diff --git a/config/routes/auth.js b/config/routes/auth.js index 007d006..491c665 100755 --- a/config/routes/auth.js +++ b/config/routes/auth.js @@ -246,6 +246,7 @@ module.exports = (app, passport) => { app.route('/login/forgot') // Check if user is already logged in + // TODO: Write test for this situation .all((req, res, next) => { if (req.isAuthenticated()) loginCallback(req, res) else next() @@ -264,6 +265,7 @@ module.exports = (app, passport) => { // Check if somebody has that email User.findOne({'email': req.body.email}) .then((user) => { + // No user with that email if (!user) { // Don't let on that no such user exists, to prevent dictionary attacks diff --git a/test/auth.js b/test/auth.js index 85ef74b..98400c9 100755 --- a/test/auth.js +++ b/test/auth.js @@ -161,15 +161,32 @@ describe('Authentication', () => { }) - // TODO: Create test for forgetten password - // it('Forgets password', async () => { + it('Loads forgot password page', async () => { + let res = await request.get('/login/forgot') + chai.expect(res).html.to.have.status(200) + }) - // }) + // TODO: Test already-logged-in forgot password requests - // TODO: Create test for changing forgetten password - // it('Changes forgotten password', async () => { + // TODO: Test invalid and fuzzed forgot password requests - // }) + it('Sends valid forgot password request', async () => { + + // Responds with 200 + let res = await request.post('/login/forgot') + .type('form').send({ + email: TEST_EMAIL, + }) + chai.expect(res).html.to.have.status(200) + + // Assert password was set + + + }) + + //it('Changes forgotten password', async () => { + // TODO: Create test for changing forgetten password + //}) // Finally log in successfully after( () => {