lfk
/
backend
2
0
Fork 0
Code Issues 1 Pull Requests Projects Releases 40 Wiki Activity

Merge pull request 'Password security feature/99-password_checks' (#177) from feature/99-password_checks into dev
continuous-integration/drone/push Build is passing Details 

Reviewed-on: #177
This commit is contained in:
Nicolai Ort 2021-03-26 20:29:35 +00:00
parent 03d76e6d0b 070560e863
commit 5a3fc5b2bd
13 changed files with 267 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
package.json
View File

@ -26,6 +26,7 @@
"argon2": "^0.27.1",
"axios": "^0.21.1",
"body-parser": "^1.19.0",
"check-password-strength": "^2.0.2",
"class-transformer": "0.3.1",
"class-validator": "^0.13.1",
"consola": "^2.15.0",
@ -102,4 +103,4 @@
"docs/*"
]
}
}
}

6
src/controllers/MeController.ts
View File

@ -1,7 +1,7 @@
import { Body, CurrentUser, Delete, Get, JsonController, OnUndefined, Put, QueryParam } from 'routing-controllers';
import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
import { getConnectionManager, Repository } from 'typeorm';
import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
import { UpdateUser } from '../models/actions/update/UpdateUser';
import { User } from '../models/entities/User';
import { ResponseUser } from '../models/responses/ResponseUser';
@ -48,6 +48,10 @@ export class MeController {
@ResponseSchema(UserNotFoundError, { statusCode: 404 })
@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
@OpenAPI({ description: "Update the yourself. <br> You can't edit your own permissions or group memberships here - Please use the /api/users/:id enpoint instead. <br> Please remember that ids can't be changed." })
async put(@CurrentUser() currentUser: User, @Body({ validate: true }) updateUser: UpdateUser) {
let oldUser = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['groups'] });

10
src/controllers/UserController.ts
View File

@ -1,7 +1,7 @@
import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
import { getConnectionManager, Repository } from 'typeorm';
import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
import { UserGroupNotFoundError } from '../errors/UserGroupErrors';
import { CreateUser } from '../models/actions/create/CreateUser';
import { UpdateUser } from '../models/actions/update/UpdateUser';
@ -66,6 +66,10 @@ export class UserController {
@ResponseSchema(ResponseUser)
@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
@OpenAPI({ description: 'Create a new user. <br> If you want to grant permissions to the user you have to create them seperately by posting to /api/permissions after creating the user.' })
async post(@Body({ validate: true }) createUser: CreateUser) {
let user;
@ -85,6 +89,10 @@ export class UserController {
@ResponseSchema(UserNotFoundError, { statusCode: 404 })
@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
@OpenAPI({ description: "Update the user whose id you provided. <br> To change the permissions directly granted to the user please use /api/permissions instead. <br> Please remember that ids can't be changed." })
async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) {
let oldUser = await this.userRepository.findOne({ id: id });

29
src/errors/UserErrors.ts
View File

@ -71,4 +71,33 @@ export class UserDeletionNotConfirmedError extends NotAcceptableError {
@IsString()
message = "You are trying to delete a user! \n If you're sure about doing this: provide the ?force=true query param."
}
export class PasswordMustContainUppercaseLetterError extends NotAcceptableError {
@IsString()
name = "PasswordMustContainUppercaseLetterError"
@IsString()
message = "Passwords must contain at least one uppercase letter."
}
export class PasswordMustContainLowercaseLetterError extends NotAcceptableError {
@IsString()
name = "PasswordMustContainLowercaseLetterError"
@IsString()
message = "Passwords must contain at least one lowercase letter."
}
export class PasswordMustContainNumberError extends NotAcceptableError {
@IsString()
name = "PasswordMustContainNumberError"
@IsString()
message = "Passwords must contain at least one number."
}
export class PasswordTooShortError extends NotAcceptableError {
@IsString()
name = "PasswordTooShortError"
@IsString()
message = "Passwords must be at least ten characters long."
}

11
src/models/actions/create/CreateUser.ts
View File

@ -1,9 +1,10 @@
import * as argon2 from "argon2";
import { passwordStrength } from "check-password-strength";
import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
import { getConnectionManager } from 'typeorm';
import * as uuid from 'uuid';
import { config } from '../../../config';
import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
import { User } from '../../entities/User';
import { UserGroup } from '../../entities/UserGroup';
@ -94,7 +95,13 @@ export class CreateUser {
if (!this.email) {
throw new UserEmailNeededError();
}
if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
if (this.username?.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
let password_strength = passwordStrength(this.password);
if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
newUser.email = this.email
newUser.username = this.username

