budibase/packages/server/tests/authenticate.js

const statusCodes = require("../utilities/statusCodes");
const { readFile } = require("fs-extra");
const { timeout } = require("./helpers");

module.exports = (app, appName, userName) => {

    const credentials = app.credentials[userName];

    it("should return unauthorized if username is incorrect", async () => {
        await app.post(`/${appName}/api/authenticate`, {
            username: "unknownuser",
            password: credentials.password
        })
        .expect(statusCodes.UNAUTHORIZED); 
    })

    it("should return unauthorized if password is incorrect", async () => {
        await app.post(`/${appName}/api/authenticate`, {
            username: credentials.username,
            password: "incorrect_password"
        })
        .expect(statusCodes.UNAUTHORIZED); 
    })

    it("should not get cookie when unauthorized", async () => {
        const response = await app.post(`/${appName}/api/authenticate`, {
            username: credentials.username,
            password: "incorrect_password"
        });
        
        expect(response.header['set-cookie']).toBeUndefined();

    });

    it("should return ok correct username and password supplied", async () => {

        const response = await app.post(`/${appName}/api/authenticate`, {
            username: credentials.username,
            password: credentials.password
        })
        .expect(statusCodes.OK);

        credentials.cookie = response.header['set-cookie'];
    });

    const testUserName = appName + "_test_user";
    let testPassword = "test_user_password";
    it("should be able to create new user with authenticated cookie", async () => {
                
        await app.post(`/${appName}/api/createUser`, {
            user: {
                name: testUserName, 
                accessLevels:["owner"], 
                enabled:true
            },
            password: testPassword
        })
        .set("cookie", credentials.cookie)
        .expect(statusCodes.OK);

        
    });

    let newUserCookie;
    it("should be able to authenticate with new user", async () => {

        const responseNewUser = await app.post(`/${appName}/api/authenticate`, {
            username: testUserName,
            password: testPassword
        })
        .expect(statusCodes.OK);
        
        newUserCookie = responseNewUser.header['set-cookie'];

        expect(newUserCookie).toBeDefined();
        expect(newUserCookie).not.toEqual(credentials.cookie);

        app.get("/_master/api/users/")
        .set("cookie", newUserCookie)
        .expect(statusCodes.OK);
    });

    it("should not be able to perform requests when user is disabled", async () => {

        //HERE
        await app.post(`/${appName}/api/disableUser`, {
            username: testUserName
        })
        .set("cookie", credentials.cookie)
        .expect(statusCodes.OK);

        await app.get(`/${appName}/api/users`)
            .set("cookie", newUserCookie)
            .expect(statusCodes.UNAUTHORIZED);

        await app.post(`/${appName}/api/authenticate`, {
            username: testUserName,
            password: testPassword
        })
        .expect(statusCodes.UNAUTHORIZED);

    });

    it("should not be able to re-authenticate when user is disabled", async () => {
        await app.post(`/${appName}/api/authenticate`, {
            username: testUserName,
            password: testPassword
        })
        .expect(statusCodes.UNAUTHORIZED);
    });

    it("should be able with re-authenticate when user is enabled again", async () => {

        await app.post(`/${appName}/api/enableUser`, {
            username: testUserName
        })
        .set("cookie", credentials.cookie)
        .expect(statusCodes.OK);

        await app.post(`/${appName}/api/authenticate`, {
            username: testUserName,
            password: testPassword
        })
        .expect(statusCodes.OK);
    });

    let testUserTempCode;
    it("should be able to reset password with temporary access", async () => {

        await app.post(`/${appName}/api/createTemporaryAccess`, {
            username: testUserName
        })
        .expect(statusCodes.OK);

        testPassword = "test_user_new_password";

