swaf/test/AuthenticationApprovalMode.test.ts

163 lines
5.0 KiB
TypeScript
Raw Permalink Normal View History

import querystring from "querystring";
import supertest from "supertest";
import User from "../src/auth/models/User.js";
import UserApprovedComponent from "../src/auth/models/UserApprovedComponent.js";
import useApp from "./_app.js";
import {authAppProvider, followMagicLinkFromMail} from "./_authentication_common.js";
import {popEmail} from "./_mail_server.js";
const app = useApp(authAppProvider(true, true));
let agent: supertest.SuperTest<supertest.Test>;
beforeAll(() => {
agent = supertest(app().getExpressApp());
});
test('Approval Mode', () => {
expect(User.isApprovalMode()).toStrictEqual(true);
});
describe('Register with username and password (password)', () => {
let cookies: string[];
let csrf: string;
test('General case', async () => {
const res = await agent.get('/csrf').expect(200);
cookies = res.get('Set-Cookie');
csrf = res.text;
// Register user
await agent.post('/auth/register')
.set('Cookie', cookies)
.send({
csrf: csrf,
auth_method: 'password',
identifier: 'entrapta2',
password: 'darla_is_cute',
password_confirmation: 'darla_is_cute',
terms: 'on',
})
.expect(302)
.expect('Location', '/auth/');
// Verify saved user
const user = await User.select()
.where('name', 'entrapta2')
.first();
expect(user).toBeDefined();
expect(user?.isApproved()).toBeFalsy();
expect(user?.as(UserApprovedComponent).approved).toBeFalsy();
// Proof must be revoked
await agent.get('/has-any-password-auth-proof')
.set('Cookie', cookies)
.expect(404);
await popEmail();
});
});
describe('Register with email (magic_link)', () => {
test('General case', async () => {
const res = await agent.get('/csrf').expect(200);
const cookies = res.get('Set-Cookie');
const csrf = res.text;
await agent.post('/auth/register?' + querystring.stringify({redirect_uri: '/redirect-uri'}))
.set('Cookie', cookies)
.send({
csrf: csrf,
auth_method: 'magic_link',
identifier: 'glimmer2@example.org',
name: 'glimmer2',
})
.expect(302)
.expect('Location', '/magic/lobby?redirect_uri=%2Fredirect-uri');
await followMagicLinkFromMail(agent, cookies, '/auth/');
// Verify saved user
const user = await User.select()
.with('mainEmail')
.where('name', 'glimmer2')
.first();
expect(user).toBeDefined();
const email = user?.mainEmail.getOrFail();
expect(email).toBeDefined();
expect(user?.isApproved()).toBeFalsy();
expect(user?.as(UserApprovedComponent).approved).toBeFalsy();
// Proof must be revoked
await agent.get('/has-any-magic-link')
.set('Cookie', cookies)
.expect(404);
await popEmail();
});
});
describe('Authenticate with username and password (password)', () => {
test('Force auth_method', async () => {
const res = await agent.get('/csrf').expect(200);
const cookies = res.get('Set-Cookie');
const csrf = res.text;
// Not authenticated
await agent.get('/is-auth').set('Cookie', cookies).expect(401);
// Authenticate
await agent.post('/auth/login?' + querystring.stringify({redirect_uri: '/redirect-uri'}))
.set('Cookie', cookies)
.send({
csrf: csrf,
identifier: 'entrapta2',
password: 'darla_is_cute',
auth_method: 'password',
})
.expect(302)
.expect('Location', '/auth/');
// Proof must be revoked
await agent.get('/has-any-password-auth-proof')
.set('Cookie', cookies)
.expect(404);
});
});
describe('Authenticate with email (magic_link)', () => {
test('Force auth_method', async () => {
const res = await agent.get('/csrf').expect(200);
const cookies = res.get('Set-Cookie');
const csrf = res.text;
// Not authenticated
await agent.get('/is-auth').set('Cookie', cookies).expect(401);
// Authenticate
await agent.post('/auth/login?' + querystring.stringify({redirect_uri: '/redirect-uri'}))
.accept('json')
.set('Cookie', cookies)
.send({
csrf: csrf,
identifier: 'glimmer2@example.org',
auth_method: 'magic_link',
})
.expect(302)
.expect('Location', '/magic/lobby?redirect_uri=%2Fredirect-uri');
await followMagicLinkFromMail(agent, cookies, '/auth/');
// Proof must be revoked
await agent.get('/has-any-magic-link')
.set('Cookie', cookies)
.expect(404);
});
});