Authentication tests: add authenticate with username and password tests
This commit is contained in:
parent
35129cd4f1
commit
a5ee9922ec
@ -10,6 +10,7 @@ import UserNameComponent from "../src/auth/models/UserNameComponent";
|
|||||||
import UserPasswordComponent from "../src/auth/password/UserPasswordComponent";
|
import UserPasswordComponent from "../src/auth/password/UserPasswordComponent";
|
||||||
import {popEmail} from "./_mail_server";
|
import {popEmail} from "./_mail_server";
|
||||||
import AuthComponent from "../src/auth/AuthComponent";
|
import AuthComponent from "../src/auth/AuthComponent";
|
||||||
|
import {log} from "../src/Logger";
|
||||||
|
|
||||||
let app: TestApp;
|
let app: TestApp;
|
||||||
useApp(async (addr, port) => {
|
useApp(async (addr, port) => {
|
||||||
@ -55,6 +56,20 @@ async function followMagicLinkFromMail(cookies: string[]): Promise<void> {
|
|||||||
.expect('Location', '/');
|
.expect('Location', '/');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async function testLogout(cookies: string[], csrf: string): Promise<void> {
|
||||||
|
// Authenticated
|
||||||
|
await agent.get('/is-auth').set('Cookie', cookies).expect(200);
|
||||||
|
|
||||||
|
// Logout
|
||||||
|
await agent.post('/auth/logout')
|
||||||
|
.set('Cookie', cookies)
|
||||||
|
.send({csrf: csrf})
|
||||||
|
.expect(302);
|
||||||
|
|
||||||
|
// Not authenticated
|
||||||
|
await agent.get('/is-auth').set('Cookie', cookies).expect(401);
|
||||||
|
}
|
||||||
|
|
||||||
let agent: supertest.SuperTest<supertest.Test>;
|
let agent: supertest.SuperTest<supertest.Test>;
|
||||||
|
|
||||||
beforeAll(() => {
|
beforeAll(() => {
|
||||||
@ -305,7 +320,163 @@ describe('Register with email (magic_link)', () => {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('Authenticating with email (magic_link)', () => {
|
describe('Authenticate with username and password', () => {
|
||||||
|
test('Force auth_method', async () => {
|
||||||
|
let res = await agent.get('/csrf').expect(200);
|
||||||
|
const cookies = res.get('Set-Cookie');
|
||||||
|
const csrf = res.text;
|
||||||
|
|
||||||
|
// Not authenticated
|
||||||
|
await agent.get('/is-auth').set('Cookie', cookies).expect(401);
|
||||||
|
|
||||||
|
// Bad password
|
||||||
|
res = await agent.post('/auth/login')
|
||||||
|
.set('Cookie', cookies)
|
||||||
|
.send({
|
||||||
|
csrf: csrf,
|
||||||
|
identifier: 'entrapta',
|
||||||
|
password: 'darla_is_not_cute',
|
||||||
|
auth_method: 'password',
|
||||||
|
})
|
||||||
|
.expect(400);
|
||||||
|
expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
|
||||||
|
|
||||||
|
// Authenticate
|
||||||
|
await agent.post('/auth/login')
|
||||||
|
.set('Cookie', cookies)
|
||||||
|
.send({
|
||||||
|
csrf: csrf,
|
||||||
|
identifier: 'entrapta',
|
||||||
|
password: 'darla_is_cute',
|
||||||
|
auth_method: 'password',
|
||||||
|
})
|
||||||
|
.expect(302)
|
||||||
|
.expect('Location', '/');
|
||||||
|
|
||||||
|
await testLogout(cookies, csrf);
|
||||||
|
});
|
||||||
|
|
||||||
|
test('Automatic auth_method', async () => {
|
||||||
|
let res = await agent.get('/csrf').expect(200);
|
||||||
|
const cookies = res.get('Set-Cookie');
|
||||||
|
const csrf = res.text;
|
||||||
|
|
||||||
|
// Not authenticated
|
||||||
|
await agent.get('/is-auth').set('Cookie', cookies).expect(401);
|
||||||
|
|
||||||
|
// Bad password
|
||||||
|
res = await agent.post('/auth/login')
|
||||||
|
.set('Cookie', cookies)
|
||||||
|
.send({
|
||||||
|
csrf: csrf,
|
||||||
|
identifier: 'entrapta',
|
||||||
|
password: 'darla_is_not_cute',
|
||||||
|
})
|
||||||
|
.expect(400);
|
||||||
|
expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
|
||||||
|
|
||||||
|
// Authenticate
|
||||||
|
await agent.post('/auth/login')
|
||||||
|
.set('Cookie', cookies)
|
||||||
|
.send({
|
||||||
|
csrf: csrf,
|
||||||
|
identifier: 'entrapta',
|
||||||
|
password: 'darla_is_cute',
|
||||||
|
})
|
||||||
|
.expect(302)
|
||||||
|
.expect('Location', '/');
|
||||||
|
|
||||||
|
await testLogout(cookies, csrf);
|
||||||
|
});
|
||||||
|
|
||||||
|
test('Non-existing username', async () => {
|
||||||
|
let res = await agent.get('/csrf').expect(200);
|
||||||
|
const cookies = res.get('Set-Cookie');
|
||||||
|
const csrf = res.text;
|
||||||
|
|
||||||
|
// Not authenticated
|
||||||
|
await agent.get('/is-auth').set('Cookie', cookies).expect(401);
|
||||||
|
|
||||||
|
// Authenticate
|
||||||
|
res = await agent.post('/auth/login')
