Fixed password reset test
parent
2d5e6ba948
commit
e99bafa77d
|
@ -279,6 +279,7 @@ module.exports = (app, passport) => {
|
||||||
|
|
||||||
// Valid email
|
// Valid email
|
||||||
} else {
|
} else {
|
||||||
|
debug(`Email ${req.body.email} was found valid.`)
|
||||||
|
|
||||||
// Check if somebody has that email
|
// Check if somebody has that email
|
||||||
try {
|
try {
|
||||||
|
@ -286,6 +287,7 @@ module.exports = (app, passport) => {
|
||||||
|
|
||||||
// No user with that email
|
// No user with that email
|
||||||
if (!user) {
|
if (!user) {
|
||||||
|
debug(`No user found with email ${req.body.email}; ignoring password request.`)
|
||||||
// Don't let on that no such user exists, to prevent dictionary attacks
|
// Don't let on that no such user exists, to prevent dictionary attacks
|
||||||
req.flash('success',
|
req.flash('success',
|
||||||
`If an account exists with the email <u>${req.body.email}</u>, \
|
`If an account exists with the email <u>${req.body.email}</u>, \
|
||||||
|
@ -295,11 +297,12 @@ module.exports = (app, passport) => {
|
||||||
|
|
||||||
// User with that email does exist
|
// User with that email does exist
|
||||||
} else {
|
} else {
|
||||||
|
debug(`User ${user.id} found with that email. Creating reset token...`)
|
||||||
|
|
||||||
// Create reset token
|
// Create reset token
|
||||||
try {
|
try {
|
||||||
let [token, expires] = await user.createPassToken()
|
let [token, expires] = await user.createPassToken()
|
||||||
|
|
||||||
// Figure out expiration time string
|
// Figure out expiration time string
|
||||||
debug(`Determining expiration time string for ${expires}...`)
|
debug(`Determining expiration time string for ${expires}...`)
|
||||||
let expiration_time_string = (req.query.tz)
|
let expiration_time_string = (req.query.tz)
|
||||||
|
|
27
test/auth.js
27
test/auth.js
|
@ -127,19 +127,10 @@ describe('Authentication', () => {
|
||||||
// These tests require the test user to have been created
|
// These tests require the test user to have been created
|
||||||
after( () => {
|
after( () => {
|
||||||
|
|
||||||
describe('Logged out', () => {
|
describe('Logged out', function() {
|
||||||
|
|
||||||
it('Fails to log in with bad password', async () => {
|
// Password fuzzing could take a while... give it five seconds
|
||||||
|
this.timeout(5000)
|
||||||
// Confirm redirect
|
|
||||||
chai.expect( await request.post('/login')
|
|
||||||
.type('form').send({
|
|
||||||
'email': TEST_EMAIL,
|
|
||||||
'password': BAD_PASSWORD
|
|
||||||
})
|
|
||||||
).to.redirectTo('/login') // Hey! Incorrect email or password.
|
|
||||||
|
|
||||||
})
|
|
||||||
|
|
||||||
it(`Fails to log in with ${FUZZED_PASSWORD_TRIES} fuzzed passwords`, () => {
|
it(`Fails to log in with ${FUZZED_PASSWORD_TRIES} fuzzed passwords`, () => {
|
||||||
|
|
||||||
|
@ -167,21 +158,19 @@ describe('Authentication', () => {
|
||||||
|
|
||||||
// TODO: Test invalid and fuzzed forgot password requests
|
// TODO: Test invalid and fuzzed forgot password requests
|
||||||
|
|
||||||
// TODO: Fix this test
|
it('Sends valid forgot password request', async () => {
|
||||||
it.only('Sends valid forgot password request', async () => {
|
|
||||||
|
|
||||||
// Responds with 200
|
// Responds with 200
|
||||||
chai.expect( await request.post('/login/forgot')
|
chai.expect( await request.post('/login/forgot')
|
||||||
.type('form').send({
|
.type('form').send({
|
||||||
'email': TEST_EMAIL,
|
'email': TEST_EMAIL,
|
||||||
})
|
})
|
||||||
).to.be.html.and.have.status(200)
|
).to.redirectTo('/login')
|
||||||
|
|
||||||
// Assert password was set
|
// Assert password token was set
|
||||||
let requesting_user = await User.findOne({'email':TEST_EMAIL} )
|
let requesting_user = await User.findOne({'email':TEST_EMAIL} )
|
||||||
chai.assert.isString(
|
chai.expect(requesting_user.auth.passToken)
|
||||||
requesting_user.auth.passwordToken, 'Failed to correctly save password token'
|
.to.be.a('string').and.to.have.lengthOf(32)
|
||||||
)
|
|
||||||
|
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue