diff --git a/config/routes/auth.js b/config/routes/auth.js index 78b00f6..59c0129 100755 --- a/config/routes/auth.js +++ b/config/routes/auth.js @@ -279,6 +279,7 @@ module.exports = (app, passport) => { // Valid email } else { + debug(`Email ${req.body.email} was found valid.`) // Check if somebody has that email try { @@ -286,6 +287,7 @@ module.exports = (app, passport) => { // No user with that email if (!user) { + debug(`No user found with email ${req.body.email}; ignoring password request.`) // Don't let on that no such user exists, to prevent dictionary attacks req.flash('success', `If an account exists with the email ${req.body.email}, \ @@ -295,11 +297,12 @@ module.exports = (app, passport) => { // User with that email does exist } else { - + debug(`User ${user.id} found with that email. Creating reset token...`) + // Create reset token try { let [token, expires] = await user.createPassToken() - + // Figure out expiration time string debug(`Determining expiration time string for ${expires}...`) let expiration_time_string = (req.query.tz) diff --git a/test/auth.js b/test/auth.js index 6361e06..f3233c2 100755 --- a/test/auth.js +++ b/test/auth.js @@ -127,19 +127,10 @@ describe('Authentication', () => { // These tests require the test user to have been created after( () => { - describe('Logged out', () => { + describe('Logged out', function() { - it('Fails to log in with bad password', async () => { - - // Confirm redirect - chai.expect( await request.post('/login') - .type('form').send({ - 'email': TEST_EMAIL, - 'password': BAD_PASSWORD - }) - ).to.redirectTo('/login') // Hey! Incorrect email or password. - - }) + // Password fuzzing could take a while... give it five seconds + this.timeout(5000) it(`Fails to log in with ${FUZZED_PASSWORD_TRIES} fuzzed passwords`, () => { @@ -167,21 +158,19 @@ describe('Authentication', () => { // TODO: Test invalid and fuzzed forgot password requests - // TODO: Fix this test - it.only('Sends valid forgot password request', async () => { + it('Sends valid forgot password request', async () => { // Responds with 200 chai.expect( await request.post('/login/forgot') .type('form').send({ 'email': TEST_EMAIL, }) - ).to.be.html.and.have.status(200) + ).to.redirectTo('/login') - // Assert password was set + // Assert password token was set let requesting_user = await User.findOne({'email':TEST_EMAIL} ) - chai.assert.isString( - requesting_user.auth.passwordToken, 'Failed to correctly save password token' - ) + chai.expect(requesting_user.auth.passToken) + .to.be.a('string').and.to.have.lengthOf(32) })