        // the behaviour that creates the below file is async,
        /// to this timeout is giving it a change to work its magic        
        await timeout(10);

        const testUserTempCode = await readFile(`./tests/.data/tempaccess${testUserName}`, "utf8");
    
        await app.post(`/${appName}/api/setPasswordFromTemporaryCode`, {
            username: testUserName,
            tempCode:testUserTempCode,
            newPassword:testPassword
        })
        .expect(statusCodes.OK);

        await app.post(`/${appName}/api/authenticate`, {
            username: testUserName,
            password: testPassword
        })
        .expect(statusCodes.OK);

        

    });

    it("should not be able to set password with used temp code", async () => {
      
        await app.post(`/${appName}/api/setPasswordFromTemporaryCode`, {
            username: testUserName,
            tempCode:testUserTempCode,
            newPassword:"whatever"
        })
        .expect(statusCodes.OK);

        await app.post(`/${appName}/api/authenticate`, {
            username: testUserName,
            password: "whatever"
        })
        .expect(statusCodes.UNAUTHORIZED);

        await app.post(`/${appName}/api/authenticate`, {
            username: testUserName,
            password: testPassword
        })
        .expect(statusCodes.OK);

    });
};
authentication tests 2019-06-15 04:01:01 +12:00			`const statusCodes = require("../utilities/statusCodes");`
derived components endpoints 2019-07-27 04:08:59 +12:00			`const { readFile } = require("fs-extra");`
creating new apps ... 2019-06-29 09:59:27 +12:00			`const { timeout } = require("./helpers");`
authentication tests 2019-06-15 04:01:01 +12:00
testing 2 instances work seperately 2019-07-11 20:43:47 +12:00			`module.exports = (app, appName, userName) => {`
work on app instances 2019-07-07 20:03:37 +12:00
testing 2 instances work seperately 2019-07-11 20:43:47 +12:00			`const credentials = app.credentials[userName];`
authentication tests 2019-06-15 04:01:01 +12:00
			`it("should return unauthorized if username is incorrect", async () => {`
work on app instances 2019-07-07 20:03:37 +12:00			await app.post(`/${appName}/api/authenticate`, {
authentication tests 2019-06-15 04:01:01 +12:00			`username: "unknownuser",`
work on app instances 2019-07-07 20:03:37 +12:00			`password: credentials.password`
authentication tests 2019-06-15 04:01:01 +12:00			`})`
			`.expect(statusCodes.UNAUTHORIZED);`
			`})`

			`it("should return unauthorized if password is incorrect", async () => {`
work on app instances 2019-07-07 20:03:37 +12:00			await app.post(`/${appName}/api/authenticate`, {
			`username: credentials.username,`
authentication tests 2019-06-15 04:01:01 +12:00			`password: "incorrect_password"`
			`})`
			`.expect(statusCodes.UNAUTHORIZED);`
			`})`

			`it("should not get cookie when unauthorized", async () => {`
work on app instances 2019-07-07 20:03:37 +12:00			const response = await app.post(`/${appName}/api/authenticate`, {
			`username: credentials.username,`
authentication tests 2019-06-15 04:01:01 +12:00			`password: "incorrect_password"`
			`});`

			`expect(response.header['set-cookie']).toBeUndefined();`

			`});`

more session testing 2019-06-15 10:03:01 +12:00			`it("should return ok correct username and password supplied", async () => {`

work on app instances 2019-07-07 20:03:37 +12:00			const response = await app.post(`/${appName}/api/authenticate`, {
			`username: credentials.username,`
			`password: credentials.password`
more session testing 2019-06-15 10:03:01 +12:00			`})`
			`.expect(statusCodes.OK);`

work on app instances 2019-07-07 20:03:37 +12:00			`credentials.cookie = response.header['set-cookie'];`
more session testing 2019-06-15 10:03:01 +12:00			`});`

work on app instances 2019-07-07 20:03:37 +12:00			`const testUserName = appName + "_test_user";`
add plugins to master app 2019-06-26 09:48:22 +12:00			`let testPassword = "test_user_password";`
more session testing 2019-06-15 10:03:01 +12:00			`it("should be able to create new user with authenticated cookie", async () => {`

