Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-27 17:16:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
5d2a7106f60a1294fc6cc9c5fc58137a5ef5738a
NodeBB/test/authentication.js

507 lines
14 KiB
JavaScript
Raw Normal View History

more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
'use strict';
ESlint no-undef, remove global comments
2017-02-17 21:55:19 -07:00
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
var assert = require('assert');
var nconf = require('nconf');
var request = require('request');
test account lock
2017-05-23 22:47:40 -04:00
var async = require('async');
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
var db = require('./mocks/databasemock');
more test fixes
2016-10-16 21:51:42 +03:00
var user = require('../src/user');
tests for login
2017-05-23 15:37:32 -04:00
var meta = require('../src/meta');
closes #5642
2017-05-27 23:32:55 -04:00
var helpers = require('./helpers');
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
describe('authentication', function () {
tests for login
2017-05-23 15:37:32 -04:00
function loginUser(username, password, callback) {
var jar = request.jar();
request({
url: nconf.get('url') + '/api/config',
json: true,
jar: jar,
}, function (err, response, body) {
if (err) {
return callback(err);
}
request.post(nconf.get('url') + '/login', {
form: {
username: username,
password: password,
},
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
},
}, function (err, response, body) {
callback(err, response, body, jar);
});
});
}
more auth tests
2017-05-23 17:37:16 -04:00
function registerUser(email, username, password, callback) {
var jar = request.jar();
request({
url: nconf.get('url') + '/api/config',
json: true,
jar: jar,
}, function (err, response, body) {
if (err) {
return callback(err);
}
request.post(nconf.get('url') + '/register', {
form: {
email: email,
username: username,
password: password,
Squashed commit of the following: commit 9c86d9b2904e14927cd7e9679b92aec0951d1063 Merge: ebfa63a 5a7f811 Author: Julian Lam <julian@nodebb.org> Date: Thu Jul 20 08:41:39 2017 -0400 Merge branch 'noscript-login' of https://github.com/An-dz/NodeBB into noscript commit 5a7f81185e8f9bd7d2d011c3d495988be7e437a3 Author: André Zanghelini <an_dz@simutrans-forum> Date: Mon Jul 17 23:07:14 2017 -0300 Rename clashing variable 'next' commit ebfa63a984073a58c17aa408c363cdb03ef89985 Merge: c1801cd f159d0d Author: Julian Lam <julian@nodebb.org> Date: Mon Jul 17 16:30:40 2017 -0400 Merge branch 'noscript-logout' of https://github.com/An-dz/NodeBB into noscript commit c1801cda14e6363491e30b659902e2ae71f7e1f7 Merge: 7a5f9f3 9fd542d Author: Julian Lam <julian@nodebb.org> Date: Mon Jul 17 16:30:31 2017 -0400 Merge branch 'noscript-register' of https://github.com/An-dz/NodeBB into noscript commit 7a5f9f35abc834bb72ddddc9ca07d34f2fde8353 Merge: 44851f9 d37b95c Author: Julian Lam <julian@nodebb.org> Date: Mon Jul 17 16:30:10 2017 -0400 Merge branch 'noscript-compose' of https://github.com/An-dz/NodeBB into noscript commit f159d0d9ef1b7f600e830a96fdb4b9c87c79bb4a Author: André Zanghelini <an_dz@simutrans-forum> Date: Thu Jul 6 12:16:38 2017 -0300 Prevent form submit Required for theme change commit d37b95cb71d32d4483190609798e244c331db165 Author: André Zanghelini <an_dz@simutrans-forum> Date: Thu Jul 6 01:49:52 2017 -0300 Prevent link action with scripts Required for the theme change that changes the buttons to `a` tags. commit 9fd542d8970b7d1a4126f4edc4b44eab7d708fb0 Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 19:57:56 2017 -0300 Fix tests commit cdad5bf8c2891ad76f7441fd4d8a74b058a14e6d Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 19:09:17 2017 -0300 Update error handling commit 4ff11cd136a4fb98483f837e2cebc741380dfe76 Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 17:29:08 2017 -0300 Remove async waterfall commit df01d44e821a70c984b89e9585a325c3e02c6e37 Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 16:59:43 