lfk/backend
2
0
Fork 0
Code Issues 1 Pull Requests Actions Projects Releases 40 Activity

Merge pull request 'feature/45-auth_tests' (#50) from feature/45-auth_tests into dev
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source 
Reviewed-on: #50
closes #45
This commit is contained in:
Nicolai Ort 2020-12-22 19:32:20 +00:00
commit 3ac536ef23
5 changed files with 240 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/models/entities/User.ts
View File

@ -106,7 +106,7 @@ export class User extends Principal {
* The user's profile picture. * The user's profile picture.
* We haven't decided yet if this will be a bas64 encoded image or just a link to the profile picture. * We haven't decided yet if this will be a bas64 encoded image or just a link to the profile picture.
*/ */
@Column({ nullable: true, unique: true }) @Column({ nullable: true, unique: false })
@IsString() @IsString()
@IsOptional() @IsOptional()
profilePic?: string; profilePic?: string;
@ -115,7 +115,7 @@ export class User extends Principal {
* The last time the user requested a password reset. * The last time the user requested a password reset.
* Used to prevent spamming of the password reset route. * Used to prevent spamming of the password reset route.
*/ */
@Column({ nullable: true, unique: true }) @Column({ nullable: true, unique: false })
@IsString() @IsString()
@IsOptional() @IsOptional()
resetRequestedTimestamp?: number; resetRequestedTimestamp?: number;

56
src/tests/auth/auth_login.spec.ts Normal file
View File

@ -0,0 +1,56 @@
import axios from 'axios';
import { config } from '../../config';
const base = "http://localhost:" + config.internal_port
let axios_config;
beforeAll(async () => {
axios_config = {
validateStatus: undefined
};
});
describe('POST /api/auth/login valid', () => {
it('valid login should return 200', async () => {
const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" }, axios_config);
expect(res.status).toEqual(200);
expect(res.headers['content-type']).toContain("application/json")
});
});
// ---------------
describe('POST /api/auth/login invalid body', () => {
it('Loging without a body should return 400', async () => {
const res = await axios.post(base + '/api/auth/login', null, axios_config);
expect(res.status).toEqual(400);
});
it('Loging without a password should return 400', async () => {
const res = await axios.post(base + '/api/auth/login', { username: "demo" }, axios_config);
expect(res.status).toEqual(400);
});
it('Loging with invalid mail format should return 400', async () => {
const res = await axios.post(base + '/api/auth/login', { email: "demo", password: "demo" }, axios_config);
expect(res.status).toEqual(400);
});
it('Loging without a username/mail should return 404', async () => {
const res = await axios.post(base + '/api/auth/login', { password: "demo" }, axios_config);
expect(res.status).toEqual(404);
});
});
// ---------------
describe('POST /api/auth/login nonexistant user', () => {
it('login with nonexistant username should return 404', async () => {
const res = await axios.post(base + '/api/auth/login', { username: "-1", password: "demo" }, axios_config);
expect(res.status).toEqual(404);
});
it('login with nonexistant mail should return 404', async () => {
const res = await axios.post(base + '/api/auth/login', { email: "test@example.com", password: "demo" }, axios_config);
expect(res.status).toEqual(404);
});
});
// ---------------
describe('POST /api/auth/login wrong password', () => {
it('login with wrong password should return 401', async () => {
const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "totallynotthecorrectpassword" }, axios_config);
expect(res.status).toEqual(401);
});
});

58
src/tests/auth/auth_logout.spec.ts Normal file
View File

@ -0,0 +1,58 @@
import axios from 'axios';
import { config } from '../../config';
const base = "http://localhost:" + config.internal_port
const axios_config = {
validateStatus: undefined
};;
beforeAll(async () => {
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
await axios.post(base + '/api/users', {
"firstname": "demo_logout",
"middlename": "demo_logout",
"lastname": "demo_logout",
"username": "demo_logout",
"password": "demo_logout"
}, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined
});
});
describe('POST /api/auth/logout valid', () => {
let refresh_coookie;
it('valid logout with token in cookie should return 200', async () => {
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
refresh_coookie = res_login.headers["set-cookie"];
const res = await axios.post(base + '/api/auth/logout', null, {
headers: { "Cookie": refresh_coookie },
validateStatus: undefined
});
expect(res.status).toEqual(200);
});
it('valid logout with token in body should return 200', async () => {
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
const res = await axios.post(base + '/api/auth/logout', { token: res_login.data["refresh_token"] }, axios_config);
expect(res.status).toEqual(200);
});
it('getting users after valid logout should return 401', async () => {
const res = await axios.get(base + '/api/users', {
headers: { "Cookie": refresh_coookie },
validateStatus: undefined
});
expect(res.status).toEqual(401);
});
});
// ---------------
describe('POST /api/auth/logout ivalid', () => {
it('invalid logout without token should return 406', async () => {
const res = await axios.post(base + '/api/auth/logout', null, axios_config);
expect(res.status).toEqual(406);
});
it('invalid logout with invalid token in body should return 401', async () => {
const res = await axios.post(base + '/api/auth/logout', { token: "1" }, axios_config);
expect(res.status).toEqual(401);
});
});