9
src/models/actions/update/UpdateUser.ts
View File

@ -1,12 +1,14 @@
import * as argon2 from "argon2";
import { passwordStrength } from "check-password-strength";
import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
import { getConnectionManager } from 'typeorm';
import { config } from '../../../config';
import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
import { User } from '../../entities/User';
import { UserGroup } from '../../entities/UserGroup';
/**
* This class is used to update a User entity (via put request).
*/
@ -104,6 +106,11 @@ export class UpdateUser {
if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
if (this.password) {
let password_strength = passwordStrength(this.password);
if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
user.password = await argon2.hash(this.password + user.uuid);
user.refreshTokenCount = user.refreshTokenCount + 1;
}

17
src/seeds/SeedUsers.ts
View File

@ -1,14 +1,14 @@
import * as argon2 from "argon2";
import { Connection } from 'typeorm';
import { Factory, Seeder } from 'typeorm-seeding';
import * as uuid from 'uuid';
import { CreatePermission } from '../models/actions/create/CreatePermission';
import { CreateUser } from '../models/actions/create/CreateUser';
import { CreateUserGroup } from '../models/actions/create/CreateUserGroup';
import { Permission } from '../models/entities/Permission';
import { User } from '../models/entities/User';
import { UserGroup } from '../models/entities/UserGroup';
import { PermissionAction } from '../models/enums/PermissionAction';
import { PermissionTarget } from '../models/enums/PermissionTargets';
/**
* Seeds a admin group with a demo user into the database for initial setup and auto recovery.
* We know that the nameing isn't perfectly fitting. Feel free to change it.
@ -16,7 +16,7 @@ import { PermissionTarget } from '../models/enums/PermissionTargets';
export default class SeedUsers implements Seeder {
public async run(factory: Factory, connection: Connection): Promise<any> {
let adminGroup: UserGroup = await this.createAdminGroup(connection);
await this.createUser(connection, adminGroup.id);
await this.createUser(connection, adminGroup);
await this.createPermissions(connection, adminGroup.id);
}
@ -27,15 +27,16 @@ export default class SeedUsers implements Seeder {
return await connection.getRepository(UserGroup).save(await adminGroup.toEntity());
}
public async createUser(connection: Connection, group: number) {
let initialUser = new CreateUser();
public async createUser(connection: Connection, group: UserGroup) {
let initialUser = new User();
initialUser.firstname = "demo";
initialUser.lastname = "demo";
initialUser.username = "demo";
initialUser.password = "demo";
initialUser.uuid = uuid.v4();
initialUser.password = await argon2.hash("demo" + initialUser.uuid);
initialUser.email = "demo@dev.lauf-fuer-kaya.de"
initialUser.groups = group;
return await connection.getRepository(User).save(await initialUser.toEntity());
initialUser.groups = [group];
return await connection.getRepository(User).save(initialUser);
}
public async createPermissions(connection: Connection, principal: number) {

16
src/tests/auth/auth_logout.spec.ts
View File

@ -11,12 +11,12 @@ beforeAll(async () => {
jest.setTimeout(20000);
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
await axios.post(base + '/api/users', {
"firstname": "demo_logout",
"middlename": "demo_logout",
"lastname": "demo_logout",
"username": "demo_logout",
"password": "demo_logout",
"email": "demo_logout@dev.lauf-fuer-kaya.de"
"firstname": "demo_logoutASD123",
"middlename": "demo_logoutASD123",
"lastname": "demo_logoutASD123",
"username": "demo_logoutASD123",
"password": "demo_logoutASD123",
"email": "demo_logoutASD123@dev.lauf-fuer-kaya.de"
}, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined
@ -26,7 +26,7 @@ beforeAll(async () => {
describe('POST /api/auth/logout valid', () => {
let refresh_coookie;
it('valid logout with token in cookie should return 200', async () => {
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logoutASD123", password: "demo_logoutASD123" });
refresh_coookie = res_login.headers["set-cookie"];
const res = await axios.post(base + '/api/auth/logout', null, {
headers: { "Cookie": refresh_coookie },
@ -35,7 +35,7 @@ describe('POST /api/auth/logout valid', () => {
expect(res.status).toEqual(200);
});
it('valid logout with token in body should return 200', async () => {
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logoutASD123", password: "demo_logoutASD123" });
const res = await axios.post(base + '/api/auth/logout', { token: res_login.data["refresh_token"] }, axios_config);
expect(res.status).toEqual(200);
});

