diff --git a/package.json b/package.json
index f9474bb..6485066 100644
--- a/package.json
+++ b/package.json
@@ -26,6 +26,7 @@
"argon2": "^0.27.1",
"axios": "^0.21.1",
"body-parser": "^1.19.0",
+ "check-password-strength": "^2.0.2",
"class-transformer": "0.3.1",
"class-validator": "^0.13.1",
"consola": "^2.15.0",
@@ -102,4 +103,4 @@
"docs/*"
]
}
-}
+}
\ No newline at end of file
diff --git a/src/controllers/MeController.ts b/src/controllers/MeController.ts
index 6680e8e..f5b622c 100644
--- a/src/controllers/MeController.ts
+++ b/src/controllers/MeController.ts
@@ -1,7 +1,7 @@
import { Body, CurrentUser, Delete, Get, JsonController, OnUndefined, Put, QueryParam } from 'routing-controllers';
import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
import { getConnectionManager, Repository } from 'typeorm';
-import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
import { UpdateUser } from '../models/actions/update/UpdateUser';
import { User } from '../models/entities/User';
import { ResponseUser } from '../models/responses/ResponseUser';
@@ -48,6 +48,10 @@ export class MeController {
@ResponseSchema(UserNotFoundError, { statusCode: 404 })
@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+ @ResponseSchema(PasswordTooShortError, { statusCode: 406 })
@OpenAPI({ description: "Update the yourself.
You can't edit your own permissions or group memberships here - Please use the /api/users/:id enpoint instead.
Please remember that ids can't be changed." })
async put(@CurrentUser() currentUser: User, @Body({ validate: true }) updateUser: UpdateUser) {
let oldUser = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['groups'] });
diff --git a/src/controllers/UserController.ts b/src/controllers/UserController.ts
index 0c5f0cb..cdc1fc9 100644
--- a/src/controllers/UserController.ts
+++ b/src/controllers/UserController.ts
@@ -1,7 +1,7 @@
import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
import { getConnectionManager, Repository } from 'typeorm';
-import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
import { UserGroupNotFoundError } from '../errors/UserGroupErrors';
import { CreateUser } from '../models/actions/create/CreateUser';
import { UpdateUser } from '../models/actions/update/UpdateUser';
@@ -66,6 +66,10 @@ export class UserController {
@ResponseSchema(ResponseUser)
@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+ @ResponseSchema(PasswordTooShortError, { statusCode: 406 })
@OpenAPI({ description: 'Create a new user.
If you want to grant permissions to the user you have to create them seperately by posting to /api/permissions after creating the user.' })
async post(@Body({ validate: true }) createUser: CreateUser) {
let user;
@@ -85,6 +89,10 @@ export class UserController {
@ResponseSchema(UserNotFoundError, { statusCode: 404 })
@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+ @ResponseSchema(PasswordTooShortError, { statusCode: 406 })
@OpenAPI({ description: "Update the user whose id you provided.
To change the permissions directly granted to the user please use /api/permissions instead.
Please remember that ids can't be changed." })
async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) {
let oldUser = await this.userRepository.findOne({ id: id });
diff --git a/src/errors/UserErrors.ts b/src/errors/UserErrors.ts
index ced02ed..4254903 100644
--- a/src/errors/UserErrors.ts
+++ b/src/errors/UserErrors.ts
@@ -71,4 +71,33 @@ export class UserDeletionNotConfirmedError extends NotAcceptableError {
@IsString()
message = "You are trying to delete a user! \n If you're sure about doing this: provide the ?force=true query param."
+}
+
+export class PasswordMustContainUppercaseLetterError extends NotAcceptableError {
+ @IsString()
+ name = "PasswordMustContainUppercaseLetterError"
+
+ @IsString()
+ message = "Passwords must contain at least one uppercase letter."
+}
+export class PasswordMustContainLowercaseLetterError extends NotAcceptableError {
+ @IsString()
+ name = "PasswordMustContainLowercaseLetterError"
+
+ @IsString()
+ message = "Passwords must contain at least one lowercase letter."
