Merge pull request 'Password security feature/99-password_checks' (#177) from feature/99-password_checks into dev
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
Reviewed-on: #177
This commit is contained in:
commit
5a3fc5b2bd
|
@ -26,6 +26,7 @@
|
|||
"argon2": "^0.27.1",
|
||||
"axios": "^0.21.1",
|
||||
"body-parser": "^1.19.0",
|
||||
"check-password-strength": "^2.0.2",
|
||||
"class-transformer": "0.3.1",
|
||||
"class-validator": "^0.13.1",
|
||||
"consola": "^2.15.0",
|
||||
|
@ -102,4 +103,4 @@
|
|||
"docs/*"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
import { Body, CurrentUser, Delete, Get, JsonController, OnUndefined, Put, QueryParam } from 'routing-controllers';
|
||||
import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
|
||||
import { getConnectionManager, Repository } from 'typeorm';
|
||||
import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
|
||||
import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
|
||||
import { UpdateUser } from '../models/actions/update/UpdateUser';
|
||||
import { User } from '../models/entities/User';
|
||||
import { ResponseUser } from '../models/responses/ResponseUser';
|
||||
|
@ -48,6 +48,10 @@ export class MeController {
|
|||
@ResponseSchema(UserNotFoundError, { statusCode: 404 })
|
||||
@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
|
||||
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
|
||||
@OpenAPI({ description: "Update the yourself. <br> You can't edit your own permissions or group memberships here - Please use the /api/users/:id enpoint instead. <br> Please remember that ids can't be changed." })
|
||||
async put(@CurrentUser() currentUser: User, @Body({ validate: true }) updateUser: UpdateUser) {
|
||||
let oldUser = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['groups'] });
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
|
||||
import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
|
||||
import { getConnectionManager, Repository } from 'typeorm';
|
||||
import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
|
||||
import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
|
||||
import { UserGroupNotFoundError } from '../errors/UserGroupErrors';
|
||||
import { CreateUser } from '../models/actions/create/CreateUser';
|
||||
import { UpdateUser } from '../models/actions/update/UpdateUser';
|
||||
|
@ -66,6 +66,10 @@ export class UserController {
|
|||
@ResponseSchema(ResponseUser)
|
||||
@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
|
||||
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
|
||||
@OpenAPI({ description: 'Create a new user. <br> If you want to grant permissions to the user you have to create them seperately by posting to /api/permissions after creating the user.' })
|
||||
async post(@Body({ validate: true }) createUser: CreateUser) {
|
||||
let user;
|
||||
|
@ -85,6 +89,10 @@ export class UserController {
|
|||
@ResponseSchema(UserNotFoundError, { statusCode: 404 })
|
||||
@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
|
||||
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
|
||||
@OpenAPI({ description: "Update the user whose id you provided. <br> To change the permissions directly granted to the user please use /api/permissions instead. <br> Please remember that ids can't be changed." })
|
||||
async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) {
|
||||
let oldUser = await this.userRepository.findOne({ id: id });
|
||||
|
|
|
@ -71,4 +71,33 @@ export class UserDeletionNotConfirmedError extends NotAcceptableError {
|
|||
|
||||
@IsString()
|
||||
message = "You are trying to delete a user! \n If you're sure about doing this: provide the ?force=true query param."
|
||||
}
|
||||
|
||||
export class PasswordMustContainUppercaseLetterError extends NotAcceptableError {
|
||||
@IsString()
|
||||
name = "PasswordMustContainUppercaseLetterError"
|
||||
|
||||
@IsString()
|
||||
message = "Passwords must contain at least one uppercase letter."
|
||||
}
|
||||
export class PasswordMustContainLowercaseLetterError extends NotAcceptableError {
|
||||
@IsString()
|
||||
name = "PasswordMustContainLowercaseLetterError"
|
||||
|
||||
@IsString()
|
||||
message = "Passwords must contain at least one lowercase letter."
|
||||
}
|
||||
export class PasswordMustContainNumberError extends NotAcceptableError {
|
||||
@IsString()
|
||||
name = "PasswordMustContainNumberError"
|
||||
|
||||
@IsString()
|
||||
message = "Passwords must contain at least one number."