2017 -0300 Set noscript compose as noscript at start commit 4bcc380da72239b8315cc849a77a3036e06e4a12 Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 16:59:12 2017 -0300 Remove last useless next commit b5eac6fea11e209934c0648a7e75ad07a2167123 Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 18:35:08 2017 -0300 Last function requires no next commit 20a5cce6e6e32a454c304c448383707ec44c75a8 Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 18:06:58 2017 -0300 Remove more useless next calls commit 85ee22a79bcbbb1995106f43d4c74d6ba9206cab Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 17:46:07 2017 -0300 Remove useless next calls commit 7d984c47ad24faac1fe537dee4a5a7d697e8634c Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 15:45:31 2017 -0300 Support old themes commit 4a09dfbd08253115c342a9e829c4e6940cecb8cc Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 15:37:23 2017 -0300 Moved all error handling into helpers function commit 391aa6e67ef9ab67304005e14ac0633cdb630713 Author: André Zanghelini <an_dz@simutrans-forum> Date: Thu Jun 8 15:37:37 2017 -0300 ESLint - Fix mixed conditionals commit 80ccc6fd581d791f31e7ab62de8de611837bfc3c Author: André Zanghelini <an_dz@simutrans-forum> Date: Sat Jun 3 18:08:15 2017 -0300 Compose without scripts commit 2aca811256721238ca0cede4954213d369009885 Author: André Zanghelini <an_dz@simutrans-forum> Date: Sat Jun 3 18:00:44 2017 -0300 Register without scripts commit 097bb51577fb26f8e22f86dc274cb670ab606a8a Author: André Zanghelini <an_dz@simutrans-forum> Date: Sat Jun 3 16:42:15 2017 -0300 Logout without scripts commit d497e08109891079656fee1c145043a9c0e55f2e Author: André Zanghelini <an_dz@simutrans-forum> Date: Sat Jun 3 16:27:10 2017 -0300 Login without script
2017-07-20 08:51:04 -04:00
'password-confirm': password,
more auth tests
2017-05-23 17:37:16 -04:00
},
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
},
}, function (err, response, body) {
callback(err, response, body, jar);
});
});
}
tests for login
2017-05-23 15:37:32 -04:00
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
var jar = request.jar();
closes #4544
2016-12-15 14:47:42 +03:00
var regularUid;
fix eslint errors
2016-10-16 17:42:14 +03:00
before(function (done) {
ESlint object-curly-spacing
2017-02-18 12:30:49 -07:00
user.create({ username: 'regular', password: 'regularpwd', email: 'regular@nodebb.org' }, function (err, uid) {
fix eslint errors
2016-10-16 17:42:14 +03:00
assert.ifError(err);
closes #4544
2016-12-15 14:47:42 +03:00
regularUid = uid;
try require from root
2016-10-16 17:36:24 +03:00
done();
});
});
closes #5907
2017-09-01 18:40:34 -04:00
it('should fail to create user if username is too short', function (done) {
helpers.registerUser({
username: 'a',
password: '123456',
'password-confirm': '123456',
email: 'should@error1.com',
}, function (err, jar, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
done();
});
});
it('should fail to create user if userslug is too short', function (done) {
helpers.registerUser({
username: '----a-----',
password: '123456',
'password-confirm': '123456',
email: 'should@error2.com',
}, function (err, jar, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
done();
});
});
it('should fail to create user if userslug is too short', function (done) {
helpers.registerUser({
username: ' a',
password: '123456',
'password-confirm': '123456',
email: 'should@error3.com',
}, function (err, jar, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
done();
});
});
it('should fail to create user if userslug is too short', function (done) {
helpers.registerUser({
username: 'a ',
password: '123456',
'password-confirm': '123456',
email: 'should@error4.com',
}, function (err, jar, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
done();
});
});
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
it('should register and login a user', function (done) {
request({
url: nconf.get('url') + '/api/config',
json: true,