+}
+export class PasswordMustContainNumberError extends NotAcceptableError {
+ @IsString()
+ name = "PasswordMustContainNumberError"
+
+ @IsString()
+ message = "Passwords must contain at least one number."
+}
+export class PasswordTooShortError extends NotAcceptableError {
+ @IsString()
+ name = "PasswordTooShortError"
+
+ @IsString()
+ message = "Passwords must be at least ten characters long."
}
\ No newline at end of file
diff --git a/src/models/actions/create/CreateUser.ts b/src/models/actions/create/CreateUser.ts
index 06c2507..a29fb62 100644
--- a/src/models/actions/create/CreateUser.ts
+++ b/src/models/actions/create/CreateUser.ts
@@ -1,9 +1,10 @@
import * as argon2 from "argon2";
+import { passwordStrength } from "check-password-strength";
import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
import { getConnectionManager } from 'typeorm';
import * as uuid from 'uuid';
import { config } from '../../../config';
-import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
import { User } from '../../entities/User';
import { UserGroup } from '../../entities/UserGroup';
@@ -94,7 +95,13 @@ export class CreateUser {
if (!this.email) {
throw new UserEmailNeededError();
}
- if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
+ if (this.username?.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
+
+ let password_strength = passwordStrength(this.password);
+ if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
+ if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
+ if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
+ if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
newUser.email = this.email
newUser.username = this.username
diff --git a/src/models/actions/update/UpdateUser.ts b/src/models/actions/update/UpdateUser.ts
index f130672..e5685eb 100644
--- a/src/models/actions/update/UpdateUser.ts
+++ b/src/models/actions/update/UpdateUser.ts
@@ -1,12 +1,14 @@
import * as argon2 from "argon2";
+import { passwordStrength } from "check-password-strength";
import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
import { getConnectionManager } from 'typeorm';
import { config } from '../../../config';
-import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
import { User } from '../../entities/User';
import { UserGroup } from '../../entities/UserGroup';
+
/**
* This class is used to update a User entity (via put request).
*/
@@ -104,6 +106,11 @@ export class UpdateUser {
if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
if (this.password) {
+ let password_strength = passwordStrength(this.password);
+ if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
+ if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
+ if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
+ if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
user.password = await argon2.hash(this.password + user.uuid);
user.refreshTokenCount = user.refreshTokenCount + 1;
}
diff --git a/src/seeds/SeedUsers.ts b/src/seeds/SeedUsers.ts
index 26fc233..219ac63 100644
--- a/src/seeds/SeedUsers.ts
+++ b/src/seeds/SeedUsers.ts
@@ -1,14 +1,14 @@
+import * as argon2 from "argon2";
import { Connection } from 'typeorm';
import { Factory, Seeder } from 'typeorm-seeding';
+import * as uuid from 'uuid';
import { CreatePermission } from '../models/actions/create/CreatePermission';
-import { CreateUser } from '../models/actions/create/CreateUser';
import { CreateUserGroup } from '../models/actions/create/CreateUserGroup';
import { Permission } from '../models/entities/Permission';
import { User } from '../models/entities/User';
import { UserGroup } from '../models/entities/UserGroup';
import { PermissionAction } from '../models/enums/PermissionAction';
import { PermissionTarget } from '../models/enums/PermissionTargets';
-
/**
* Seeds a admin group with a demo user into the database for initial setup and auto recovery.
* We know that the nameing isn't perfectly fitting. Feel free to change it.