|
||||
}
|
||||
export class PasswordTooShortError extends NotAcceptableError {
|
||||
@IsString()
|
||||
name = "PasswordTooShortError"
|
||||
|
||||
@IsString()
|
||||
message = "Passwords must be at least ten characters long."
|
||||
}
|
|
@ -1,9 +1,10 @@
|
|||
import * as argon2 from "argon2";
|
||||
import { passwordStrength } from "check-password-strength";
|
||||
import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
|
||||
import { getConnectionManager } from 'typeorm';
|
||||
import * as uuid from 'uuid';
|
||||
import { config } from '../../../config';
|
||||
import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
|
||||
import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
|
||||
import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
|
||||
import { User } from '../../entities/User';
|
||||
import { UserGroup } from '../../entities/UserGroup';
|
||||
|
@ -94,7 +95,13 @@ export class CreateUser {
|
|||
if (!this.email) {
|
||||
throw new UserEmailNeededError();
|
||||
}
|
||||
if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
|
||||
if (this.username?.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
|
||||
|
||||
let password_strength = passwordStrength(this.password);
|
||||
if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
|
||||
if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
|
||||
if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
|
||||
if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
|
||||
|
||||
newUser.email = this.email
|
||||
newUser.username = this.username
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
import * as argon2 from "argon2";
|
||||
import { passwordStrength } from "check-password-strength";
|
||||
import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
|
||||
import { getConnectionManager } from 'typeorm';
|
||||
import { config } from '../../../config';
|
||||
import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
|
||||
import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
|
||||
import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
|
||||
import { User } from '../../entities/User';
|
||||
import { UserGroup } from '../../entities/UserGroup';
|
||||
|
||||
|
||||
/**
|
||||
* This class is used to update a User entity (via put request).
|
||||
*/
|
||||
|
@ -104,6 +106,11 @@ export class UpdateUser {
|
|||
if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
|
||||
|
||||
if (this.password) {
|
||||
let password_strength = passwordStrength(this.password);
|
||||
if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
|
||||
if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
|
||||
if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
|
||||
if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
|
||||
user.password = await argon2.hash(this.password + user.uuid);
|
||||
user.refreshTokenCount = user.refreshTokenCount + 1;
|
||||
}
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
import * as argon2 from "argon2";
|
||||
import { Connection } from 'typeorm';
|
||||
import { Factory, Seeder } from 'typeorm-seeding';
|
||||
import * as uuid from 'uuid';
|
||||
import { CreatePermission } from '../models/actions/create/CreatePermission';
|
||||
import { CreateUser } from '../models/actions/create/CreateUser';
|
||||
import { CreateUserGroup } from '../models/actions/create/CreateUserGroup';
|
||||
import { Permission } from '../models/entities/Permission';
|
||||
import { User } from '../models/entities/User';
|
||||
import { UserGroup } from '../models/entities/UserGroup';
|
||||
import { PermissionAction } from '../models/enums/PermissionAction';
|
||||
import { PermissionTarget } from '../models/enums/PermissionTargets';
|
||||
|
||||
/**
|
||||
* Seeds a admin group with a demo user into the database for initial setup and auto recovery.
|
||||
* We know that the nameing isn't perfectly fitting. Feel free to change it.