49
src/tests/auth/auth_refresh.spec.ts Normal file
View File

@ -0,0 +1,49 @@
import axios from 'axios';
import { config } from '../../config';
const base = "http://localhost:" + config.internal_port
const axios_config = {
validateStatus: undefined
};;
beforeAll(async () => {
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
await axios.post(base + '/api/users', {
"firstname": "demo_refresh",
"middlename": "demo_refresh",
"lastname": "demo_refresh",
"username": "demo_refresh",
"password": "demo_refresh"
}, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined
});
});
describe('POST /api/auth/refresh valid', () => {
it('valid refresh with token in cookie should return 200', async () => {
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
const res = await axios.post(base + '/api/auth/refresh', null, {
headers: { "Cookie": res_login.headers["set-cookie"] },
validateStatus: undefined
});
expect(res.status).toEqual(200);
});
it('valid refresh with token in body should return 200', async () => {
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
const res = await axios.post(base + '/api/auth/refresh', { token: res_login.data["refresh_token"] }, axios_config);
expect(res.status).toEqual(200);
});
});
// ---------------
describe('POST /api/auth/refresh ivalid', () => {
it('invalid refresh without token should return 406', async () => {
const res = await axios.post(base + '/api/auth/refresh', null, axios_config);
expect(res.status).toEqual(406);
});
it('invalid refresh with invalid token in body should return 401', async () => {
const res = await axios.post(base + '/api/auth/refresh', { token: "1" }, axios_config);
expect(res.status).toEqual(401);
});
});

75
src/tests/auth/auth_reset.spec.ts Normal file
View File

@ -0,0 +1,75 @@
import axios from 'axios';
import { config } from '../../config';
const base = "http://localhost:" + config.internal_port
const axios_config = {
validateStatus: undefined
};;
beforeAll(async () => {
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
await axios.post(base + '/api/users', {
"firstname": "demo_reset",
"middlename": "demo_reset",
"lastname": "demo_reset",
"username": "demo_reset",
"password": "demo_reset"
}, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined
});
await axios.post(base + '/api/users', {
"firstname": "demo_reset2",
"middlename": "demo_reset2",
"lastname": "demo_reset2",
"username": "demo_reset2",
"password": "demo_reset2"
}, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined
});
});
describe('POST /api/auth/reset valid', () => {
let reset_token;
it('valid reset token request should return 200', async () => {
const res1 = await axios.post(base + '/api/auth/reset', { username: "demo_reset" });
reset_token = res1.data.resetToken;
expect(res1.status).toEqual(200);
});
it('valid password reset should return 200', async () => {
const res2 = await axios.post(base + '/api/auth/reset/' + reset_token, { password: "demo" }, axios_config);
expect(res2.status).toEqual(200);
});
it('valid login after reset should return 200', async () => {
const res = await axios.post(base + '/api/auth/login', { username: "demo_reset", password: "demo" });
expect(res.status).toEqual(200);
});
});
// ---------------
describe('POST /api/auth/reset invalid requests', () => {
it('request another password reset before the timeout should return 406', async () => {
const res1 = await axios.post(base + '/api/auth/reset', { username: "demo_reset2" }, axios_config);
const res2 = await axios.post(base + '/api/auth/reset', { username: "demo_reset2" }, axios_config);
expect(res2.status).toEqual(406);
});
});
// ---------------
describe('POST /api/auth/reset invalid token', () => {
it('providing a invalid reset token should return 401', async () => {
const res2 = await axios.post(base + '/api/auth/reset/' + "123123", { password: "demo" }, axios_config);
expect(res2.status).toEqual(401);
});
it('providing no reset token should return 404', async () => {
const res2 = await axios.post(base + '/api/auth/reset/' + "", { password: "demo" }, axios_config);
expect(res2.status).toEqual(404);
});
});
// ---------------
describe('POST /api/auth/reset invalid body', () => {
it('providing no password should return 400', async () => {
const res2 = await axios.post(base + '/api/auth/reset/' + "123123", null, axios_config);
expect(res2.status).toEqual(400);
});
});