ESlint comma-dangle
2017-02-17 19:31:21 -07:00
jar: jar,
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
}, function (err, response, body) {
assert.ifError(err);
request.post(nconf.get('url') + '/register', {
form: {
email: 'admin@nodebb.org',
username: 'admin',
password: 'adminpwd',
Squashed commit of the following: commit 9c86d9b2904e14927cd7e9679b92aec0951d1063 Merge: ebfa63a 5a7f811 Author: Julian Lam <julian@nodebb.org> Date: Thu Jul 20 08:41:39 2017 -0400 Merge branch 'noscript-login' of https://github.com/An-dz/NodeBB into noscript commit 5a7f81185e8f9bd7d2d011c3d495988be7e437a3 Author: André Zanghelini <an_dz@simutrans-forum> Date: Mon Jul 17 23:07:14 2017 -0300 Rename clashing variable 'next' commit ebfa63a984073a58c17aa408c363cdb03ef89985 Merge: c1801cd f159d0d Author: Julian Lam <julian@nodebb.org> Date: Mon Jul 17 16:30:40 2017 -0400 Merge branch 'noscript-logout' of https://github.com/An-dz/NodeBB into noscript commit c1801cda14e6363491e30b659902e2ae71f7e1f7 Merge: 7a5f9f3 9fd542d Author: Julian Lam <julian@nodebb.org> Date: Mon Jul 17 16:30:31 2017 -0400 Merge branch 'noscript-register' of https://github.com/An-dz/NodeBB into noscript commit 7a5f9f35abc834bb72ddddc9ca07d34f2fde8353 Merge: 44851f9 d37b95c Author: Julian Lam <julian@nodebb.org> Date: Mon Jul 17 16:30:10 2017 -0400 Merge branch 'noscript-compose' of https://github.com/An-dz/NodeBB into noscript commit f159d0d9ef1b7f600e830a96fdb4b9c87c79bb4a Author: André Zanghelini <an_dz@simutrans-forum> Date: Thu Jul 6 12:16:38 2017 -0300 Prevent form submit Required for theme change commit d37b95cb71d32d4483190609798e244c331db165 Author: André Zanghelini <an_dz@simutrans-forum> Date: Thu Jul 6 01:49:52 2017 -0300 Prevent link action with scripts Required for the theme change that changes the buttons to `a` tags. commit 9fd542d8970b7d1a4126f4edc4b44eab7d708fb0 Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 19:57:56 2017 -0300 Fix tests commit cdad5bf8c2891ad76f7441fd4d8a74b058a14e6d Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 19:09:17 2017 -0300 Update error handling commit 4ff11cd136a4fb98483f837e2cebc741380dfe76 Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 17:29:08 2017 -0300 Remove async waterfall commit df01d44e821a70c984b89e9585a325c3e02c6e37 Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 16:59:43 2017 -0300 Set noscript compose as noscript at start commit 4bcc380da72239b8315cc849a77a3036e06e4a12 Author: André Zanghelini <an_dz@simutrans-forum> Date: Wed Jul 5 16:59:12 2017 -0300 Remove last useless next commit b5eac6fea11e209934c0648a7e75ad07a2167123 Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 18:35:08 2017 -0300 Last function requires no next commit 20a5cce6e6e32a454c304c448383707ec44c75a8 Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 18:06:58 2017 -0300 Remove more useless next calls commit 85ee22a79bcbbb1995106f43d4c74d6ba9206cab Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 17:46:07 2017 -0300 Remove useless next calls commit 7d984c47ad24faac1fe537dee4a5a7d697e8634c Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 15:45:31 2017 -0300 Support old themes commit 4a09dfbd08253115c342a9e829c4e6940cecb8cc Author: André Zanghelini <an_dz@simutrans-forum> Date: Sun Jul 2 15:37:23 2017 -0300 Moved all error handling into helpers function commit 391aa6e67ef9ab67304005e14ac0633cdb630713 Author: André Zanghelini <an_dz@simutrans-forum> Date: Thu Jun 8 15:37:37 2017 -0300 ESLint - Fix mixed conditionals commit 80ccc6fd581d791f31e7ab62de8de611837bfc3c Author: André Zanghelini <an_dz@simutrans-forum> Date: Sat Jun 3 18:08:15 2017 -0300 Compose without scripts commit 2aca811256721238ca0cede4954213d369009885 Author: André Zanghelini <an_dz@simutrans-forum> Date: Sat Jun 3 18:00:44 2017 -0300 Register without scripts commit 097bb51577fb26f8e22f86dc274cb670ab606a8a Author: André Zanghelini <an_dz@simutrans-forum> Date: Sat Jun 3 16:42:15 2017 -0300 Logout without scripts commit d497e08109891079656fee1c145043a9c0e55f2e Author: André Zanghelini <an_dz@simutrans-forum> Date: Sat Jun 3 16:27:10 2017 -0300 Login without script
