diff --git a/CHANGELOG.md b/CHANGELOG.md
index 32df7de..02bd511 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,8 +2,39 @@
All notable changes to this project will be documented in this file. Dates are displayed in UTC.
-#### [v0.7.1](https://git.odit.services/lfk/backend/compare/v0.7.1...v0.7.1)
+#### [v0.9.0](https://git.odit.services/lfk/backend/compare/v0.8.0...v0.9.0)
+- Reenabled user tests [`4c66650`](https://git.odit.services/lfk/backend/commit/4c6665062fe6717242e43b58e66c1f1d030c018d)
+- Moved to tmp files to better check for other problems [`7a64f23`](https://git.odit.services/lfk/backend/commit/7a64f2393783f97a9729356bc1dfd831927dd312)
+- Added user creation invalid tests [`888cab5`](https://git.odit.services/lfk/backend/commit/888cab5898caf9e552c421346934bf90f717a653)
+- Updated auth test to comply with the new pw requirements [`63f6526`](https://git.odit.services/lfk/backend/commit/63f6526e4f59621edbf1fad59fc569b4bd6acbf2)
+- Added user deletion tests [`e6a8ebc`](https://git.odit.services/lfk/backend/commit/e6a8ebcb5b4f430254da4afe159141b21d8da0ed)
+- Added user creation valid tests [`383a809`](https://git.odit.services/lfk/backend/commit/383a8095b8286d51fb2fb24ae2fd0156230e56ab)
+- 📖New license file version [CI SKIP] [skip ci] [`bd7b81e`](https://git.odit.services/lfk/backend/commit/bd7b81efe795c02512c87f3b5dd5eec796580144)
+- Added password errors [`24c38cc`](https://git.odit.services/lfk/backend/commit/24c38cce26da41ccf375e1ccf04afa1868aad8df)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`274a146`](https://git.odit.services/lfk/backend/commit/274a146b9bccfe5e1a879ca137ebb4f51eaa5d57)
+- Fixed test params [`070560e`](https://git.odit.services/lfk/backend/commit/070560e8632e833dd26505c02ccb2474462b63ac)
+- No longer using createuser in seeding process [`96ba25e`](https://git.odit.services/lfk/backend/commit/96ba25ec6c6c397cd2aa322afa79024395f658fe)
+- Added pw errors to user controller [`b24e24f`](https://git.odit.services/lfk/backend/commit/b24e24ff7dd75d972cdab0fd1e2fe6c532ca2b2f)
+- Now checking password rules on user creation [`5daaa3a`](https://git.odit.services/lfk/backend/commit/5daaa3a73c4eca2817d67e226679d125928a3645)
+- Now checking password rules on user update [`48a87e8`](https://git.odit.services/lfk/backend/commit/48a87e8936e13c48f4baa3f4b10f781ad2f55a44)
+- Fixed pw not getting hashed currectly; [`cb3ea9b`](https://git.odit.services/lfk/backend/commit/cb3ea9b1ebb82c650abd83d4be8629cfe29a5b21)
+- Added pw errors to me controller [`9ce35d8`](https://git.odit.services/lfk/backend/commit/9ce35d8eb78a01f40af8c70e640eca3bcb142304)
+- 🚀Bumped version to v0.8.0 [`c23b4d9`](https://git.odit.services/lfk/backend/commit/c23b4d907f20ed7af37a6de6ea4c61433e30b29b)
+- Added password checker dependency [`bd00f4f`](https://git.odit.services/lfk/backend/commit/bd00f4f8d585fb6878874810f7de0b8b9f3950d5)
+- 🚀Bumped version to v0.9.0 [`56a5f41`](https://git.odit.services/lfk/backend/commit/56a5f4168621263daeab5d2fda97b944cdc6ab31)
+- Merge pull request 'Password security feature/99-password_checks' (#177) from feature/99-password_checks into dev [`5a3fc5b`](https://git.odit.services/lfk/backend/commit/5a3fc5b2bd06b3e26177d017d3503f4f627be3f2)
+- Now forceing user deletion in tests [`8154e71`](https://git.odit.services/lfk/backend/commit/8154e715bbf18938bd5d1031656a88d39231fa81)
+- Fixed empty object getting called [`5369000`](https://git.odit.services/lfk/backend/commit/536900091afd7366128f21058490d0d4f15c6c89)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`03d76e6`](https://git.odit.services/lfk/backend/commit/03d76e6d0bc5b4655f7f441232681c9462815526)
+- Formatting [`b8c28eb`](https://git.odit.services/lfk/backend/commit/b8c28ebb0808395218b5fb9031f477ae1d48e65e)