|
||||
|
@ -16,7 +16,7 @@ import { PermissionTarget } from '../models/enums/PermissionTargets';
|
|||
export default class SeedUsers implements Seeder {
|
||||
public async run(factory: Factory, connection: Connection): Promise<any> {
|
||||
let adminGroup: UserGroup = await this.createAdminGroup(connection);
|
||||
await this.createUser(connection, adminGroup.id);
|
||||
await this.createUser(connection, adminGroup);
|
||||
await this.createPermissions(connection, adminGroup.id);
|
||||
}
|
||||
|
||||
|
@ -27,15 +27,16 @@ export default class SeedUsers implements Seeder {
|
|||
return await connection.getRepository(UserGroup).save(await adminGroup.toEntity());
|
||||
}
|
||||
|
||||
public async createUser(connection: Connection, group: number) {
|
||||
let initialUser = new CreateUser();
|
||||
public async createUser(connection: Connection, group: UserGroup) {
|
||||
let initialUser = new User();
|
||||
initialUser.firstname = "demo";
|
||||
initialUser.lastname = "demo";
|
||||
initialUser.username = "demo";
|
||||
initialUser.password = "demo";
|
||||
initialUser.uuid = uuid.v4();
|
||||
initialUser.password = await argon2.hash("demo" + initialUser.uuid);
|
||||
initialUser.email = "demo@dev.lauf-fuer-kaya.de"
|
||||
initialUser.groups = group;
|
||||
return await connection.getRepository(User).save(await initialUser.toEntity());
|
||||
initialUser.groups = [group];
|
||||
return await connection.getRepository(User).save(initialUser);
|
||||
}
|
||||
|
||||
public async createPermissions(connection: Connection, principal: number) {
|
||||
|
|
|
@ -11,12 +11,12 @@ beforeAll(async () => {
|
|||
jest.setTimeout(20000);
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
|
||||
await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_logout",
|
||||
"middlename": "demo_logout",
|
||||
"lastname": "demo_logout",
|
||||
"username": "demo_logout",
|
||||
"password": "demo_logout",
|
||||
"email": "demo_logout@dev.lauf-fuer-kaya.de"
|
||||
"firstname": "demo_logoutASD123",
|
||||
"middlename": "demo_logoutASD123",
|
||||
"lastname": "demo_logoutASD123",
|
||||
"username": "demo_logoutASD123",
|
||||
"password": "demo_logoutASD123",
|
||||
"email": "demo_logoutASD123@dev.lauf-fuer-kaya.de"
|
||||
}, {
|
||||
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
|
||||
validateStatus: undefined
|
||||
|
@ -26,7 +26,7 @@ beforeAll(async () => {
|
|||
describe('POST /api/auth/logout valid', () => {
|
||||
let refresh_coookie;
|
||||
it('valid logout with token in cookie should return 200', async () => {
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logoutASD123", password: "demo_logoutASD123" });
|
||||
refresh_coookie = res_login.headers["set-cookie"];
|
||||
const res = await axios.post(base + '/api/auth/logout', null, {
|
||||
headers: { "Cookie": refresh_coookie },
|
||||
|
@ -35,7 +35,7 @@ describe('POST /api/auth/logout valid', () => {
|
|||
expect(res.status).toEqual(200);
|
||||
});
|
||||
it('valid logout with token in body should return 200', async () => {
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logoutASD123", password: "demo_logoutASD123" });
|
||||
const res = await axios.post(base + '/api/auth/logout', { token: res_login.data["refresh_token"] }, axios_config);
|
||||
expect(res.status).toEqual(200);
|
||||
});
|
||||
|
|
|
@ -11,12 +11,12 @@ beforeAll(async () => {
|
|||
jest.setTimeout(20000);
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
|
||||
await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_refresh",
|
||||
"middlename": "demo_refresh",
|
||||
"lastname": "demo_refresh",
|
||||
"username": "demo_refresh",
|
||||
"password": "demo_refresh",
|
||||
"email": "demo_refresh@dev.lauf-fuer-kaya.de"
|
||||
"firstname": "demo_refreshASD312",
|
||||
"middlename": "demo_refreshASD312",
|
||||
"lastname": "demo_refreshASD312",
|
||||
"username": "demo_refreshASD312",
|
||||
"password": "demo_refreshASD312",
|
||||
"email": "demo_refreshASD312@dev.lauf-fuer-kaya.de"
|
||||
}, {
|
||||
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
|
||||
validateStatus: undefined
|
||||
|
@ -25,7 +25,7 @@ beforeAll(async () => {
|
|||
|
||||
describe('POST /api/auth/refresh valid', () => {
|
||||
it('valid refresh with token in cookie should return 200', async () => {
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refreshASD312", password: "demo_refreshASD312" });
|
||||
const res = await axios.post(base + '/api/auth/refresh', null, {
|
||||
headers: { "Cookie": res_login.headers["set-cookie"] },
|
||||
validateStatus: undefined
|
||||
|
@ -33,7 +33,7 @@ describe('POST /api/auth/refresh valid', () => {
