UNPKG

node-user-accounts-boilerplate/auth/EmailAuth2Test.js

Version:

5.02 kBJavaScriptView Raw

1"use strict";
2
3const assert = require('assert');
4const describeConfig = require('../setupTester');
5const EmailAuth = require('./EmailAuth');
6const PBKDF2 = require('../crypt/PBKDF2');
7
8function config(base = {})
9{
return async function ()
{
  const cfg = JSON.parse(JSON.stringify(base));
  cfg.users = await describeConfig.createCollection([{
    id: 'regular',
    password: "0000001000002710aaf5309088073583635515b587c99a0d2d0c6a65063f8edf42e5e060c6be57d836515726956e8bb013b43682472adb140baa090d0cebae8c43c8be856a4f17a0b856a6f5bd67f9e98aa3b0fcf095a33ccba15f36cbd4609549e15461edc8fe5484a8eb10b8a28476931505bcd929eb7ea2460f9a5ea051161f5769a12c943209a7437df72452706d847361497f193cafaf4bf80ed79ba23c389b3453ca8721e981948ba0c95505dd8e3c0724e2c70db5a2623be6507a7c1a8d9e1caa48dbf31c524610713063475687f2abc3b749ea10e3982e0f487e47265a90d0c3bf0dbf7444dbbf6a949448e0536db4e37886a9ae00efb12ee7cdb53c2eb827cdfc4c325bf687d802aeeec3c58db253e88886e44a65d959817029e3d75a4b398ef299318ab469aee332ca0068eb5d6ff221f69a345af055ad1021b75dd49446f602dc05e961925ca083530def5e5e5670871a29ecd99de40f7bfe0ff3336b3359d17da8f0a85294d01368847f6af784e4eb361bb716842a8725708f518f554c93aa5aa40392cd866145537a35532607924461e5ac40a5101af3d6ca16c3f68ecb3f28637e8999f85abe4cb56b5312297ece745ccc7152e25b5db07e492e5ee7dd4942f8e02fd3b93787f091949a7735d501a97a4eed729f5eaf7b35dee12bcced045ff327953863016a121d19cf5ef0270ebfa61767e68befc1f9e457743a753f816135bea1cabe694da6a694f0343fe772231938",
    "credentials": [{
      "type": "email",
      "value": "username"
    }]
  }]);
21
  cfg.emails = [];
  cfg.emailSender = {
    send: function ()
    {
      cfg.emails.push(Array.prototype.slice.call(arguments));
    }
  }
29
  cfg.crypt = new PBKDF2();
31
  cfg.auth = [
    new EmailAuth(cfg)
  ];
35
  return cfg;
}
38}
39
40describeConfig('normal flow', config(), function (handler)
41{
it(`normal login`, async function ()
{
  await handler.request('POST', '/api/accounts/email/login.json', {}, {
    username: 'username',
    password: 'password'
  });
  assert.notDeepEqual((await handler.request('GET', '/api/accounts/current.json'))
    .data, false)
});
51});
52
53describeConfig('passwordless', config(), function (handler)
54{
it(`normal login`, async function ()
{
  // @@@@@@@@
  // send a passwordless login security token
  await handler.request('POST', '/api/accounts/email/passwordless.json', {}, {
    username: 'username',
  });
  // make sure it does not log us in
  assert.deepEqual((await handler.request('GET', '/api/accounts/current.json'))
    .data, false);
  // @@@@@@@@
  // extract security token from email
  assert.deepEqual(handler.getconfig()
    .emails.length, 1)
  const token = handler.getconfig()
    .emails[0][3].match(/[:] ([^<]+)\</)[1];
  // @@@@@@@@
  // login using security token
  await handler.request('POST', '/api/accounts/email/login.json', {}, {
    username: 'username',
    password: token,
  });
  assert.notDeepEqual((await handler.request('GET', '/api/accounts/current.json'))
    .data, false);
  // @@@@@@@@
  // make sure token expires
  await handler.request('POST', '/api/accounts/logout.json')
  await handler.request('POST', '/api/accounts/email/login.json', {}, {
    username: 'username',
    password: token,
  });
  assert.deepEqual((await handler.request('GET', '/api/accounts/current.json'))
    .data, false);
});
89});
90
91describeConfig('simulate ordinary login', config({
allowPasswordSettingDuringRegistration: true
93}), function (handler)
94{
it(``, async function ()
{
  // @@@@@@@@
  // instead of sending a passwordless request, we send a registration request
  await handler.request('POST', '/api/accounts/email/register.json', {}, {
    username: 'testusername',
    password: 'testpassword',
    loginLinkPrefix: '>>>',
  });
  // get verification token out of email
  assert.deepEqual(handler.getconfig()
    .emails.length, 1)
  const token = handler.getconfig()
    .emails[0][3].match(/>>>([^"]+)"/)[1];
  // @@@@@@@@
  // verify
  await handler.request('POST', '/api/accounts/email/verify.json', {}, {
    username: 'testusername',
    password: token,
  });
  // should be logged in
  assert.notDeepEqual((await handler.request('GET', '/api/accounts/current.json'))
    .data, false);
  // we should noe be able to log in using the password we specified
  await handler.request('POST', '/api/accounts/logout.json')
  await handler.request('POST', '/api/accounts/email/login.json', {}, {
    username: 'testusername',
    password: 'testpassword',
  });
  assert.notDeepEqual((await handler.request('GET', '/api/accounts/current.json'))
    .data, false);
  await handler.request('POST', '/api/accounts/logout.json')
  // @@@@@@@@
  // should also be able to recover accounts
  await handler.request('POST', '/api/accounts/email/recover.json', {}, {
    username: 'testusername',
  });
})
133});

