();
|
|
|
|
const accessService = new AccessServiceMock();
|
2021-04-16 15:29:23 +02:00
|
|
|
const resetTokenStore = new ResetTokenStoreMock();
|
|
|
|
const resetTokenService = new ResetTokenService(
|
|
|
|
{ userStore, resetTokenStore },
|
|
|
|
config,
|
|
|
|
);
|
|
|
|
const emailService = new EmailService(config.email, config.getLogger);
|
|
|
|
|
|
|
|
const service = new UserService({ userStore }, config, {
|
|
|
|
accessService,
|
|
|
|
resetTokenService,
|
|
|
|
emailService,
|
|
|
|
});
|
2021-04-09 13:46:53 +02:00
|
|
|
|
|
|
|
t.throws(() => service.validatePassword('qwertyabcde'), {
|
|
|
|
message: 'The password must contain at least one uppercase letter.',
|
2021-04-16 15:29:23 +02:00
|
|
|
instanceOf: OwaspValidationError,
|
2021-04-09 13:46:53 +02:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
test('The password must contain at least one number', async t => {
|
|
|
|
const userStore = new UserStoreMock();
|
|
|
|
const accessService = new AccessServiceMock();
|
2021-04-16 15:29:23 +02:00
|
|
|
const resetTokenStore = new ResetTokenStoreMock();
|
|
|
|
const resetTokenService = new ResetTokenService(
|
|
|
|
{ userStore, resetTokenStore },
|
|
|
|
config,
|
|
|
|
);
|
|
|
|
|
|
|
|
const emailService = new EmailService(config.email, config.getLogger);
|
|
|
|
const service = new UserService({ userStore }, config, {
|
|
|
|
accessService,
|
|
|
|
resetTokenService,
|
|
|
|
emailService,
|
|
|
|
});
|
2021-04-09 13:46:53 +02:00
|
|
|
|
|
|
|
t.throws(() => service.validatePassword('qwertyabcdE'), {
|
|
|
|
message: 'The password must contain at least one number.',
|
2021-04-16 15:29:23 +02:00
|
|
|
instanceOf: OwaspValidationError,
|
2021-04-09 13:46:53 +02:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
test('The password must contain at least one special character', async t => {
|
|
|
|
const userStore = new UserStoreMock();
|
|
|
|
const accessService = new AccessServiceMock();
|
2021-04-16 15:29:23 +02:00
|
|
|
const resetTokenStore = new ResetTokenStoreMock();
|
|
|
|
const resetTokenService = new ResetTokenService(
|
|
|
|
{ userStore, resetTokenStore },
|
|
|
|
config,
|
|
|
|
);
|
|
|
|
const emailService = new EmailService(config.email, config.getLogger);
|
|
|
|
|
|
|
|
const service = new UserService({ userStore }, config, {
|
|
|
|
accessService,
|
|
|
|
resetTokenService,
|
|
|
|
emailService,
|
|
|
|
});
|
2021-04-09 13:46:53 +02:00
|
|
|
|
|
|
|
t.throws(() => service.validatePassword('qwertyabcdE2'), {
|
|
|
|
message: 'The password must contain at least one special character.',
|
2021-04-16 15:29:23 +02:00
|
|
|
instanceOf: OwaspValidationError,
|
2021-04-09 13:46:53 +02:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
test('Should be a valid password with special chars', async t => {
|
|
|
|
const userStore = new UserStoreMock();
|
|
|
|
const accessService = new AccessServiceMock();
|
2021-04-16 15:29:23 +02:00
|
|
|
const resetTokenStore = new ResetTokenStoreMock();
|
|
|
|
const resetTokenService = new ResetTokenService(
|
|
|
|
{ userStore, resetTokenStore },
|
|
|
|
config,
|
|
|
|
);
|
|
|
|
const emailService = new EmailService(config.email, config.getLogger);
|
|
|
|
|
|
|
|
const service = new UserService({ userStore }, config, {
|
|
|
|
accessService,
|
|
|
|
resetTokenService,
|
|
|
|
emailService,
|
|
|
|
});
|
2021-04-09 13:46:53 +02:00
|
|
|
|
|
|
|
const valid = service.validatePassword('this is a strong password!');
|
|
|
|
|
|
|
|
t.true(valid);
|
|
|
|
});
|