@@ -16,7 +16,7 @@ import { PermissionTarget } from '../models/enums/PermissionTargets';
export default class SeedUsers implements Seeder {
public async run(factory: Factory, connection: Connection): Promise {
let adminGroup: UserGroup = await this.createAdminGroup(connection);
- await this.createUser(connection, adminGroup.id);
+ await this.createUser(connection, adminGroup);
await this.createPermissions(connection, adminGroup.id);
}
@@ -27,15 +27,16 @@ export default class SeedUsers implements Seeder {
return await connection.getRepository(UserGroup).save(await adminGroup.toEntity());
}
- public async createUser(connection: Connection, group: number) {
- let initialUser = new CreateUser();
+ public async createUser(connection: Connection, group: UserGroup) {
+ let initialUser = new User();
initialUser.firstname = "demo";
initialUser.lastname = "demo";
initialUser.username = "demo";
- initialUser.password = "demo";
+ initialUser.uuid = uuid.v4();
+ initialUser.password = await argon2.hash("demo" + initialUser.uuid);
initialUser.email = "demo@dev.lauf-fuer-kaya.de"
- initialUser.groups = group;
- return await connection.getRepository(User).save(await initialUser.toEntity());
+ initialUser.groups = [group];
+ return await connection.getRepository(User).save(initialUser);
}
public async createPermissions(connection: Connection, principal: number) {
diff --git a/src/tests/auth/auth_logout.spec.ts b/src/tests/auth/auth_logout.spec.ts
index 0431061..5077cdd 100644
--- a/src/tests/auth/auth_logout.spec.ts
+++ b/src/tests/auth/auth_logout.spec.ts
@@ -11,12 +11,12 @@ beforeAll(async () => {
jest.setTimeout(20000);
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
await axios.post(base + '/api/users', {
- "firstname": "demo_logout",
- "middlename": "demo_logout",
- "lastname": "demo_logout",
- "username": "demo_logout",
- "password": "demo_logout",
- "email": "demo_logout@dev.lauf-fuer-kaya.de"
+ "firstname": "demo_logoutASD123",
+ "middlename": "demo_logoutASD123",
+ "lastname": "demo_logoutASD123",
+ "username": "demo_logoutASD123",
+ "password": "demo_logoutASD123",
+ "email": "demo_logoutASD123@dev.lauf-fuer-kaya.de"
}, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined
@@ -26,7 +26,7 @@ beforeAll(async () => {
describe('POST /api/auth/logout valid', () => {
let refresh_coookie;
it('valid logout with token in cookie should return 200', async () => {
- const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
+ const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logoutASD123", password: "demo_logoutASD123" });
refresh_coookie = res_login.headers["set-cookie"];
const res = await axios.post(base + '/api/auth/logout', null, {
headers: { "Cookie": refresh_coookie },
@@ -35,7 +35,7 @@ describe('POST /api/auth/logout valid', () => {
expect(res.status).toEqual(200);
});
it('valid logout with token in body should return 200', async () => {
- const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
+ const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logoutASD123", password: "demo_logoutASD123" });
const res = await axios.post(base + '/api/auth/logout', { token: res_login.data["refresh_token"] }, axios_config);
expect(res.status).toEqual(200);
});
diff --git a/src/tests/auth/auth_refresh.spec.ts b/src/tests/auth/auth_refresh.spec.ts
index 0c0792a..1422295 100644
--- a/src/tests/auth/auth_refresh.spec.ts
+++ b/src/tests/auth/auth_refresh.spec.ts
@@ -11,12 +11,12 @@ beforeAll(async () => {
jest.setTimeout(20000);
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
await axios.post(base + '/api/users', {
- "firstname": "demo_refresh",
- "middlename": "demo_refresh",
- "lastname": "demo_refresh",
- "username": "demo_refresh",
- "password": "demo_refresh",
- "email": "demo_refresh@dev.lauf-fuer-kaya.de"
+ "firstname": "demo_refreshASD312",
+ "middlename": "demo_refreshASD312",
+ "lastname": "demo_refreshASD312",
+ "username": "demo_refreshASD312",
+ "password": "demo_refreshASD312",
+ "email": "demo_refreshASD312@dev.lauf-fuer-kaya.de"
}, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined
@@ -25,7 +25,7 @@ beforeAll(async () => {
describe('POST /api/auth/refresh valid', () => {
it('valid refresh with token in cookie should return 200', async () => {
- const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
+ const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refreshASD312", password: "demo_refreshASD312" });
const res = await axios.post(base + '/api/auth/refresh', null, {