2017-07-20 08:51:04 -04:00
'password-confirm': 'adminpwd',
more auth tests
2017-05-23 22:09:25 -04:00
userLang: 'it',
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
},
json: true,
jar: jar,
headers: {
ESlint comma-dangle
2017-02-17 19:31:21 -07:00
'x-csrf-token': body.csrf_token,
},
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
}, function (err, response, body) {
assert.ifError(err);
assert(body);
request({
url: nconf.get('url') + '/api/me',
json: true,
ESlint comma-dangle
2017-02-17 19:31:21 -07:00
jar: jar,
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
}, function (err, response, body) {
assert.ifError(err);
assert(body);
assert.equal(body.username, 'admin');
assert.equal(body.email, 'admin@nodebb.org');
more auth tests
2017-05-23 22:09:25 -04:00
user.getSettings(body.uid, function (err, settings) {
assert.ifError(err);
assert.equal(settings.userLang, 'it');
done();
});
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
});
});
});
});
it('should logout a user', function (done) {
closes #5642
2017-05-27 23:32:55 -04:00
helpers.logoutUser(jar, function (err) {
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
assert.ifError(err);
closes #5642
2017-05-27 23:32:55 -04:00
request({
url: nconf.get('url') + '/api/me',
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
json: true,
jar: jar,
Add `/me*` route which redirects to `/user/[userslug]*` (#6063) * Add `/me*` route which redirects to the current user's information - `/me` -> `/user/[usertslug]` - `/me/bookmarks` -> `/user/[userslug]/bookmarks` - `/me/settings` -> `/user/[userslug]/settings` etc * Add tests for `/me/*`
2017-11-16 15:38:26 -07:00
}, function (err, res, body) {
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
assert.ifError(err);
Add `/me*` route which redirects to `/user/[userslug]*` (#6063) * Add `/me*` route which redirects to the current user's information - `/me` -> `/user/[usertslug]` - `/me/bookmarks` -> `/user/[userslug]/bookmarks` - `/me/settings` -> `/user/[userslug]/settings` etc * Add tests for `/me/*`
2017-11-16 15:38:26 -07:00
assert.equal(res.statusCode, 401);
closes #5642
2017-05-27 23:32:55 -04:00
assert.equal(body, 'not-authorized');
done();
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
});
});
});
it('should login a user', function (done) {
tests for login
2017-05-23 15:37:32 -04:00
loginUser('regular', 'regularpwd', function (err, response, body, jar) {
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
assert.ifError(err);
tests for login
2017-05-23 15:37:32 -04:00
assert(body);
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
tests for login
2017-05-23 15:37:32 -04:00
request({
url: nconf.get('url') + '/api/me',
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
json: true,
jar: jar,
}, function (err, response, body) {
assert.ifError(err);
assert(body);
tests for login
2017-05-23 15:37:32 -04:00
assert.equal(body.username, 'regular');
assert.equal(body.email, 'regular@nodebb.org');
db.getObject('uid:' + regularUid + ':sessionUUID:sessionId', function (err, sessions) {
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
assert.ifError(err);
tests for login
2017-05-23 15:37:32 -04:00
assert(sessions);
assert(Object.keys(sessions).length > 0);
done();
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
});
});
});
});
closes #4544
2016-12-15 14:47:42 +03:00
it('should revoke all sessions', function (done) {
var socketAdmin = require('../src/socket.io/admin');
db.sortedSetCard('uid:' + regularUid + ':sessions', function (err, count) {
assert.ifError(err);
assert(count);
ESlint object-curly-spacing
2017-02-18 12:30:49 -07:00
socketAdmin.deleteAllSessions({ uid: 1 }, {}, function (err) {
closes #4544
2016-12-15 14:47:42 +03:00
assert.ifError(err);
db.sortedSetCard('uid:' + regularUid + ':sessions', function (err, count) {