1	`"use strict";`
2
3	`const assert = require('assert');`
4	`const describeConfig = require('../setupTester');`
5	`const EmailAuth = require('./EmailAuth');`
6	`const PBKDF2 = require('../crypt/PBKDF2');`
7
8	`function config(base = {})`
9	`{`
10	`return async function ()`
11	`{`
12	`const cfg = JSON.parse(JSON.stringify(base));`
13	`cfg.users = await describeConfig.createCollection([{`
14	`id: 'regular',`
15	password: "0000001000002710aaf5309088073583635515b587c99a0d2d0c6a65063f8edf42e5e060c6be57d836515726956e8bb013b43682472adb140baa090d0cebae8c43c8be856a4f17a0b856a6f5bd67f9e98aa3b0fcf095a33ccba15f36cbd4609549e15461edc8fe5484a8eb10b8a28476931505bcd929eb7ea2460f9a5ea051161f5769a12c943209a7437df72452706d847361497f193cafaf4bf80ed79ba23c389b3453ca8721e981948ba0c95505dd8e3c0724e2c70db5a2623be6507a7c1a8d9e1caa48dbf31c524610713063475687f2abc3b749ea10e3982e0f487e47265a90d0c3bf0dbf7444dbbf6a949448e0536db4e37886a9ae00efb12ee7cdb53c2eb827cdfc4c325bf687d802aeeec3c58db253e88886e44a65d959817029e3d75a4b398ef299318ab469aee332ca0068eb5d6ff221f69a345af055ad1021b75dd49446f602dc05e961925ca083530def5e5e5670871a29ecd99de40f7bfe0ff3336b3359d17da8f0a85294d01368847f6af784e4eb361bb716842a8725708f518f554c93aa5aa40392cd866145537a35532607924461e5ac40a5101af3d6ca16c3f68ecb3f28637e8999f85abe4cb56b5312297ece745ccc7152e25b5db07e492e5ee7dd4942f8e02fd3b93787f091949a7735d501a97a4eed729f5eaf7b35dee12bcced045ff327953863016a121d19cf5ef0270ebfa61767e68befc1f9e457743a753f816135bea1cabe694da6a694f0343fe772231938",
16	`"credentials": [{`
17	`"type": "email",`
18	`"value": "username"`
19	`}]`
20	`}]);`
21
22	`cfg.emails = [];`
23	`cfg.emailSender = {`
24	`send: function ()`
25	`{`
26	`cfg.emails.push(Array.prototype.slice.call(arguments));`
27	`}`
28	`}`
29
30	`cfg.crypt = new PBKDF2();`
31
32	`cfg.auth = [`
33	`new EmailAuth(cfg)`
34	`];`
35
36	`return cfg;`
37	`}`
38	`}`
39
40	`describeConfig('normal flow', config(), function (handler)`
41	`{`
42	it(`normal login`, async function ()
43	`{`
44	`await handler.request('POST', '/api/accounts/email/login.json', {}, {`
45	`username: 'username',`
46	`password: 'password'`
47	`});`
48	`assert.notDeepEqual((await handler.request('GET', '/api/accounts/current.json'))`
49	`.data, false)`
50	`});`
51	`});`
52
53	`describeConfig('passwordless', config(), function (handler)`
54	`{`
55	it(`normal login`, async function ()
56	`{`
57	`// @@@@@@@@`
58	`// send a passwordless login security token`
59	`await handler.request('POST', '/api/accounts/email/passwordless.json', {}, {`
60	`username: 'username',`
61	`});`
62	`// make sure it does not log us in`