|
|||
expect(res.status).toEqual(200);
|
||||
});
|
||||
it('valid refresh with token in body should return 200', async () => {
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refreshASD312", password: "demo_refreshASD312" });
|
||||
const res = await axios.post(base + '/api/auth/refresh', { token: res_login.data["refresh_token"] }, axios_config);
|
||||
expect(res.status).toEqual(200);
|
||||
});
|
||||
|
|
|
@ -11,23 +11,23 @@ beforeAll(async () => {
|
|||
jest.setTimeout(20000);
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
|
||||
await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_reset",
|
||||
"middlename": "demo_reset",
|
||||
"lastname": "demo_reset",
|
||||
"username": "demo_reset",
|
||||
"password": "demo_reset",
|
||||
"email": "demo_reset1@dev.lauf-fuer-kaya.de"
|
||||
"firstname": "demo_resetASD312",
|
||||
"middlename": "demo_resetASD312",
|
||||
"lastname": "demo_resetASD312",
|
||||
"username": "demo_resetASD312",
|
||||
"password": "demo_resetASD312",
|
||||
"email": "demo_resetASD3121@dev.lauf-fuer-kaya.de"
|
||||
}, {
|
||||
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
|
||||
validateStatus: undefined
|
||||
});
|
||||
await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_reset2",
|
||||
"middlename": "demo_reset2",
|
||||
"lastname": "demo_reset2",
|
||||
"username": "demo_reset2",
|
||||
"password": "demo_reset2",
|
||||
"email": "demo_reset2@dev.lauf-fuer-kaya.de"
|
||||
"firstname": "demo_resetASD3122",
|
||||
"middlename": "demo_resetASD3122",
|
||||
"lastname": "demo_resetASD3122",
|
||||
"username": "demo_resetASD3122",
|
||||
"password": "demo_resetASD3122",
|
||||
"email": "demo_resetASD3122@dev.lauf-fuer-kaya.de"
|
||||
}, {
|
||||
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
|
||||
validateStatus: undefined
|
||||
|
@ -37,7 +37,7 @@ beforeAll(async () => {
|
|||
describe('POST /api/auth/reset valid', () => {
|
||||
let reset_token;
|
||||
it('valid reset token request should return 200 (500 w/o correct auth)', async () => {
|
||||
const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_reset1@dev.lauf-fuer-kaya.de" }, axios_config);
|
||||
const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3121@dev.lauf-fuer-kaya.de" }, axios_config);
|
||||
reset_token = res1.data.resetToken;
|
||||
expect(res1.status).toEqual(200);
|
||||
});
|
||||
|
@ -45,8 +45,8 @@ describe('POST /api/auth/reset valid', () => {
|
|||
// ---------------
|
||||
describe('POST /api/auth/reset invalid requests', () => {
|
||||
it('request another password reset before the timeout should return 406', async () => {
|
||||
const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_reset2@dev.lauf-fuer-kaya.de" }, axios_config);
|
||||
const res2 = await axios.post(base + '/api/auth/reset', { email: "demo_reset2@dev.lauf-fuer-kaya.de" }, axios_config);
|
||||
const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3122@dev.lauf-fuer-kaya.de" }, axios_config);
|
||||
const res2 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3122@dev.lauf-fuer-kaya.de" }, axios_config);
|
||||
expect(res2.status).toEqual(406);
|
||||
});
|
||||
});
|
||||
|
|
|
@ -16,7 +16,7 @@ beforeAll(async () => {
|
|||
});
|
||||
|
||||
// ---------------
|
||||
describe('adding + deletion (non-existant)', () => {
|
||||
describe('deletion (non-existant)', () => {
|
||||
it('delete', async () => {
|
||||
const res2 = await axios.delete(base + '/api/organizations/0', axios_config);
|
||||
expect(res2.status).toEqual(204);
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
import axios from 'axios';
|
||||
import { config } from '../../config';
|
||||
const base = "http://localhost:" + config.internal_port
|
||||
|
||||
let access_token;
|
||||
let axios_config;
|
||||
|
||||
beforeAll(async () => {
|
||||
jest.setTimeout(20000);
|
||||
const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
|
||||
access_token = res.data["access_token"];
|
||||
axios_config = {
|
||||
headers: { "authorization": "Bearer " + access_token },
|
||||
validateStatus: undefined
|
||||
};
|
||||
});
|
||||
|
||||
// ---------------
|
||||
describe('adding + deletion (non-existant)', () => {
|
||||
it('delete', async () => {
|
||||
const res2 = await axios.delete(base + '/api/users/0?force=true', axios_config);
|
||||
expect(res2.status).toEqual(204);
|
||||
});
|
||||
});
|
||||
// ---------------
|
||||
describe('adding + deletion (successfull)', () => {
|
||||
let added_user
|
||||
it('valid user creation with minimal parameters should return 200', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "string",
|
||||
"middlename": "string",
