Added fuzzer to tests
parent
c36104aa9c
commit
4404f390e3
|
@ -57,7 +57,7 @@ module.exports = (app, passport) => {
|
|||
.post( async (req, res, next) => {
|
||||
|
||||
// Send token and alert user
|
||||
async function sendToken(user) {
|
||||
const sendToken = async function(user) {
|
||||
debug(`sendToken() called for user ${user.id}`)
|
||||
|
||||
// Create a new password token
|
||||
|
@ -131,8 +131,16 @@ module.exports = (app, passport) => {
|
|||
|
||||
}
|
||||
|
||||
// Validate email
|
||||
req.checkBody('email', 'Please enter a valid email address.').isEmail()
|
||||
// Invalid email
|
||||
if (!mw.validateEmail(req.body.email)) {
|
||||
debug(`Email ${req.body.email} was found invalid!`)
|
||||
req.flash('warning', `The email you entered, ${req.body.email} isn't valid. Try again. `)
|
||||
res.redirect('/login#login')
|
||||
next()
|
||||
|
||||
// Valid email
|
||||
} else {
|
||||
debug(`Email ${req.body.email} was found valid.`)
|
||||
|
||||
// Check if somebody already has that email
|
||||
try {
|
||||
|
@ -240,6 +248,8 @@ module.exports = (app, passport) => {
|
|||
mw.throwErr(err, req)
|
||||
res.redirect('/login#signup')
|
||||
}
|
||||
|
||||
}
|
||||
})
|
||||
|
||||
// Forgot password
|
||||
|
@ -259,8 +269,16 @@ module.exports = (app, passport) => {
|
|||
|
||||
// Submitted forgot password form
|
||||
.post( async (req, res, next) => {
|
||||
// Validate email
|
||||
req.checkBody('email', 'Please enter a valid email address.').isEmail()
|
||||
|
||||
// Invalid email
|
||||
if (!mw.validateEmail(req.body.email)) {
|
||||
debug(`Email ${req.body.email} was found invalid!`)
|
||||
req.flash('warning', `The email you entered, ${req.body.email} isn't valid. Try again. `)
|
||||
res.redirect('/login/forgot')
|
||||
next()
|
||||
|
||||
// Valid email
|
||||
} else {
|
||||
|
||||
// Check if somebody has that email
|
||||
try {
|
||||
|
@ -282,6 +300,12 @@ module.exports = (app, passport) => {
|
|||
try {
|
||||
let [token, expires] = await user.createPassToken()
|
||||
|
||||
// Figure out expiration time string
|
||||
debug(`Determining expiration time string for ${expires}...`)
|
||||
let expiration_time_string = (req.query.tz)
|
||||
? moment(expires).utcOffset(req.query.tz).toDate().toLocaleTimeString(req.acceptsLanguages[0])
|
||||
: moment(expires).toDate().toLocaleTimeString(req.acceptsLanguages[0]) + ' UTC'
|
||||
|
||||
// Email reset link
|
||||
try {
|
||||
await mail.send({
|
||||
|
@ -292,20 +316,23 @@ module.exports = (app, passport) => {
|
|||
`Hi, \n\nDid you request to reset your Tracman password? \
|
||||
If so, follow this link to do so:\
|
||||
\n${env.url}/account/password/${token}\n\n\
|
||||
If you didn't initiate this request, just ignore this email. `
|
||||
This link will expire at ${expiration_time_string}. \n\n\
|
||||
If you didn't initiate this request, just ignore this email. \n\n`
|
||||
),
|
||||
html: mail.html(
|
||||
`<p>Hi, </p><p>Did you request to reset your Tracman password? \
|
||||
If so, follow this link to do so:<br>\
|
||||
<a href="${env.url}/account/password/${token}">\
|
||||
${env.url}/account/password/${token}</a></p>\
|
||||
${env.url}/account/password/${token}</a>. \
|
||||
This link will expire at ${expiration_time_string}. </p>\
|
||||
<p>If you didn't initiate this request, just ignore this email. </p>`
|
||||
)
|
||||
})
|
||||
req.flash(
|
||||
'success',
|
||||
`If an account exists with the email <u>${req.body.email}</u>, \
|
||||
an email has been sent there with a password reset link. `)
|
||||
an email has been sent there with a password reset link.\
|
||||
(Your reset link will expire in one hour.)`)
|
||||
res.redirect('/login')
|
||||
} catch (err) {
|
||||
debug(`Failed to send reset link to ${user.email}`)
|
||||
|
@ -320,6 +347,8 @@ module.exports = (app, passport) => {
|
|||
res.redirect('/login/forgot')