work on app instances 2019-07-07 20:03:37 +12:00			await app.post(`/${appName}/api/createUser`, {
authentication tests 2019-06-15 04:01:01 +12:00			`user: {`
more session testing 2019-06-15 10:03:01 +12:00			`name: testUserName,`
authentication tests 2019-06-15 04:01:01 +12:00			`accessLevels:["owner"],`
			`enabled:true`
			`},`
more session testing 2019-06-15 10:03:01 +12:00			`password: testPassword`
authentication tests 2019-06-15 04:01:01 +12:00			`})`
work on app instances 2019-07-07 20:03:37 +12:00			`.set("cookie", credentials.cookie)`
authentication tests 2019-06-15 04:01:01 +12:00			`.expect(statusCodes.OK);`

more session testing 2019-06-15 10:03:01 +12:00
			`});`

			`let newUserCookie;`
			`it("should be able to authenticate with new user", async () => {`

work on app instances 2019-07-07 20:03:37 +12:00			const responseNewUser = await app.post(`/${appName}/api/authenticate`, {
more session testing 2019-06-15 10:03:01 +12:00			`username: testUserName,`
			`password: testPassword`
			`})`
			`.expect(statusCodes.OK);`
authentication tests 2019-06-15 04:01:01 +12:00
more session testing 2019-06-15 10:03:01 +12:00			`newUserCookie = responseNewUser.header['set-cookie'];`
authentication tests 2019-06-15 04:01:01 +12:00
			`expect(newUserCookie).toBeDefined();`
work on app instances 2019-07-07 20:03:37 +12:00			`expect(newUserCookie).not.toEqual(credentials.cookie);`
more session testing 2019-06-15 10:03:01 +12:00
			`app.get("/_master/api/users/")`
			`.set("cookie", newUserCookie)`
			`.expect(statusCodes.OK);`
authentication tests 2019-06-15 04:01:01 +12:00			`});`
more session testing 2019-06-15 10:03:01 +12:00
streaming issue... 2019-06-20 09:05:53 +12:00			`it("should not be able to perform requests when user is disabled", async () => {`

work on app instances 2019-07-07 20:03:37 +12:00			`//HERE`
			await app.post(`/${appName}/api/disableUser`, {
streaming issue... 2019-06-20 09:05:53 +12:00			`username: testUserName`
			`})`
work on app instances 2019-07-07 20:03:37 +12:00			`.set("cookie", credentials.cookie)`
streaming issue... 2019-06-20 09:05:53 +12:00			`.expect(statusCodes.OK);`

work on app instances 2019-07-07 20:03:37 +12:00			await app.get(`/${appName}/api/users`)
streaming issue... 2019-06-20 09:05:53 +12:00			`.set("cookie", newUserCookie)`
tests passing... 2019-06-22 01:00:24 +12:00			`.expect(statusCodes.UNAUTHORIZED);`
streaming issue... 2019-06-20 09:05:53 +12:00
work on app instances 2019-07-07 20:03:37 +12:00			await app.post(`/${appName}/api/authenticate`, {
streaming issue... 2019-06-20 09:05:53 +12:00			`username: testUserName,`
			`password: testPassword`
			`})`
			`.expect(statusCodes.UNAUTHORIZED);`

			`});`

			`it("should not be able to re-authenticate when user is disabled", async () => {`
work on app instances 2019-07-07 20:03:37 +12:00			await app.post(`/${appName}/api/authenticate`, {
streaming issue... 2019-06-20 09:05:53 +12:00			`username: testUserName,`
			`password: testPassword`
			`})`
			`.expect(statusCodes.UNAUTHORIZED);`
			`});`

