UNPKG

apostrophe/test/login-throttle.js

Version:

3.82 kBJavaScriptView Raw

1const t = require('../test-lib/test.js');
2const assert = require('assert');
3const Promise = require('bluebird');
4
5let apos;
6
7describe('Login', function() {
8
this.timeout(20000);
10
after(function(done) {
  return t.destroy(apos, done);
});
14
// EXISTENCE
16
it('should initialize', function(done) {
  apos = require('../index.js')({
    root: module,
    shortName: 'test',
    modules: {
      'apostrophe-express': {
        secret: 'xxx',
        port: 7901,
        csrf: false
      },
      'apostrophe-users': {
        groups: [
          {
            title: 'guest',
            permissions: ['guest']
          },
          {
            title: 'admin',
            permissions: ['admin']
          }
        ],
        disableInactiveAccounts: {
          inactivityDuration: 0
        }
      },
      'apostrophe-login': {
        throttle: {
          allowedAttempts: 3,
          perMinutes: 0.25,
          lockoutMinutes: 0.25
        }
      }
    },
    afterInit: function(callback) {
      assert(apos.modules['apostrophe-login']);
      apos.argv._ = [];
      assert(apos.users.safe.remove);
      return apos.users.safe.remove({}, callback);
      // return callback(null);
    },
    afterListen: function(err) {
      assert(!err);
      done();
    }
  });
});
63
it('should be able to insert test user', function(done) {
  assert(apos.users.newInstance);
  const user = apos.users.newInstance();
  assert(user);
68
  user.firstName = 'Lilith';
  user.lastName = 'Iyapo';
  user.title = 'Lilith Iyapo';
  user.username = 'LilithIyapo';
  user.password = 'nikanj';
  user.email = 'liyapo@example.com';
  user.groupIds = [ apos.users.options.groups[1]._id ];
76
  assert(user.type === 'apostrophe-user');
  assert(apos.users.insert);
  apos.users.insert(apos.tasks.getReq(), user, function(err) {
    assert(!err);
    done();
  });
});
84
it('should be able to verify a login', async function() {
  const req = apos.tasks.getReq();
  const user = await apos.users.find(req, {
    username: 'LilithIyapo'
  }).toObject();
  const verify = Promise.promisify(apos.login.verifyPassword);
  await verify(user, 'nikanj');
});
93
it('third failure in a row should cause a lockout', async function() {
  const req = apos.tasks.getReq();
  const user = await apos.users.find(req, {
    username: 'LilithIyapo'
  }).toObject();
  const verify = Promise.promisify(apos.login.verifyPassword);
  try {
    await verify(user, 'bad');
    assert(false);
  } catch (e) {
    assert(e);
    assert.notEqual(e.message, 'throttle');
  }
  try {
    await verify(user, 'bad');
    assert(false);
  } catch (e) {
    assert(e);
    assert.notEqual(e.message, 'throttle');
  }
  // third attempt triggers lockout
  try {
    await verify(user, 'bad');
    assert(false);
  } catch (e) {
    assert(e);
    assert.equal(e.message, 'throttle');
  }
  // fourth attempt is throttled (by lockout)
  try {
    await verify(user, 'bad');
    assert(false);
  } catch (e) {
    assert(e);
    assert.equal(e.message, 'throttle');
  }
  // still throttled even if the password is good
  try {
    await verify(user, 'nikanj');
    assert(false);
  } catch (e) {
    assert(e);
    assert.equal(e.message, 'throttle');
  }
});
139
it('should succeed after suitable pause', async function() {
  const req = apos.tasks.getReq();
  const user = await apos.users.find(req, {
    username: 'LilithIyapo'
  }).toObject();
  const verify = Promise.promisify(apos.login.verifyPassword);
  this.timeout(60000);
  await Promise.delay(16000);
  await verify(user, 'nikanj');
});
150
151});