|
||||
"lastname": "string",
|
||||
"email": "demo_123_123_123asdASD@example.com",
|
||||
"password": "demo_123_123_123asdASD",
|
||||
"enabled": true
|
||||
}
|
||||
, axios_config);
|
||||
added_user = res.data;
|
||||
expect(res.status).toEqual(200);
|
||||
});
|
||||
it('delete', async () => {
|
||||
const res2 = await axios.delete(base + '/api/users/' + added_user.id + "?force=true", axios_config);
|
||||
expect(res2.status).toEqual(200);
|
||||
expect(res2.headers['content-type']).toContain("application/json")
|
||||
});
|
||||
it('check if user really was deleted', async () => {
|
||||
const res3 = await axios.get(base + '/api/users/' + added_user.id, axios_config);
|
||||
expect(res3.status).toEqual(404);
|
||||
expect(res3.headers['content-type']).toContain("application/json")
|
||||
});
|
||||
});
|
|
@ -0,0 +1,113 @@
|
|||
import axios from 'axios';
|
||||
import { config } from '../../config';
|
||||
|
||||
const base = "http://localhost:" + config.internal_port
|
||||
|
||||
let axios_config = {};
|
||||
|
||||
beforeAll(async () => {
|
||||
jest.setTimeout(20000);
|
||||
const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
|
||||
let access_token = res.data["access_token"];
|
||||
axios_config = {
|
||||
headers: { "authorization": "Bearer " + access_token },
|
||||
validateStatus: undefined
|
||||
};
|
||||
});
|
||||
|
||||
describe('POST /api/users valid', () => {
|
||||
it('valid user creation with minimal parameters should return 200', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123",
|
||||
"lastname": "demo_createASD123",
|
||||
"password": "demo_createASD123",
|
||||
"email": "demo_createASD123@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(200);
|
||||
});
|
||||
it('valid user creation with all parameters should return 200', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123_2",
|
||||
"middlename": "demo_createASD123_2",
|
||||
"lastname": "demo_createASD123_2",
|
||||
"username": "demo_createASD123_2",
|
||||
"password": "demo_createASD123_2",
|
||||
"email": "demo_createASD123_2@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(200);
|
||||
});
|
||||
});
|
||||
// ---------------
|
||||
describe('POST /api/users invalid -> 400', () => {
|
||||
it('user creation w/o firstname should return 400', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"lastname": "demo_createASD123_3",
|
||||
"password": "demo_createASD123_3",
|
||||
"email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(400);
|
||||
});
|
||||
it('user creation w/o lastname should return 400', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123_3",
|
||||
"password": "demo_createASD123_3",
|
||||
"email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(400);
|
||||
});
|
||||
it('user creation w/o password should return 400', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123_3",
|
||||
"lastname": "demo_createASD123_3",
|
||||
"email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(400);
|
||||
});
|
||||
it('user creation w/o email should return 400', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123_3",
|
||||
"lastname": "demo_createASD123_3",
|
||||
"password": "demo_createASD123_3"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(400);
|
||||
});
|
||||
});
|
||||
// ---------------
|
||||
describe('POST /api/users invalid -> Password errors', () => {
|
||||
it('user creation w/ invalid password -> No numbers should return 406', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123_4",
|
||||
"lastname": "demo_createASD123_4",
|
||||
"password": "demo_createASD",
|
||||
"email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(406);
|
||||
});
|
||||
it('user creation w/ invalid password -> No uppercase should return 406', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123_4",
|
||||
"lastname": "demo_createASD123_4",
|
||||
"password": "demo_create_4",
|
||||
"email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(406);
|
||||
});
|
||||
it('user creation w/ invalid password -> No lowercase should return 406', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123_4",
|
||||
"lastname": "demo_createASD123_4",
|
||||
"password": "DEMO123123ASD",
|
||||
"email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(406);
|
||||
});
|
||||
it('user creation w/ invalid password -> Too short should return 406', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123_4",
|
||||
"lastname": "demo_createASD123_4",
|
||||
"password": "1Aa_",
|
||||
"email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(406);
|
||||
});
|
||||
});
|
Loading…
Reference in New Issue