headers: { "Cookie": res_login.headers["set-cookie"] },
validateStatus: undefined
@@ -33,7 +33,7 @@ describe('POST /api/auth/refresh valid', () => {
expect(res.status).toEqual(200);
});
it('valid refresh with token in body should return 200', async () => {
- const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
+ const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refreshASD312", password: "demo_refreshASD312" });
const res = await axios.post(base + '/api/auth/refresh', { token: res_login.data["refresh_token"] }, axios_config);
expect(res.status).toEqual(200);
});
diff --git a/src/tests/auth/auth_reset.spec.ts b/src/tests/auth/auth_reset.spec.ts
index 02f0ee0..626ef02 100644
--- a/src/tests/auth/auth_reset.spec.ts
+++ b/src/tests/auth/auth_reset.spec.ts
@@ -11,23 +11,23 @@ beforeAll(async () => {
jest.setTimeout(20000);
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
await axios.post(base + '/api/users', {
- "firstname": "demo_reset",
- "middlename": "demo_reset",
- "lastname": "demo_reset",
- "username": "demo_reset",
- "password": "demo_reset",
- "email": "demo_reset1@dev.lauf-fuer-kaya.de"
+ "firstname": "demo_resetASD312",
+ "middlename": "demo_resetASD312",
+ "lastname": "demo_resetASD312",
+ "username": "demo_resetASD312",
+ "password": "demo_resetASD312",
+ "email": "demo_resetASD3121@dev.lauf-fuer-kaya.de"
}, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined
});
await axios.post(base + '/api/users', {
- "firstname": "demo_reset2",
- "middlename": "demo_reset2",
- "lastname": "demo_reset2",
- "username": "demo_reset2",
- "password": "demo_reset2",
- "email": "demo_reset2@dev.lauf-fuer-kaya.de"
+ "firstname": "demo_resetASD3122",
+ "middlename": "demo_resetASD3122",
+ "lastname": "demo_resetASD3122",
+ "username": "demo_resetASD3122",
+ "password": "demo_resetASD3122",
+ "email": "demo_resetASD3122@dev.lauf-fuer-kaya.de"
}, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined
@@ -37,7 +37,7 @@ beforeAll(async () => {
describe('POST /api/auth/reset valid', () => {
let reset_token;
it('valid reset token request should return 200 (500 w/o correct auth)', async () => {
- const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_reset1@dev.lauf-fuer-kaya.de" }, axios_config);
+ const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3121@dev.lauf-fuer-kaya.de" }, axios_config);
reset_token = res1.data.resetToken;
expect(res1.status).toEqual(200);
});
@@ -45,8 +45,8 @@ describe('POST /api/auth/reset valid', () => {
// ---------------
describe('POST /api/auth/reset invalid requests', () => {
it('request another password reset before the timeout should return 406', async () => {
- const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_reset2@dev.lauf-fuer-kaya.de" }, axios_config);
- const res2 = await axios.post(base + '/api/auth/reset', { email: "demo_reset2@dev.lauf-fuer-kaya.de" }, axios_config);
+ const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3122@dev.lauf-fuer-kaya.de" }, axios_config);
+ const res2 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3122@dev.lauf-fuer-kaya.de" }, axios_config);
expect(res2.status).toEqual(406);
});
});
diff --git a/src/tests/runnerOrgs/org_delete.spec.ts b/src/tests/runnerOrgs/org_delete.spec.ts
index 6f4c768..92cbfce 100644
--- a/src/tests/runnerOrgs/org_delete.spec.ts
+++ b/src/tests/runnerOrgs/org_delete.spec.ts
@@ -16,7 +16,7 @@ beforeAll(async () => {
});
// ---------------
-describe('adding + deletion (non-existant)', () => {
+describe('deletion (non-existant)', () => {
it('delete', async () => {
const res2 = await axios.delete(base + '/api/organizations/0', axios_config);
expect(res2.status).toEqual(204);
diff --git a/src/tests/users/user_delete.spec.ts b/src/tests/users/user_delete.spec.ts
new file mode 100644
index 0000000..071ceb8
--- /dev/null
+++ b/src/tests/users/user_delete.spec.ts
@@ -0,0 +1,51 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+ jest.setTimeout(20000);
+ const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+ access_token = res.data["access_token"];
+ axios_config = {
+ headers: { "authorization": "Bearer " + access_token },
+ validateStatus: undefined
+ };
+});
+
+// ---------------
+describe('adding + deletion (non-existant)', () => {
+ it('delete', async () => {
+ const res2 = await axios.delete(base + '/api/users/0?force=true', axios_config);
+ expect(res2.status).toEqual(204);
+ });
+});
+// ---------------
+describe('adding + deletion (successfull)', () => {
