Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-02 20:16:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: banned-users group

Browse Source
This commit is contained in:
gasoved
2020-12-14 09:20:41 +03:00
committed by Julian Lam
parent 389690c3fa
commit 53e0d4d2e0
24 changed files with 350 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
test/authentication.js
View File

@@ -2,9 +2,10 @@
var assert = require('assert');
var async = require('async');
var nconf = require('nconf');
var request = require('request');
var async = require('async');
const util = require('util');
var db = require('./mocks/databasemock');
var user = require('../src/user');
@@ -40,6 +41,7 @@ describe('authentication', function () {
});
});
}
const loginUserPromisified = util.promisify(loginUser);
function registerUser(email, username, password, callback) {
var jar = request.jar();
@@ -453,21 +455,30 @@ describe('authentication', function () {
});
});
it('should prevent banned user from logging in', function (done) {
user.create({ username: 'banme', password: '123456', email: 'ban@me.com' }, function (err, uid) {
assert.ifError(err);
user.bans.ban(uid, 0, 'spammer', function (err) {
describe('banned user authentication', function () {
const bannedUser = {
username: 'banme',
pw: '123456',
uid: null,
};
before(async function () {
bannedUser.uid = await user.create({ username: 'banme', password: '123456', email: 'ban@me.com' });
});
it('should prevent banned user from logging in', function (done) {
user.bans.ban(bannedUser.uid, 0, 'spammer', function (err) {
assert.ifError(err);
loginUser('banme', '123456', function (err, res, body) {
loginUser(bannedUser.username, bannedUser.pw, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
assert.equal(body, '[[error:user-banned-reason, spammer]]');
user.bans.unban(uid, function (err) {
user.bans.unban(bannedUser.uid, function (err) {
assert.ifError(err);
var expiry = Date.now() + 10000;
user.bans.ban(uid, expiry, '', function (err) {
user.bans.ban(bannedUser.uid, expiry, '', function (err) {
assert.ifError(err);
loginUser('banme', '123456', function (err, res, body) {
loginUser(bannedUser.username, bannedUser.pw, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
assert.equal(body, '[[error:user-banned-reason-until, ' + utils.toISOString(expiry) + ', No reason given.]]');
@@ -478,6 +489,19 @@ describe('authentication', function () {
});
});
});
it('should allow banned user to log in if the "banned-users" group has "local-login" privilege', async function () {
await privileges.global.give(['groups:local:login'], 'banned-users');
const res = await loginUserPromisified(bannedUser.username, bannedUser.pw);
assert.strictEqual(res.statusCode, 200);
});
it('should allow banned user to log in if the user herself has "local-login" privilege', async function () {
await privileges.global.rescind(['groups:local:login'], 'banned-users');
await privileges.categories.give(['local:login'], 0, bannedUser.uid);
const res = await loginUserPromisified(bannedUser.username, bannedUser.pw);
assert.strictEqual(res.statusCode, 200);
});
});
it('should lockout account on 3 failed login attempts', function (done) {