ki9
/
tracman-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed password reset test

master
Keith Irwin 2018-02-25 18:42:37 +00:00
parent 2d5e6ba948
commit e99bafa77d
No known key found for this signature in database
GPG Key ID: 378933C743E2BBC0
2 changed files with 13 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config/routes/auth.js
View File

@ -279,6 +279,7 @@ module.exports = (app, passport) => {
// Valid email // Valid email
} else { } else {
debug(`Email ${req.body.email} was found valid.`)
// Check if somebody has that email // Check if somebody has that email
try { try {
@ -286,6 +287,7 @@ module.exports = (app, passport) => {
// No user with that email // No user with that email
if (!user) { if (!user) {
debug(`No user found with email ${req.body.email}; ignoring password request.`)
// Don't let on that no such user exists, to prevent dictionary attacks // Don't let on that no such user exists, to prevent dictionary attacks
req.flash('success', req.flash('success',
`If an account exists with the email <u>${req.body.email}</u>, \ `If an account exists with the email <u>${req.body.email}</u>, \
@ -295,11 +297,12 @@ module.exports = (app, passport) => {
// User with that email does exist // User with that email does exist
} else { } else {
debug(`User ${user.id} found with that email. Creating reset token...`)
// Create reset token // Create reset token
try { try {
let [token, expires] = await user.createPassToken() let [token, expires] = await user.createPassToken()
// Figure out expiration time string // Figure out expiration time string
debug(`Determining expiration time string for ${expires}...`) debug(`Determining expiration time string for ${expires}...`)
let expiration_time_string = (req.query.tz) let expiration_time_string = (req.query.tz)

27
test/auth.js
View File

@ -127,19 +127,10 @@ describe('Authentication', () => {
// These tests require the test user to have been created // These tests require the test user to have been created
after( () => { after( () => {
describe('Logged out', () => { describe('Logged out', function() {
it('Fails to log in with bad password', async () => { // Password fuzzing could take a while... give it five seconds
this.timeout(5000)
// Confirm redirect
chai.expect( await request.post('/login')
.type('form').send({
'email': TEST_EMAIL,
'password': BAD_PASSWORD
})
).to.redirectTo('/login') // Hey! Incorrect email or password.
})
it(`Fails to log in with ${FUZZED_PASSWORD_TRIES} fuzzed passwords`, () => { it(`Fails to log in with ${FUZZED_PASSWORD_TRIES} fuzzed passwords`, () => {
@ -167,21 +158,19 @@ describe('Authentication', () => {
// TODO: Test invalid and fuzzed forgot password requests // TODO: Test invalid and fuzzed forgot password requests
// TODO: Fix this test it('Sends valid forgot password request', async () => {
it.only('Sends valid forgot password request', async () => {
// Responds with 200 // Responds with 200
chai.expect( await request.post('/login/forgot') chai.expect( await request.post('/login/forgot')
.type('form').send({ .type('form').send({
'email': TEST_EMAIL, 'email': TEST_EMAIL,
}) })
).to.be.html.and.have.status(200) ).to.redirectTo('/login')
// Assert password was set // Assert password token was set
let requesting_user = await User.findOne({'email':TEST_EMAIL} ) let requesting_user = await User.findOne({'email':TEST_EMAIL} )
chai.assert.isString( chai.expect(requesting_user.auth.passToken)
requesting_user.auth.passwordToken, 'Failed to correctly save password token' .to.be.a('string').and.to.have.lengthOf(32)
)
}) })