assert.ifError(err);
assert(!count);
done();
});
});
});
});
dont allow login with invalid ip, escape ip display on user/info page
2017-11-30 14:24:13 -05:00
it('should fail to login if ip address if invalid', function (done) {
var jar = request.jar();
request({
url: nconf.get('url') + '/api/config',
json: true,
jar: jar,
}, function (err, response, body) {
if (err) {
return done(err);
}
request.post(nconf.get('url') + '/login', {
form: {
username: 'regular',
password: 'regularpwd',
},
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
'x-forwarded-for': '<script>alert("xss")</script>',
},
}, function (err, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 500);
done();
});
});
});
test login for non-existant user
2017-05-19 16:18:18 -04:00
it('should fail to login if user does not exist', function (done) {
tests for login
2017-05-23 15:37:32 -04:00
loginUser('doesnotexist', 'nopassword', function (err, response, body) {
test login for non-existant user
2017-05-19 16:18:18 -04:00
assert.ifError(err);
tests for login
2017-05-23 15:37:32 -04:00
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-login-credentials]]');
done();
});
});
test login for non-existant user
2017-05-19 16:18:18 -04:00
tests for login
2017-05-23 15:37:32 -04:00
it('should fail to login if username is empty', function (done) {
loginUser('', 'some password', function (err, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-username-or-password]]');
done();
test login for non-existant user
2017-05-19 16:18:18 -04:00
});
});
tests for login
2017-05-23 15:37:32 -04:00
it('should fail to login if password is empty', function (done) {
loginUser('someuser', '', function (err, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-username-or-password]]');
done();
});
});
it('should fail to login if username and password are empty', function (done) {
loginUser('', '', function (err, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-username-or-password]]');
done();
});
});
it('should fail to login if password is longer than 4096', function (done) {
var longPassword;
for (var i = 0; i < 5000; i++) {
longPassword += 'a';
}
loginUser('someuser', longPassword, function (err, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:password-too-long]]');
done();
});
});
it('should fail to login if local login is disabled', function (done) {
meta.config.allowLocalLogin = 0;
loginUser('someuser', 'somepass', function (err, response, body) {
meta.config.allowLocalLogin = 1;
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:local-login-disabled]]');
done();
});
});
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
more auth tests
2017-05-23 17:37:16 -04:00
it('should fail to register if registraton is disabled', function (done) {
meta.config.registrationType = 'disabled';
registerUser('some@user.com', 'someuser', 'somepassword', function (err, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, 'Forbidden');
done();
});
});
it('should return error if invitation is not valid', function (done) {
meta.config.registrationType = 'invite-only';
registerUser('some@user.com', 'someuser', 'somepassword', function (err, response, body) {
meta.config.registrationType = 'normal';
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:invalid-data]]');
done();
});
});
it('should fail to register if email is falsy', function (done) {
registerUser('', 'someuser', 'somepassword', function (err, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:invalid-email]]');
done();
});
});
it('should fail to register if username is falsy or too short', function (done) {
registerUser('some@user.com', '', 'somepassword', function (err, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
registerUser('some@user.com', 'a', 'somepassword', function (err, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
done();
});
});
});
it('should fail to register if username is too long', function (done) {
