1 | const t = require('../test-lib/test.js');
|
2 | const assert = require('assert');
|
3 | const Promise = require('bluebird');
|
4 |
|
5 | let apos;
|
6 |
|
7 | describe('Login', function() {
|
8 |
|
9 | this.timeout(20000);
|
10 |
|
11 | after(function(done) {
|
12 | return t.destroy(apos, done);
|
13 | });
|
14 |
|
15 |
|
16 |
|
17 | it('should initialize', function(done) {
|
18 | apos = require('../index.js')({
|
19 | root: module,
|
20 | shortName: 'test',
|
21 | modules: {
|
22 | 'apostrophe-express': {
|
23 | secret: 'xxx',
|
24 | port: 7901,
|
25 | csrf: false
|
26 | },
|
27 | 'apostrophe-users': {
|
28 | groups: [
|
29 | {
|
30 | title: 'guest',
|
31 | permissions: ['guest']
|
32 | },
|
33 | {
|
34 | title: 'admin',
|
35 | permissions: ['admin']
|
36 | }
|
37 | ],
|
38 | disableInactiveAccounts: {
|
39 | inactivityDuration: 0
|
40 | }
|
41 | },
|
42 | 'apostrophe-login': {
|
43 | throttle: {
|
44 | allowedAttempts: 3,
|
45 | perMinutes: 0.25,
|
46 | lockoutMinutes: 0.25
|
47 | }
|
48 | }
|
49 | },
|
50 | afterInit: function(callback) {
|
51 | assert(apos.modules['apostrophe-login']);
|
52 | apos.argv._ = [];
|
53 | assert(apos.users.safe.remove);
|
54 | return apos.users.safe.remove({}, callback);
|
55 |
|
56 | },
|
57 | afterListen: function(err) {
|
58 | assert(!err);
|
59 | done();
|
60 | }
|
61 | });
|
62 | });
|
63 |
|
64 | it('should be able to insert test user', function(done) {
|
65 | assert(apos.users.newInstance);
|
66 | const user = apos.users.newInstance();
|
67 | assert(user);
|
68 |
|
69 | user.firstName = 'Lilith';
|
70 | user.lastName = 'Iyapo';
|
71 | user.title = 'Lilith Iyapo';
|
72 | user.username = 'LilithIyapo';
|
73 | user.password = 'nikanj';
|
74 | user.email = 'liyapo@example.com';
|
75 | user.groupIds = [ apos.users.options.groups[1]._id ];
|
76 |
|
77 | assert(user.type === 'apostrophe-user');
|
78 | assert(apos.users.insert);
|
79 | apos.users.insert(apos.tasks.getReq(), user, function(err) {
|
80 | assert(!err);
|
81 | done();
|
82 | });
|
83 | });
|
84 |
|
85 | it('should be able to verify a login', async function() {
|
86 | const req = apos.tasks.getReq();
|
87 | const user = await apos.users.find(req, {
|
88 | username: 'LilithIyapo'
|
89 | }).toObject();
|
90 | const verify = Promise.promisify(apos.login.verifyPassword);
|
91 | await verify(user, 'nikanj');
|
92 | });
|
93 |
|
94 | it('third failure in a row should cause a lockout', async function() {
|
95 | const req = apos.tasks.getReq();
|
96 | const user = await apos.users.find(req, {
|
97 | username: 'LilithIyapo'
|
98 | }).toObject();
|
99 | const verify = Promise.promisify(apos.login.verifyPassword);
|
100 | try {
|
101 | await verify(user, 'bad');
|
102 | assert(false);
|
103 | } catch (e) {
|
104 | assert(e);
|
105 | assert.notEqual(e.message, 'throttle');
|
106 | }
|
107 | try {
|
108 | await verify(user, 'bad');
|
109 | assert(false);
|
110 | } catch (e) {
|
111 | assert(e);
|
112 | assert.notEqual(e.message, 'throttle');
|
113 | }
|
114 |
|
115 | try {
|
116 | await verify(user, 'bad');
|
117 | assert(false);
|
118 | } catch (e) {
|
119 | assert(e);
|
120 | assert.equal(e.message, 'throttle');
|
121 | }
|
122 |
|
123 | try {
|
124 | await verify(user, 'bad');
|
125 | assert(false);
|
126 | } catch (e) {
|
127 | assert(e);
|
128 | assert.equal(e.message, 'throttle');
|
129 | }
|
130 |
|
131 | try {
|
132 | await verify(user, 'nikanj');
|
133 | assert(false);
|
134 | } catch (e) {
|
135 | assert(e);
|
136 | assert.equal(e.message, 'throttle');
|
137 | }
|
138 | });
|
139 |
|
140 | it('should succeed after suitable pause', async function() {
|
141 | const req = apos.tasks.getReq();
|
142 | const user = await apos.users.find(req, {
|
143 | username: 'LilithIyapo'
|
144 | }).toObject();
|
145 | const verify = Promise.promisify(apos.login.verifyPassword);
|
146 | this.timeout(60000);
|
147 | await Promise.delay(16000);
|
148 | await verify(user, 'nikanj');
|
149 | });
|
150 |
|
151 | });
|