161 lines
4.9 KiB
JavaScript
161 lines
4.9 KiB
JavaScript
import {
|
|
setupApphierarchy,
|
|
validUser,
|
|
basicAppHierarchyCreator_WithFields,
|
|
} from "./specHelpers"
|
|
import {
|
|
parseTemporaryCode,
|
|
userAuthFile,
|
|
USERS_LIST_FILE,
|
|
getUserByName,
|
|
} from "../src/authApi/authCommon"
|
|
|
|
describe("authApi > changeMyPassword", () => {
|
|
it("should be able to authenticate after a change", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const u = await validUser(app, authApi, "firstpassword")
|
|
const firstPasswordCheck = await authApi.authenticate(
|
|
u.name,
|
|
"firstpassword"
|
|
)
|
|
expect(firstPasswordCheck).not.toBeNull()
|
|
const changeResult = await authApi.changeMyPassword(
|
|
"firstpassword",
|
|
"secondpassword"
|
|
)
|
|
expect(changeResult).toBe(true)
|
|
const firstPasswordReCheck = await authApi.authenticate(
|
|
u.name,
|
|
"firstpassword"
|
|
)
|
|
expect(firstPasswordReCheck).toBeNull()
|
|
const secondPasswordCheck = await authApi.authenticate(
|
|
u.name,
|
|
"secondpassword"
|
|
)
|
|
expect(secondPasswordCheck).not.toBeNull()
|
|
})
|
|
|
|
it("should not change password if current password is incorrect", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const u = await validUser(app, authApi, "firstpassword")
|
|
const changeResult = await authApi.changeMyPassword(
|
|
"not-firstpassword",
|
|
"secondpassword"
|
|
)
|
|
expect(changeResult).toBe(false)
|
|
const secondPasswordCheck = await authApi.authenticate(
|
|
u.name,
|
|
"secondpassword"
|
|
)
|
|
expect(secondPasswordCheck).toBeNull()
|
|
})
|
|
|
|
it("should be allowed with no permissions", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const u = await validUser(app, authApi, "firstpassword")
|
|
app.withNoPermissions()
|
|
await authApi.changeMyPassword("firstpassword", "secondpassword")
|
|
})
|
|
})
|
|
|
|
describe("authApi > resetPasswordFlow", () => {
|
|
it("should successfully set password from temporary access", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const u = await validUser(app, authApi, "firstpassword")
|
|
|
|
const tempCode = await authApi.createTemporaryAccess(u.name)
|
|
|
|
const result = await authApi.setPasswordFromTemporaryCode(
|
|
tempCode,
|
|
"secondpassword"
|
|
)
|
|
expect(result).toBe(true)
|
|
const secondPasswordCheck = await authApi.authenticate(
|
|
u.name,
|
|
"secondpassword"
|
|
)
|
|
expect(secondPasswordCheck).not.toBeNull()
|
|
})
|
|
|
|
it("should not set password when temporary access expired", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const u = await validUser(app, authApi, "firstpassword")
|
|
|
|
const tempCode = await authApi.createTemporaryAccess(u.name)
|
|
|
|
const userAuth = await app.datastore.loadJson(userAuthFile(u.name))
|
|
userAuth.temporaryAccessExpiryEpoch = 0
|
|
await app.datastore.updateJson(userAuthFile(u.name), userAuth)
|
|
const result = await authApi.setPasswordFromTemporaryCode(
|
|
tempCode,
|
|
"secondpassword"
|
|
)
|
|
expect(result).toBe(false)
|
|
const secondPasswordCheck = await authApi.authenticate(
|
|
u.name,
|
|
"secondpassword"
|
|
)
|
|
expect(secondPasswordCheck).toBeNull()
|
|
})
|
|
|
|
it("should still be able to authenticate with password when temp access is set", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const u = await validUser(app, authApi, "firstpassword")
|
|
|
|
await authApi.createTemporaryAccess(u.name)
|
|
|
|
const secondPasswordCheck = await authApi.authenticate(
|
|
u.name,
|
|
"firstpassword"
|
|
)
|
|
expect(secondPasswordCheck).not.toBeNull()
|
|
})
|
|
})
|
|
|
|
describe("authApi > createTemporaryAccess", () => {
|
|
it("should set users accessId annd userAuth hash and expiry", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const u = await validUser(app, authApi, "firstpassword")
|
|
|
|
const tempCode = await authApi.createTemporaryAccess(u.name)
|
|
const tempInfo = parseTemporaryCode(tempCode)
|
|
|
|
const userAuth = await app.datastore.loadJson(userAuthFile(u.name))
|
|
|
|
const currentTime = await app.getEpochTime()
|
|
expect(
|
|
app.crypto.verify(userAuth.temporaryAccessHash, tempInfo.code)
|
|
).toBeTruthy()
|
|
expect(userAuth.temporaryAccessExpiryEpoch).toBeGreaterThan(currentTime)
|
|
|
|
const users = await app.datastore.loadJson(USERS_LIST_FILE)
|
|
const user = getUserByName(users, u.name)
|
|
|
|
expect(user.temporaryAccessId).toBe(tempInfo.id)
|
|
})
|
|
|
|
it("should be allowed with no permissions", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const u = await validUser(app, authApi, "firstpassword")
|
|
app.withNoPermissions()
|
|
await authApi.createTemporaryAccess(u.name)
|
|
})
|
|
})
|