registerUser('some@user.com', 'thisisareallylongusername', '123456', function (err, response, body) {
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-long]]');
done();
});
});
more auth tests
2017-05-23 22:09:25 -04:00
it('should queue user if ip is used before', function (done) {
meta.config.registrationType = 'admin-approval-ip';
registerUser('another@user.com', 'anotheruser', 'anotherpwd', function (err, response, body) {
meta.config.registrationType = 'normal';
assert.ifError(err);
assert.equal(response.statusCode, 200);
assert.equal(body.message, '[[register:registration-added-to-queue]]');
done();
});
});
it('should be able to login with email', function (done) {
closes #5642
2017-05-27 23:32:55 -04:00
user.create({ username: 'ginger', password: '123456', email: 'ginger@nodebb.org' }, function (err) {
more auth tests
2017-05-23 22:09:25 -04:00
assert.ifError(err);
closes #5642
2017-05-27 23:32:55 -04:00
loginUser('ginger@nodebb.org', '123456', function (err, response) {
more auth tests
2017-05-23 22:09:25 -04:00
assert.ifError(err);
assert.equal(response.statusCode, 200);
done();
});
});
});
it('should fail to login if login type is username and an email is sent', function (done) {
meta.config.allowLoginWith = 'username';
loginUser('ginger@nodebb.org', '123456', function (err, response, body) {
meta.config.allowLoginWith = 'username-email';
assert.ifError(err);
assert.equal(response.statusCode, 500);
assert.equal(body, '[[error:wrong-login-type-username]]');
done();
});
});
it('should send 200 if not logged in', function (done) {
var jar = request.jar();
request({
url: nconf.get('url') + '/api/config',
json: true,
jar: jar,
}, function (err, response, body) {
assert.ifError(err);
request.post(nconf.get('url') + '/logout', {
form: {},
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
},
}, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 200);
assert.equal(body, 'not-logged-in');
done();
});
});
});
it('should prevent banned user from logging in', function (done) {
user.create({ username: 'banme', password: '123456', email: 'ban@me.com' }, function (err, uid) {
assert.ifError(err);
user.ban(uid, 0, 'spammer', function (err) {
assert.ifError(err);
loginUser('banme', '123456', function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
assert.equal(body, '[[error:user-banned-reason, spammer]]');
user.unban(uid, function (err) {
assert.ifError(err);
var expiry = Date.now() + 10000;
user.ban(uid, expiry, '', function (err) {
assert.ifError(err);
loginUser('banme', '123456', function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
assert.equal(body, '[[error:user-banned-reason-until, ' + (new Date(parseInt(expiry, 10)).toString()) + ', No reason given.]]');
done();
});
});
});
});
});
});
});
test account lock
2017-05-23 22:47:40 -04:00
it('should lockout account on 3 failed login attempts', function (done) {
meta.config.loginAttempts = 3;
var uid;
async.waterfall([
function (next) {
user.create({ username: 'lockme', password: '123456' }, next);
},
function (_uid, next) {
uid = _uid;
loginUser('lockme', 'abcdef', next);
},
function (res, body, jar, next) {
loginUser('lockme', 'abcdef', next);
},
function (res, body, jar, next) {
loginUser('lockme', 'abcdef', next);
},
function (res, body, jar, next) {
loginUser('lockme', 'abcdef', next);
},
function (res, body, jar, next) {
meta.config.loginAttempts = 5;
test login after lock
2017-05-23 23:03:40 -04:00
assert.equal(res.statusCode, 403);
assert.equal(body, '[[error:account-locked]]');
loginUser('lockme', 'abcdef', next);
},
function (res, body, jar, next) {
test account lock
2017-05-23 22:47:40 -04:00
assert.equal(res.statusCode, 403);
assert.equal(body, '[[error:account-locked]]');
db.exists('lockout:' + uid, next);
},
function (locked, next) {
assert(locked);
next();
},
], done);
});
more tests register/login/logout tests ability to test socket.io emits for logged in users
2016-10-16 16:43:38 +03:00
});
Reference in New Issue Copy Permalink