16
src/tests/auth/auth_refresh.spec.ts
View File

@ -11,12 +11,12 @@ beforeAll(async () => {
jest.setTimeout(20000);
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
await axios.post(base + '/api/users', {
"firstname": "demo_refresh",
"middlename": "demo_refresh",
"lastname": "demo_refresh",
"username": "demo_refresh",
"password": "demo_refresh",
"email": "demo_refresh@dev.lauf-fuer-kaya.de"
"firstname": "demo_refreshASD312",
"middlename": "demo_refreshASD312",
"lastname": "demo_refreshASD312",
"username": "demo_refreshASD312",
"password": "demo_refreshASD312",
"email": "demo_refreshASD312@dev.lauf-fuer-kaya.de"
}, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined
@ -25,7 +25,7 @@ beforeAll(async () => {
describe('POST /api/auth/refresh valid', () => {
it('valid refresh with token in cookie should return 200', async () => {
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refreshASD312", password: "demo_refreshASD312" });
const res = await axios.post(base + '/api/auth/refresh', null, {
headers: { "Cookie": res_login.headers["set-cookie"] },
validateStatus: undefined
@ -33,7 +33,7 @@ describe('POST /api/auth/refresh valid', () => {
expect(res.status).toEqual(200);
});
it('valid refresh with token in body should return 200', async () => {
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refreshASD312", password: "demo_refreshASD312" });
const res = await axios.post(base + '/api/auth/refresh', { token: res_login.data["refresh_token"] }, axios_config);
expect(res.status).toEqual(200);
});

30
src/tests/auth/auth_reset.spec.ts
View File

@ -11,23 +11,23 @@ beforeAll(async () => {
jest.setTimeout(20000);
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
await axios.post(base + '/api/users', {
"firstname": "demo_reset",
"middlename": "demo_reset",
"lastname": "demo_reset",
"username": "demo_reset",
"password": "demo_reset",
"email": "demo_reset1@dev.lauf-fuer-kaya.de"
"firstname": "demo_resetASD312",
"middlename": "demo_resetASD312",
"lastname": "demo_resetASD312",
"username": "demo_resetASD312",
"password": "demo_resetASD312",
"email": "demo_resetASD3121@dev.lauf-fuer-kaya.de"
}, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined
});
await axios.post(base + '/api/users', {
"firstname": "demo_reset2",
"middlename": "demo_reset2",
"lastname": "demo_reset2",
"username": "demo_reset2",
"password": "demo_reset2",
"email": "demo_reset2@dev.lauf-fuer-kaya.de"
"firstname": "demo_resetASD3122",
"middlename": "demo_resetASD3122",
"lastname": "demo_resetASD3122",
"username": "demo_resetASD3122",
"password": "demo_resetASD3122",
"email": "demo_resetASD3122@dev.lauf-fuer-kaya.de"
}, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined
@ -37,7 +37,7 @@ beforeAll(async () => {
describe('POST /api/auth/reset valid', () => {
let reset_token;
it('valid reset token request should return 200 (500 w/o correct auth)', async () => {
const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_reset1@dev.lauf-fuer-kaya.de" }, axios_config);
const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3121@dev.lauf-fuer-kaya.de" }, axios_config);
reset_token = res1.data.resetToken;
expect(res1.status).toEqual(200);
});
@ -45,8 +45,8 @@ describe('POST /api/auth/reset valid', () => {
// ---------------
describe('POST /api/auth/reset invalid requests', () => {
it('request another password reset before the timeout should return 406', async () => {
const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_reset2@dev.lauf-fuer-kaya.de" }, axios_config);
const res2 = await axios.post(base + '/api/auth/reset', { email: "demo_reset2@dev.lauf-fuer-kaya.de" }, axios_config);
const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3122@dev.lauf-fuer-kaya.de" }, axios_config);
const res2 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3122@dev.lauf-fuer-kaya.de" }, axios_config);
expect(res2.status).toEqual(406);
});
});

2
src/tests/runnerOrgs/org_delete.spec.ts
View File

@ -16,7 +16,7 @@ beforeAll(async () => {
});
// ---------------
describe('adding + deletion (non-existant)', () => {
describe('deletion (non-existant)', () => {
it('delete', async () => {
const res2 = await axios.delete(base + '/api/organizations/0', axios_config);
expect(res2.status).toEqual(204);