1	`const t = require('../test-lib/test.js');`
2	`const assert = require('assert');`
3	`const Promise = require('bluebird');`
4
5	`let apos;`
6
7	`describe('Login', function() {`
8
9	`this.timeout(20000);`
10
11	`after(function(done) {`
12	`return t.destroy(apos, done);`
13	`});`
14
15	`// EXISTENCE`
16
17	`it('should initialize', function(done) {`
18	`apos = require('../index.js')({`
19	`root: module,`
20	`shortName: 'test',`
21	`modules: {`
22	`'apostrophe-express': {`
23	`secret: 'xxx',`
24	`port: 7901,`
25	`csrf: false`
26	`},`
27	`'apostrophe-users': {`
28	`groups: [`
29	`{`
30	`title: 'guest',`
31	`permissions: ['guest']`
32	`},`
33	`{`
34	`title: 'admin',`
35	`permissions: ['admin']`
36	`}`
37	`],`
38	`disableInactiveAccounts: {`
39	`inactivityDuration: 0`
40	`}`
41	`},`
42	`'apostrophe-login': {`
43	`throttle: {`
44	`allowedAttempts: 3,`
45	`perMinutes: 0.25,`
46	`lockoutMinutes: 0.25`
47	`}`
48	`}`
49	`},`
50	`afterInit: function(callback) {`
51	`assert(apos.modules['apostrophe-login']);`
52	`apos.argv._ = [];`
53	`assert(apos.users.safe.remove);`
54	`return apos.users.safe.remove({}, callback);`
55	`// return callback(null);`
56	`},`
57	`afterListen: function(err) {`
58	`assert(!err);`
59	`done();`
60	`}`
61	`});`
62	`});`
63
64	`it('should be able to insert test user', function(done) {`
65	`assert(apos.users.newInstance);`
66	`const user = apos.users.newInstance();`
67	`assert(user);`
68
69	`user.firstName = 'Lilith';`
70	`user.lastName = 'Iyapo';`
71	`user.title = 'Lilith Iyapo';`
72	`user.username = 'LilithIyapo';`
73	`user.password = 'nikanj';`
74	`user.email = 'liyapo@example.com';`
75	`user.groupIds = [ apos.users.options.groups[1]._id ];`
76
77	`assert(user.type === 'apostrophe-user');`
78	`assert(apos.users.insert);`
79	`apos.users.insert(apos.tasks.getReq(), user, function(err) {`
80	`assert(!err);`
81	`done();`
82	`});`
83	`});`
84
85	`it('should be able to verify a login', async function() {`
86	`const req = apos.tasks.getReq();`
87	`const user = await apos.users.find(req, {`
88	`username: 'LilithIyapo'`
89	`}).toObject();`
90	`const verify = Promise.promisify(apos.login.verifyPassword);`
91	`await verify(user, 'nikanj');`
92	`});`
93
94	`it('third failure in a row should cause a lockout', async function() {`
95	`const req = apos.tasks.getReq();`
96	`const user = await apos.users.find(req, {`
97	`username: 'LilithIyapo'`
98	`}).toObject();`
99	`const verify = Promise.promisify(apos.login.verifyPassword);`
100	`try {`
101	`await verify(user, 'bad');`
102	`assert(false);`
103	`} catch (e) {`
104	`assert(e);`
105	`assert.notEqual(e.message, 'throttle');`
106	`}`
107	`try {`
108	`await verify(user, 'bad');`
109	`assert(false);`
110	`} catch (e) {`
111	`assert(e);`
112	`assert.notEqual(e.message, 'throttle');`
113	`}`
114	`// third attempt triggers lockout`
115	`try {`
116	`await verify(user, 'bad');`
117	`assert(false);`
118	`} catch (e) {`
119	`assert(e);`
120	`assert.equal(e.message, 'throttle');`
121	`}`
122	`// fourth attempt is throttled (by lockout)`
123	`try {`
124	`await verify(user, 'bad');`
125	`assert(false);`
126	`} catch (e) {`
127	`assert(e);`
128	`assert.equal(e.message, 'throttle');`
129	`}`
130	`// still throttled even if the password is good`
131	`try {`
132	`await verify(user, 'nikanj');`
133	`assert(false);`
134	`} catch (e) {`
135	`assert(e);`
136	`assert.equal(e.message, 'throttle');`
137	`}`
138	`});`
139
140	`it('should succeed after suitable pause', async function() {`
141	`const req = apos.tasks.getReq();`
142	`const user = await apos.users.find(req, {`
143	`username: 'LilithIyapo'`
144	`}).toObject();`
145	`const verify = Promise.promisify(apos.login.verifyPassword);`
146	`this.timeout(60000);`
147	`await Promise.delay(16000);`
148	`await verify(user, 'nikanj');`
149	`});`
150
151	`});`