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
})
|
||||
|
||||
// Android
|
||||
|
@ -377,4 +406,5 @@ module.exports = (app, passport) => {
|
|||
app.get('/login/google/cb', passport.authenticate('google', loginOutcome), loginCallback)
|
||||
app.get('/login/facebook/cb', passport.authenticate('facebook', loginOutcome), loginCallback)
|
||||
app.get('/login/twitter/cb', passport.authenticate('twitter', loginOutcome), loginCallback)
|
||||
|
||||
}
|
||||
|
|
|
@ -4,5 +4,5 @@ module.exports = {
|
|||
TEST_PASSWORD: 'mDAQYe2VYE',
|
||||
BAD_PASSWORD: 'password123',
|
||||
FUZZED_EMAIL_TRIES: 3,
|
||||
FUZZED_PASSWORD_TRIES: 10,
|
||||
FUZZED_PASSWORD_TRIES: 100,
|
||||
}
|
46
test/auth.js
46
test/auth.js
|
@ -2,6 +2,7 @@
|
|||
|
||||
const chai = require('chai')
|
||||
const app = require('../server')
|
||||
const froth = require('mocha-froth')
|
||||
const User = require('../config/models').user
|
||||
// const superagent = require('superagent').agent()
|
||||
const request = require('supertest').agent(app)
|
||||
|
@ -49,27 +50,28 @@ describe('Authentication', () => {
|
|||
|
||||
})
|
||||
|
||||
// TODO: Implement fuzzer
|
||||
it.skip(`Fails to create accounts with ${FUZZED_EMAIL_TRIES} fuzzed emails`, () => {
|
||||
it(`Fails to create accounts with ${FUZZED_EMAIL_TRIES} fuzzed emails`, () => {
|
||||
|
||||
// Fuzz emails
|
||||
// loop with let fuzzed_email
|
||||
froth(FUZZED_EMAIL_TRIES).forEach( async (fuzzed_email) => {
|
||||
|
||||
// Confirm redirect
|
||||
// chai.expect( await request.post('/signup')
|
||||
// .type('form').send({ 'email':fuzzed_email })
|
||||
// ).to.redirectTo('/login#signup')
|
||||
chai.expect( await request.post('/signup')
|
||||
.type('form').send({ 'email':fuzzed_email })
|
||||
).to.redirectTo('/login#signup')
|
||||
|
||||
/* Ensure user was deleted after email failed to send
|
||||
/* Users with bad emails are removed asynchronously and may happen after
|
||||
/* the response was recieved. Ensure it's happened in a kludgy way by
|
||||
/* waiting 2 seconds before asserting that the user doesn't exist
|
||||
*/
|
||||
// setTimeout( async () => {
|
||||
// chai.assert.isNull( await User.findOne({
|
||||
// 'email': FAKE_EMAIL
|
||||
// }), 'Account with fake email was created')
|
||||
// }, 2000)
|
||||
setTimeout( async () => {
|
||||
chai.assert.isNull( await User.findOne({
|
||||
'email': fuzzed_email
|
||||
}), 'Account with fake email was created')
|
||||
}, 2000)
|
||||
|
||||
})
|
||||
|
||||
})
|
||||
|
||||
|
@ -140,23 +142,24 @@ describe('Authentication', () => {
|
|||
|
||||
})
|
||||
|
||||
// TODO: Implement fuzzer
|
||||
it.skip(`Fails to log in with ${FUZZED_PASSWORD_TRIES} fuzzed passwords`, () => {
|
||||
it(`Fails to log in with ${FUZZED_PASSWORD_TRIES} fuzzed passwords`, () => {
|
||||
|
||||
// Fuzz passwords
|
||||
// loop with let fuzzed_password
|
||||
froth(FUZZED_PASSWORD_TRIES).forEach( async (fuzzed_password) => {
|
||||
|
||||
// Confirm redirect
|
||||
// chai.expect( await request.post('/login')
|
||||
// .type('form').send({
|
||||
// 'email': TEST_EMAIL,
|
||||
// 'password': fuzzed_password
|
||||
// })
|
||||
// ).to.redirectTo('/login') // Hey! Incorrect email or password.
|
||||
chai.expect( await request.post('/login')
|
||||
.type('form').send({
|
||||
'email': TEST_EMAIL,
|
||||
'password': fuzzed_password
|
||||
})
|
||||
).to.redirectTo('/login') // Hey! Incorrect email or password.
|
||||
|
||||
})
|
||||
|
||||
it('Loads forgot password page', async () => {
|
||||
})
|
||||
|
||||
it.skip('Loads forgot password page', async () => {
|
||||
let res = await request.get('/login/forgot')
|
||||
chai.expect(res).html.to.have.status(200)
|
||||
})
|
||||
|
@ -257,6 +260,7 @@ describe('Authentication', () => {
|
|||
})
|
||||
|
||||
})
|
||||
|
||||
})
|
||||
|
||||
})
|
||||
|
|
Loading…
Reference in New Issue