51
src/tests/users/user_delete.spec.ts Normal file
View File

@ -0,0 +1,51 @@
import axios from 'axios';
import { config } from '../../config';
const base = "http://localhost:" + config.internal_port
let access_token;
let axios_config;
beforeAll(async () => {
jest.setTimeout(20000);
const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
access_token = res.data["access_token"];
axios_config = {
headers: { "authorization": "Bearer " + access_token },
validateStatus: undefined
};
});
// ---------------
describe('adding + deletion (non-existant)', () => {
it('delete', async () => {
const res2 = await axios.delete(base + '/api/users/0?force=true', axios_config);
expect(res2.status).toEqual(204);
});
});
// ---------------
describe('adding + deletion (successfull)', () => {
let added_user
it('valid user creation with minimal parameters should return 200', async () => {
const res = await axios.post(base + '/api/users', {
"firstname": "string",
"middlename": "string",
"lastname": "string",
"email": "demo_123_123_123asdASD@example.com",
"password": "demo_123_123_123asdASD",
"enabled": true
}
, axios_config);
added_user = res.data;
expect(res.status).toEqual(200);
});
it('delete', async () => {
const res2 = await axios.delete(base + '/api/users/' + added_user.id + "?force=true", axios_config);
expect(res2.status).toEqual(200);
expect(res2.headers['content-type']).toContain("application/json")
});
it('check if user really was deleted', async () => {
const res3 = await axios.get(base + '/api/users/' + added_user.id, axios_config);
expect(res3.status).toEqual(404);
expect(res3.headers['content-type']).toContain("application/json")
});
});

113
src/tests/users/user_post.spec.ts Normal file
View File

@ -0,0 +1,113 @@
import axios from 'axios';
import { config } from '../../config';
const base = "http://localhost:" + config.internal_port
let axios_config = {};
beforeAll(async () => {
jest.setTimeout(20000);
const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
let access_token = res.data["access_token"];
axios_config = {
headers: { "authorization": "Bearer " + access_token },
validateStatus: undefined
};
});
describe('POST /api/users valid', () => {
it('valid user creation with minimal parameters should return 200', async () => {
const res = await axios.post(base + '/api/users', {
"firstname": "demo_createASD123",
"lastname": "demo_createASD123",
"password": "demo_createASD123",
"email": "demo_createASD123@dev.lauf-fuer-kaya.de"
}, axios_config);
expect(res.status).toEqual(200);
});
it('valid user creation with all parameters should return 200', async () => {
const res = await axios.post(base + '/api/users', {
"firstname": "demo_createASD123_2",
"middlename": "demo_createASD123_2",
"lastname": "demo_createASD123_2",
"username": "demo_createASD123_2",
"password": "demo_createASD123_2",
"email": "demo_createASD123_2@dev.lauf-fuer-kaya.de"
}, axios_config);
expect(res.status).toEqual(200);
});
});
// ---------------
describe('POST /api/users invalid -> 400', () => {
it('user creation w/o firstname should return 400', async () => {
const res = await axios.post(base + '/api/users', {
"lastname": "demo_createASD123_3",
"password": "demo_createASD123_3",
"email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
}, axios_config);
expect(res.status).toEqual(400);
});
it('user creation w/o lastname should return 400', async () => {
const res = await axios.post(base + '/api/users', {
"firstname": "demo_createASD123_3",
"password": "demo_createASD123_3",
"email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
}, axios_config);
expect(res.status).toEqual(400);
});
it('user creation w/o password should return 400', async () => {
const res = await axios.post(base + '/api/users', {
"firstname": "demo_createASD123_3",
"lastname": "demo_createASD123_3",
"email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
}, axios_config);
expect(res.status).toEqual(400);
});
it('user creation w/o email should return 400', async () => {
const res = await axios.post(base + '/api/users', {
"firstname": "demo_createASD123_3",
"lastname": "demo_createASD123_3",
"password": "demo_createASD123_3"
}, axios_config);
expect(res.status).toEqual(400);
});
});
// ---------------
describe('POST /api/users invalid -> Password errors', () => {
it('user creation w/ invalid password -> No numbers should return 406', async () => {
const res = await axios.post(base + '/api/users', {
"firstname": "demo_createASD123_4",
"lastname": "demo_createASD123_4",
"password": "demo_createASD",
"email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
}, axios_config);
expect(res.status).toEqual(406);
});
it('user creation w/ invalid password -> No uppercase should return 406', async () => {
const res = await axios.post(base + '/api/users', {
"firstname": "demo_createASD123_4",
"lastname": "demo_createASD123_4",
"password": "demo_create_4",
"email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
}, axios_config);
expect(res.status).toEqual(406);
});
it('user creation w/ invalid password -> No lowercase should return 406', async () => {
const res = await axios.post(base + '/api/users', {
"firstname": "demo_createASD123_4",
"lastname": "demo_createASD123_4",
"password": "DEMO123123ASD",
"email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
}, axios_config);
expect(res.status).toEqual(406);
});
it('user creation w/ invalid password -> Too short should return 406', async () => {
const res = await axios.post(base + '/api/users', {
"firstname": "demo_createASD123_4",
"lastname": "demo_createASD123_4",
"password": "1Aa_",
"email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
}, axios_config);
expect(res.status).toEqual(406);
});
});