|
||||||
|
.set('Cookie', cookies)
|
||||||
|
.send({
|
||||||
|
csrf: csrf,
|
||||||
|
identifier: 'i_do_not_exist',
|
||||||
|
password: 'there_is_no_point',
|
||||||
|
auth_method: 'password',
|
||||||
|
})
|
||||||
|
.expect(400);
|
||||||
|
expect(res.body.messages?.identifier?.name).toStrictEqual('UnknownRelationValidationError');
|
||||||
|
|
||||||
|
// Authenticate (automatic method)
|
||||||
|
res = await agent.post('/auth/login')
|
||||||
|
.set('Cookie', cookies)
|
||||||
|
.send({
|
||||||
|
csrf: csrf,
|
||||||
|
identifier: 'i_do_not_exist',
|
||||||
|
password: 'there_is_no_point',
|
||||||
|
auth_method: 'password',
|
||||||
|
})
|
||||||
|
.expect(400);
|
||||||
|
expect(res.body.messages?.identifier?.name).toStrictEqual('UnknownRelationValidationError');
|
||||||
|
});
|
||||||
|
|
||||||
|
test('No password user', async () => {
|
||||||
|
let res = await agent.get('/csrf').expect(200);
|
||||||
|
const cookies = res.get('Set-Cookie');
|
||||||
|
const csrf = res.text;
|
||||||
|
|
||||||
|
// Not authenticated
|
||||||
|
await agent.get('/is-auth').set('Cookie', cookies).expect(401);
|
||||||
|
|
||||||
|
// Authenticate
|
||||||
|
res = await agent.post('/auth/login')
|
||||||
|
.set('Cookie', cookies)
|
||||||
|
.send({
|
||||||
|
csrf: csrf,
|
||||||
|
identifier: 'glimmer',
|
||||||
|
password: '',
|
||||||
|
auth_method: 'password',
|
||||||
|
})
|
||||||
|
.expect(400);
|
||||||
|
expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
|
||||||
|
|
||||||
|
// Authenticate (automatic method)
|
||||||
|
res = await agent.post('/auth/login')
|
||||||
|
.set('Cookie', cookies)
|
||||||
|
.send({
|
||||||
|
csrf: csrf,
|
||||||
|
identifier: 'glimmer',
|
||||||
|
password: '',
|
||||||
|
})
|
||||||
|
.expect(400);
|
||||||
|
expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
|
||||||
|
|
||||||
|
// Authenticate without password
|
||||||
|
res = await agent.post('/auth/login')
|
||||||
|
.set('Cookie', cookies)
|
||||||
|
.send({
|
||||||
|
csrf: csrf,
|
||||||
|
identifier: 'angella',
|
||||||
|
auth_method: 'password',
|
||||||
|
})
|
||||||
|
.expect(400);
|
||||||
|
expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
|
||||||
|
|
||||||
|
// Authenticate without password (automatic method)
|
||||||
|
res = await agent.post('/auth/login')
|
||||||
|
.set('Cookie', cookies)
|
||||||
|
.send({
|
||||||
|
csrf: csrf,
|
||||||
|
identifier: 'angella',
|
||||||
|
})
|
||||||
|
.expect(400);
|
||||||
|
expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
describe('Authenticate with email (magic_link)', () => {
|
||||||
test('Force auth_method', async () => {
|
test('Force auth_method', async () => {
|
||||||
const res = await agent.get('/csrf').expect(200);
|
const res = await agent.get('/csrf').expect(200);
|
||||||
const cookies = res.get('Set-Cookie');
|
const cookies = res.get('Set-Cookie');
|
||||||
@ -327,17 +498,7 @@ describe('Authenticating with email (magic_link)', () => {
|
|||||||
|
|
||||||
await followMagicLinkFromMail(cookies);
|
await followMagicLinkFromMail(cookies);
|
||||||
|
|
||||||
// Authenticated
|
await testLogout(cookies, csrf);
|
||||||
await agent.get('/is-auth').set('Cookie', cookies).expect(200);
|
|
||||||
|
|
||||||
// Logout
|
|
||||||
await agent.post('/auth/logout')
|
|
||||||
.set('Cookie', cookies)
|
|
||||||
.send({csrf: csrf})
|
|
||||||
.expect(302);
|
|
||||||
|
|
||||||
// Not authenticated
|
|
||||||
await agent.get('/is-auth').set('Cookie', cookies).expect(401);
|
|
||||||
});
|
});
|
||||||
|
|
||||||
test('Automatic auth_method', async () => {
|
test('Automatic auth_method', async () => {
|
||||||
@ -360,17 +521,7 @@ describe('Authenticating with email (magic_link)', () => {
|
|||||||
|
|
||||||
await followMagicLinkFromMail(cookies);
|
await followMagicLinkFromMail(cookies);
|
||||||
|
|
||||||
// Authenticated
|
await testLogout(cookies, csrf);
|
||||||
await agent.get('/is-auth').set('Cookie', cookies).expect(200);
|
|
||||||
|
|
||||||
// Logout
|
|
||||||
await agent.post('/auth/logout')
|
|
||||||
.set('Cookie', cookies)
|
|
||||||
.send({csrf: csrf})
|
|
||||||
.expect(302);
|
|
||||||
|
|
||||||
// Not authenticated
|
|
||||||
await agent.get('/is-auth').set('Cookie', cookies).expect(401);
|
|
||||||
});
|
});
|
||||||
|
|
||||||
test('Non-existing email (forced auth_method)', async () => {
|
test('Non-existing email (forced auth_method)', async () => {
|
||||||
|
Loading…
Reference in New Issue
Block a user