+ let added_user
+ it('valid user creation with minimal parameters should return 200', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "string",
+ "middlename": "string",
+ "lastname": "string",
+ "email": "demo_123_123_123asdASD@example.com",
+ "password": "demo_123_123_123asdASD",
+ "enabled": true
+ }
+ , axios_config);
+ added_user = res.data;
+ expect(res.status).toEqual(200);
+ });
+ it('delete', async () => {
+ const res2 = await axios.delete(base + '/api/users/' + added_user.id + "?force=true", axios_config);
+ expect(res2.status).toEqual(200);
+ expect(res2.headers['content-type']).toContain("application/json")
+ });
+ it('check if user really was deleted', async () => {
+ const res3 = await axios.get(base + '/api/users/' + added_user.id, axios_config);
+ expect(res3.status).toEqual(404);
+ expect(res3.headers['content-type']).toContain("application/json")
+ });
+});
\ No newline at end of file
diff --git a/src/tests/users/user_post.spec.ts b/src/tests/users/user_post.spec.ts
new file mode 100644
index 0000000..8a6f7be
--- /dev/null
+++ b/src/tests/users/user_post.spec.ts
@@ -0,0 +1,113 @@
+import axios from 'axios';
+import { config } from '../../config';
+
+const base = "http://localhost:" + config.internal_port
+
+let axios_config = {};
+
+beforeAll(async () => {
+ jest.setTimeout(20000);
+ const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+ let access_token = res.data["access_token"];
+ axios_config = {
+ headers: { "authorization": "Bearer " + access_token },
+ validateStatus: undefined
+ };
+});
+
+describe('POST /api/users valid', () => {
+ it('valid user creation with minimal parameters should return 200', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123",
+ "lastname": "demo_createASD123",
+ "password": "demo_createASD123",
+ "email": "demo_createASD123@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(200);
+ });
+ it('valid user creation with all parameters should return 200', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123_2",
+ "middlename": "demo_createASD123_2",
+ "lastname": "demo_createASD123_2",
+ "username": "demo_createASD123_2",
+ "password": "demo_createASD123_2",
+ "email": "demo_createASD123_2@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(200);
+ });
+});
+// ---------------
+describe('POST /api/users invalid -> 400', () => {
+ it('user creation w/o firstname should return 400', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "lastname": "demo_createASD123_3",
+ "password": "demo_createASD123_3",
+ "email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(400);
+ });
+ it('user creation w/o lastname should return 400', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123_3",
+ "password": "demo_createASD123_3",
+ "email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(400);
+ });
+ it('user creation w/o password should return 400', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123_3",
+ "lastname": "demo_createASD123_3",
+ "email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(400);
+ });
+ it('user creation w/o email should return 400', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123_3",
+ "lastname": "demo_createASD123_3",
+ "password": "demo_createASD123_3"
+ }, axios_config);
+ expect(res.status).toEqual(400);
+ });
+});
+// ---------------
+describe('POST /api/users invalid -> Password errors', () => {
+ it('user creation w/ invalid password -> No numbers should return 406', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123_4",
+ "lastname": "demo_createASD123_4",
+ "password": "demo_createASD",
+ "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(406);
+ });
+ it('user creation w/ invalid password -> No uppercase should return 406', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123_4",
+ "lastname": "demo_createASD123_4",
+ "password": "demo_create_4",
+ "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(406);
+ });
+ it('user creation w/ invalid password -> No lowercase should return 406', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123_4",
+ "lastname": "demo_createASD123_4",
+ "password": "DEMO123123ASD",
+ "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(406);
+ });
+ it('user creation w/ invalid password -> Too short should return 406', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123_4",
+ "lastname": "demo_createASD123_4",
+ "password": "1Aa_",
+ "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(406);
+ });
+});
\ No newline at end of file