mirror of
https://github.com/NodeBB/NodeBB.git
synced 2025-11-03 04:25:55 +01:00
tests for login
This commit is contained in:
Barış Soner Uşaklı
@@ -7,8 +7,37 @@ var request = require('request');
|
||||
|
||||
var db = require('./mocks/databasemock');
|
||||
var user = require('../src/user');
|
||||
var meta = require('../src/meta');
|
||||
|
||||
describe('authentication', function () {
|
||||
function loginUser(username, password, callback) {
|
||||
var jar = request.jar();
|
||||
request({
|
||||
url: nconf.get('url') + '/api/config',
|
||||
json: true,
|
||||
jar: jar,
|
||||
}, function (err, response, body) {
|
||||
if (err) {
|
||||
return callback(err);
|
||||
}
|
||||
|
||||
request.post(nconf.get('url') + '/login', {
|
||||
form: {
|
||||
username: username,
|
||||
password: password,
|
||||
},
|
||||
json: true,
|
||||
jar: jar,
|
||||
headers: {
|
||||
'x-csrf-token': body.csrf_token,
|
||||
},
|
||||
}, function (err, response, body) {
|
||||
callback(err, response, body, jar);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
var jar = request.jar();
|
||||
var regularUid;
|
||||
before(function (done) {
|
||||
@@ -89,43 +118,24 @@ describe('authentication', function () {
|
||||
});
|
||||
|
||||
it('should login a user', function (done) {
|
||||
var jar = request.jar();
|
||||
request({
|
||||
url: nconf.get('url') + '/api/config',
|
||||
json: true,
|
||||
jar: jar,
|
||||
}, function (err, response, body) {
|
||||
loginUser('regular', 'regularpwd', function (err, response, body, jar) {
|
||||
assert.ifError(err);
|
||||
assert(body);
|
||||
|
||||
request.post(nconf.get('url') + '/login', {
|
||||
form: {
|
||||
username: 'regular',
|
||||
password: 'regularpwd',
|
||||
},
|
||||
request({
|
||||
url: nconf.get('url') + '/api/me',
|
||||
json: true,
|
||||
jar: jar,
|
||||
headers: {
|
||||
'x-csrf-token': body.csrf_token,
|
||||
},
|
||||
}, function (err, response, body) {
|
||||
assert.ifError(err);
|
||||
assert(body);
|
||||
|
||||
request({
|
||||
url: nconf.get('url') + '/api/me',
|
||||
json: true,
|
||||
jar: jar,
|
||||
}, function (err, response, body) {
|
||||
assert.equal(body.username, 'regular');
|
||||
assert.equal(body.email, 'regular@nodebb.org');
|
||||
db.getObject('uid:' + regularUid + ':sessionUUID:sessionId', function (err, sessions) {
|
||||
assert.ifError(err);
|
||||
assert(body);
|
||||
assert.equal(body.username, 'regular');
|
||||
assert.equal(body.email, 'regular@nodebb.org');
|
||||
db.getObject('uid:' + regularUid + ':sessionUUID:sessionId', function (err, sessions) {
|
||||
assert.ifError(err);
|
||||
assert(sessions);
|
||||
assert(Object.keys(sessions).length > 0);
|
||||
done();
|
||||
});
|
||||
assert(sessions);
|
||||
assert(Object.keys(sessions).length > 0);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -148,33 +158,65 @@ describe('authentication', function () {
|
||||
});
|
||||
|
||||
it('should fail to login if user does not exist', function (done) {
|
||||
var jar = request.jar();
|
||||
request({
|
||||
url: nconf.get('url') + '/api/config',
|
||||
json: true,
|
||||
jar: jar,
|
||||
}, function (err, response, body) {
|
||||
loginUser('doesnotexist', 'nopassword', function (err, response, body) {
|
||||
assert.ifError(err);
|
||||
|
||||
request.post(nconf.get('url') + '/login', {
|
||||
form: {
|
||||
username: 'doesnotexist',
|
||||
password: 'nopassword',
|
||||
},
|
||||
json: true,
|
||||
jar: jar,
|
||||
headers: {
|
||||
'x-csrf-token': body.csrf_token,
|
||||
},
|
||||
}, function (err, response, body) {
|
||||
assert.ifError(err);
|
||||
assert.equal(response.statusCode, 403);
|
||||
assert.equal(body, '[[error:invalid-login-credentials]]');
|
||||
done();
|
||||
});
|
||||
assert.equal(response.statusCode, 403);
|
||||
assert.equal(body, '[[error:invalid-login-credentials]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail to login if username is empty', function (done) {
|
||||
loginUser('', 'some password', function (err, response, body) {
|
||||
assert.ifError(err);
|
||||
assert.equal(response.statusCode, 403);
|
||||
assert.equal(body, '[[error:invalid-username-or-password]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail to login if password is empty', function (done) {
|
||||
loginUser('someuser', '', function (err, response, body) {
|
||||
assert.ifError(err);
|
||||
assert.equal(response.statusCode, 403);
|
||||
assert.equal(body, '[[error:invalid-username-or-password]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail to login if username and password are empty', function (done) {
|
||||
loginUser('', '', function (err, response, body) {
|
||||
assert.ifError(err);
|
||||
assert.equal(response.statusCode, 403);
|
||||
assert.equal(body, '[[error:invalid-username-or-password]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail to login if password is longer than 4096', function (done) {
|
||||
var longPassword;
|
||||
for (var i = 0; i < 5000; i++) {
|
||||
longPassword += 'a';
|
||||
}
|
||||
loginUser('someuser', longPassword, function (err, response, body) {
|
||||
assert.ifError(err);
|
||||
assert.equal(response.statusCode, 403);
|
||||
assert.equal(body, '[[error:password-too-long]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
it('should fail to login if local login is disabled', function (done) {
|
||||
meta.config.allowLocalLogin = 0;
|
||||
loginUser('someuser', 'somepass', function (err, response, body) {
|
||||
meta.config.allowLocalLogin = 1;
|
||||
assert.ifError(err);
|
||||
assert.equal(response.statusCode, 403);
|
||||
assert.equal(body, '[[error:local-login-disabled]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
after(function (done) {
|
||||
db.emptydb(done);
|
||||
|
||||
Reference in New Issue
Block a user