Authentication tests: add authenticate with username and password tests

This commit is contained in:
Alice Gaudon 2020-11-15 15:51:14 +01:00
parent 35129cd4f1
commit a5ee9922ec

View File

@ -10,6 +10,7 @@ import UserNameComponent from "../src/auth/models/UserNameComponent";
import UserPasswordComponent from "../src/auth/password/UserPasswordComponent"; import UserPasswordComponent from "../src/auth/password/UserPasswordComponent";
import {popEmail} from "./_mail_server"; import {popEmail} from "./_mail_server";
import AuthComponent from "../src/auth/AuthComponent"; import AuthComponent from "../src/auth/AuthComponent";
import {log} from "../src/Logger";
let app: TestApp; let app: TestApp;
useApp(async (addr, port) => { useApp(async (addr, port) => {
@ -55,6 +56,20 @@ async function followMagicLinkFromMail(cookies: string[]): Promise<void> {
.expect('Location', '/'); .expect('Location', '/');
} }
async function testLogout(cookies: string[], csrf: string): Promise<void> {
// Authenticated
await agent.get('/is-auth').set('Cookie', cookies).expect(200);
// Logout
await agent.post('/auth/logout')
.set('Cookie', cookies)
.send({csrf: csrf})
.expect(302);
// Not authenticated
await agent.get('/is-auth').set('Cookie', cookies).expect(401);
}
let agent: supertest.SuperTest<supertest.Test>; let agent: supertest.SuperTest<supertest.Test>;
beforeAll(() => { beforeAll(() => {
@ -305,7 +320,163 @@ describe('Register with email (magic_link)', () => {
}); });
}); });
describe('Authenticating with email (magic_link)', () => { describe('Authenticate with username and password', () => {
test('Force auth_method', async () => {
let res = await agent.get('/csrf').expect(200);
const cookies = res.get('Set-Cookie');
const csrf = res.text;
// Not authenticated
await agent.get('/is-auth').set('Cookie', cookies).expect(401);
// Bad password
res = await agent.post('/auth/login')
.set('Cookie', cookies)
.send({
csrf: csrf,
identifier: 'entrapta',
password: 'darla_is_not_cute',
auth_method: 'password',
})
.expect(400);
expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
// Authenticate
await agent.post('/auth/login')
.set('Cookie', cookies)
.send({
csrf: csrf,
identifier: 'entrapta',
password: 'darla_is_cute',
auth_method: 'password',
})
.expect(302)
.expect('Location', '/');
await testLogout(cookies, csrf);
});
test('Automatic auth_method', async () => {
let res = await agent.get('/csrf').expect(200);
const cookies = res.get('Set-Cookie');
const csrf = res.text;
// Not authenticated
await agent.get('/is-auth').set('Cookie', cookies).expect(401);
// Bad password
res = await agent.post('/auth/login')
.set('Cookie', cookies)
.send({
csrf: csrf,
identifier: 'entrapta',
password: 'darla_is_not_cute',
})
.expect(400);
expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
// Authenticate
await agent.post('/auth/login')
.set('Cookie', cookies)
.send({
csrf: csrf,
identifier: 'entrapta',
password: 'darla_is_cute',
})
.expect(302)
.expect('Location', '/');
await testLogout(cookies, csrf);
});
test('Non-existing username', async () => {
let res = await agent.get('/csrf').expect(200);
const cookies = res.get('Set-Cookie');
const csrf = res.text;
// Not authenticated
await agent.get('/is-auth').set('Cookie', cookies).expect(401);
// Authenticate
res = await agent.post('/auth/login')
.set('Cookie', cookies)
.send({
csrf: csrf,
identifier: 'i_do_not_exist',
password: 'there_is_no_point',
auth_method: 'password',
})
.expect(400);
expect(res.body.messages?.identifier?.name).toStrictEqual('UnknownRelationValidationError');
// Authenticate (automatic method)
res = await agent.post('/auth/login')
.set('Cookie', cookies)
.send({
csrf: csrf,
identifier: 'i_do_not_exist',
password: 'there_is_no_point',
auth_method: 'password',
})
.expect(400);
expect(res.body.messages?.identifier?.name).toStrictEqual('UnknownRelationValidationError');
});
test('No password user', async () => {
let res = await agent.get('/csrf').expect(200);
const cookies = res.get('Set-Cookie');
const csrf = res.text;
// Not authenticated
await agent.get('/is-auth').set('Cookie', cookies).expect(401);
// Authenticate
res = await agent.post('/auth/login')
.set('Cookie', cookies)
.send({
csrf: csrf,
identifier: 'glimmer',
password: '',
auth_method: 'password',
})
.expect(400);
expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
// Authenticate (automatic method)
res = await agent.post('/auth/login')
.set('Cookie', cookies)
.send({
csrf: csrf,
identifier: 'glimmer',
password: '',
})
.expect(400);
expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
// Authenticate without password
res = await agent.post('/auth/login')
.set('Cookie', cookies)
.send({
csrf: csrf,
identifier: 'angella',
auth_method: 'password',
})
.expect(400);
expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
// Authenticate without password (automatic method)
res = await agent.post('/auth/login')
.set('Cookie', cookies)
.send({
csrf: csrf,
identifier: 'angella',
})
.expect(400);
expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
});
});
describe('Authenticate with email (magic_link)', () => {
test('Force auth_method', async () => { test('Force auth_method', async () => {
const res = await agent.get('/csrf').expect(200); const res = await agent.get('/csrf').expect(200);
const cookies = res.get('Set-Cookie'); const cookies = res.get('Set-Cookie');
@ -327,17 +498,7 @@ describe('Authenticating with email (magic_link)', () => {
await followMagicLinkFromMail(cookies); await followMagicLinkFromMail(cookies);
// Authenticated await testLogout(cookies, csrf);
await agent.get('/is-auth').set('Cookie', cookies).expect(200);
// Logout
await agent.post('/auth/logout')
.set('Cookie', cookies)
.send({csrf: csrf})
.expect(302);
// Not authenticated
await agent.get('/is-auth').set('Cookie', cookies).expect(401);
}); });
test('Automatic auth_method', async () => { test('Automatic auth_method', async () => {
@ -360,17 +521,7 @@ describe('Authenticating with email (magic_link)', () => {
await followMagicLinkFromMail(cookies); await followMagicLinkFromMail(cookies);
// Authenticated await testLogout(cookies, csrf);
await agent.get('/is-auth').set('Cookie', cookies).expect(200);
// Logout
await agent.post('/auth/logout')
.set('Cookie', cookies)
.send({csrf: csrf})
.expect(302);
// Not authenticated
await agent.get('/is-auth').set('Cookie', cookies).expect(401);
}); });
test('Non-existing email (forced auth_method)', async () => { test('Non-existing email (forced auth_method)', async () => {