			`it("should be able with re-authenticate when user is enabled again", async () => {`
fixing bugs..> 2019-06-21 19:42:37 +12:00
work on app instances 2019-07-07 20:03:37 +12:00			await app.post(`/${appName}/api/enableUser`, {
fixing bugs..> 2019-06-21 19:42:37 +12:00			`username: testUserName`
			`})`
work on app instances 2019-07-07 20:03:37 +12:00			`.set("cookie", credentials.cookie)`
fixing bugs..> 2019-06-21 19:42:37 +12:00			`.expect(statusCodes.OK);`

work on app instances 2019-07-07 20:03:37 +12:00			await app.post(`/${appName}/api/authenticate`, {
streaming issue... 2019-06-20 09:05:53 +12:00			`username: testUserName,`
			`password: testPassword`
			`})`
			`.expect(statusCodes.OK);`
			`});`
add plugins to master app 2019-06-26 09:48:22 +12:00
creating new apps ... 2019-06-29 09:59:27 +12:00			`let testUserTempCode;`
add plugins to master app 2019-06-26 09:48:22 +12:00			`it("should be able to reset password with temporary access", async () => {`
creating new apps ... 2019-06-29 09:59:27 +12:00
work on app instances 2019-07-07 20:03:37 +12:00			await app.post(`/${appName}/api/createTemporaryAccess`, {
add plugins to master app 2019-06-26 09:48:22 +12:00			`username: testUserName`
			`})`
			`.expect(statusCodes.OK);`

			`testPassword = "test_user_new_password";`

creating new apps ... 2019-06-29 09:59:27 +12:00			`// the behaviour that creates the below file is async,`
			`/// to this timeout is giving it a change to work its magic`
			`await timeout(10);`
add plugins to master app 2019-06-26 09:48:22 +12:00
creating new apps ... 2019-06-29 09:59:27 +12:00			const testUserTempCode = await readFile(`./tests/.data/tempaccess${testUserName}`, "utf8");

work on app instances 2019-07-07 20:03:37 +12:00			await app.post(`/${appName}/api/setPasswordFromTemporaryCode`, {
add plugins to master app 2019-06-26 09:48:22 +12:00			`username: testUserName,`
creating new apps ... 2019-06-29 09:59:27 +12:00			`tempCode:testUserTempCode,`
add plugins to master app 2019-06-26 09:48:22 +12:00			`newPassword:testPassword`
			`})`
			`.expect(statusCodes.OK);`

work on app instances 2019-07-07 20:03:37 +12:00			await app.post(`/${appName}/api/authenticate`, {
add plugins to master app 2019-06-26 09:48:22 +12:00			`username: testUserName,`
			`password: testPassword`
			`})`
			`.expect(statusCodes.OK);`

creating new apps ... 2019-06-29 09:59:27 +12:00

			`});`

			`it("should not be able to set password with used temp code", async () => {`

work on app instances 2019-07-07 20:03:37 +12:00			await app.post(`/${appName}/api/setPasswordFromTemporaryCode`, {
creating new apps ... 2019-06-29 09:59:27 +12:00			`username: testUserName,`
			`tempCode:testUserTempCode,`
			`newPassword:"whatever"`
			`})`
			`.expect(statusCodes.OK);`

work on app instances 2019-07-07 20:03:37 +12:00			await app.post(`/${appName}/api/authenticate`, {
creating new apps ... 2019-06-29 09:59:27 +12:00			`username: testUserName,`
			`password: "whatever"`
			`})`
			`.expect(statusCodes.UNAUTHORIZED);`

work on app instances 2019-07-07 20:03:37 +12:00			await app.post(`/${appName}/api/authenticate`, {
creating new apps ... 2019-06-29 09:59:27 +12:00			`username: testUserName,`
			`password: testPassword`
			`})`
			`.expect(statusCodes.OK);`

add plugins to master app 2019-06-26 09:48:22 +12:00			`});`
authentication tests 2019-06-15 04:01:01 +12:00			`};`