Fixed password reset test

2018-02-25 18:42:37 +00:00 · 2018-02-25 18:42:37 +00:00 · e99bafa77d
parent 2d5e6ba948
commit e99bafa77d
2 changed files with 13 additions and 21 deletions
--- a/config/routes/auth.js
+++ b/config/routes/auth.js
@ -279,6 +279,7 @@ module.exports = (app, passport) => {

      // Valid email
      } else {
+        debug(`Email ${req.body.email} was found valid.`)

        // Check if somebody has that email
        try {
@ -286,6 +287,7 @@ module.exports = (app, passport) => {

          // No user with that email
          if (!user) {
+            debug(`No user found with email ${req.body.email}; ignoring password request.`)
            // Don't let on that no such user exists, to prevent dictionary attacks
            req.flash('success',
              `If an account exists with the email <u>${req.body.email}</u>, \
@ -295,11 +297,12 @@ module.exports = (app, passport) => {

          // User with that email does exist
          } else {
-
+            debug(`User ${user.id} found with that email.  Creating reset token...`)
+            
            // Create reset token
            try {
              let [token, expires] = await user.createPassToken()
-              
+
              // Figure out expiration time string
              debug(`Determining expiration time string for ${expires}...`)
              let expiration_time_string = (req.query.tz)
--- a/test/auth.js
+++ b/test/auth.js
@ -127,19 +127,10 @@ describe('Authentication', () => {
    // These tests require the test user to have been created
    after( () => {

-      describe('Logged out', () => {
+      describe('Logged out', function() {

-        it('Fails to log in with bad password', async () => {
-
-          // Confirm redirect
-          chai.expect( await request.post('/login')
-            .type('form').send({
-              'email': TEST_EMAIL,
-              'password': BAD_PASSWORD
-            })
-          ).to.redirectTo('/login')  // Hey! Incorrect email or password.
-
-        })
+        // Password fuzzing could take a while... give it five seconds
+        this.timeout(5000)

        it(`Fails to log in with ${FUZZED_PASSWORD_TRIES} fuzzed passwords`, () => {

@ -167,21 +158,19 @@ describe('Authentication', () => {

        // TODO: Test invalid and fuzzed forgot password requests

-        // TODO: Fix this test
-        it.only('Sends valid forgot password request', async () => {
+        it('Sends valid forgot password request', async () => {

          // Responds with 200
          chai.expect( await request.post('/login/forgot')
            .type('form').send({
              'email': TEST_EMAIL,
            })
-          ).to.be.html.and.have.status(200)
+          ).to.redirectTo('/login')

-          // Assert password was set
+          // Assert password token was set
          let requesting_user = await User.findOne({'email':TEST_EMAIL} )
-          chai.assert.isString(
-            requesting_user.auth.passwordToken, 'Failed to correctly save password token'
-          )
+          chai.expect(requesting_user.auth.passToken)
+            .to.be.a('string').and.to.have.lengthOf(32)

        })