63	`assert.deepEqual((await handler.request('GET', '/api/accounts/current.json'))`
64	`.data, false);`
65	`// @@@@@@@@`
66	`// extract security token from email`
67	`assert.deepEqual(handler.getconfig()`
68	`.emails.length, 1)`
69	`const token = handler.getconfig()`
70	`.emails[0][3].match(/[:] ([^<]+)\</)[1];`
71	`// @@@@@@@@`
72	`// login using security token`
73	`await handler.request('POST', '/api/accounts/email/login.json', {}, {`
74	`username: 'username',`
75	`password: token,`
76	`});`
77	`assert.notDeepEqual((await handler.request('GET', '/api/accounts/current.json'))`
78	`.data, false);`
79	`// @@@@@@@@`
80	`// make sure token expires`
81	`await handler.request('POST', '/api/accounts/logout.json')`
82	`await handler.request('POST', '/api/accounts/email/login.json', {}, {`
83	`username: 'username',`
84	`password: token,`
85	`});`
86	`assert.deepEqual((await handler.request('GET', '/api/accounts/current.json'))`
87	`.data, false);`
88	`});`
89	`});`
90
91	`describeConfig('simulate ordinary login', config({`
92	`allowPasswordSettingDuringRegistration: true`
93	`}), function (handler)`
94	`{`
95	it(``, async function ()
96	`{`
97	`// @@@@@@@@`
98	`// instead of sending a passwordless request, we send a registration request`
99	`await handler.request('POST', '/api/accounts/email/register.json', {}, {`
100	`username: 'testusername',`
101	`password: 'testpassword',`
102	`loginLinkPrefix: '>>>',`
103	`});`
104	`// get verification token out of email`
105	`assert.deepEqual(handler.getconfig()`
106	`.emails.length, 1)`
107	`const token = handler.getconfig()`
108	`.emails[0][3].match(/>>>([^"]+)"/)[1];`
109	`// @@@@@@@@`
110	`// verify`
111	`await handler.request('POST', '/api/accounts/email/verify.json', {}, {`
112	`username: 'testusername',`
113	`password: token,`
114	`});`
115	`// should be logged in`
116	`assert.notDeepEqual((await handler.request('GET', '/api/accounts/current.json'))`
117	`.data, false);`
118	`// we should noe be able to log in using the password we specified`
119	`await handler.request('POST', '/api/accounts/logout.json')`
120	`await handler.request('POST', '/api/accounts/email/login.json', {}, {`
121	`username: 'testusername',`
122	`password: 'testpassword',`
123	`});`
124	`assert.notDeepEqual((await handler.request('GET', '/api/accounts/current.json'))`
125	`.data, false);`
126	`await handler.request('POST', '/api/accounts/logout.json')`
127	`// @@@@@@@@`
128	`// should also be able to recover accounts`
129	`await handler.request('POST', '/api/accounts/email/recover.json', {}, {`
130	`username: 'testusername',`
131	`});`
132	`})`
133	`});`