+
+#### [v0.8.0](https://git.odit.services/lfk/backend/compare/v0.7.1...v0.8.0)
+
+> 26 March 2021
+
+- Merge pull request 'Release 0.8.0' (#176) from dev into main [`3f8e8ce`](https://git.odit.services/lfk/backend/commit/3f8e8ce3a66a943801c0c8e17885e71feeee744f)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`c9bd6de`](https://git.odit.services/lfk/backend/commit/c9bd6de4762fec04e1e02cd3b667838d05ef39a7)
- Merge pull request 'Selfservice deletion feature/174-selfservice_deletion' (#175) from feature/174-selfservice_deletion into dev [`e702118`](https://git.odit.services/lfk/backend/commit/e702118d4d80e362e41bb88c74343d50530d1338)
- Added tests for the new endpoint [`20aeed8`](https://git.odit.services/lfk/backend/commit/20aeed87780247dc6401bba725801fc1874e50b5)
- Removed param from test [`97159dd`](https://git.odit.services/lfk/backend/commit/97159dd9f81aed080c174a3eb8da9e66dfea9b10)
diff --git a/licenses.md b/licenses.md
index e809379..dd80361 100644
--- a/licenses.md
+++ b/licenses.md
@@ -115,6 +115,35 @@ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+# check-password-strength
+**Author**: deanilvincent
+**Repo**: [object Object]
+**License**: MIT
+**Description**: A NPM Password strength checker based from Javascript RegExp. Check passphrase if it's "Weak", "Medium" or "Strong"
+## License Text
+MIT License
+
+Copyright (c) 2020 Mark Deanil Vicente
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+
# class-transformer
**Author**: [object Object]
**Repo**: [object Object]
diff --git a/package.json b/package.json
index f9474bb..25a8f80 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "@odit/lfk-backend",
- "version": "0.7.1",
+ "version": "0.9.0",
"main": "src/app.ts",
"repository": "https://git.odit.services/lfk/backend",
"author": {
@@ -26,6 +26,7 @@
"argon2": "^0.27.1",
"axios": "^0.21.1",
"body-parser": "^1.19.0",
+ "check-password-strength": "^2.0.2",
"class-transformer": "0.3.1",
"class-validator": "^0.13.1",
"consola": "^2.15.0",
diff --git a/src/controllers/MeController.ts b/src/controllers/MeController.ts
index 6680e8e..f5b622c 100644
--- a/src/controllers/MeController.ts
+++ b/src/controllers/MeController.ts
@@ -1,7 +1,7 @@
import { Body, CurrentUser, Delete, Get, JsonController, OnUndefined, Put, QueryParam } from 'routing-controllers';
import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
import { getConnectionManager, Repository } from 'typeorm';
-import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
import { UpdateUser } from '../models/actions/update/UpdateUser';
import { User } from '../models/entities/User';
import { ResponseUser } from '../models/responses/ResponseUser';
@@ -48,6 +48,10 @@ export class MeController {
@ResponseSchema(UserNotFoundError, { statusCode: 404 })
@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+ @ResponseSchema(PasswordTooShortError, { statusCode: 406 })
@OpenAPI({ description: "Update the yourself.
You can't edit your own permissions or group memberships here - Please use the /api/users/:id enpoint instead.
Please remember that ids can't be changed." })
async put(@CurrentUser() currentUser: User, @Body({ validate: true }) updateUser: UpdateUser) {
let oldUser = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['groups'] });
diff --git a/src/controllers/UserController.ts b/src/controllers/UserController.ts
index 0c5f0cb..cdc1fc9 100644
--- a/src/controllers/UserController.ts
+++ b/src/controllers/UserController.ts
@@ -1,7 +1,7 @@
import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
import { getConnectionManager, Repository } from 'typeorm';
-import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
import { UserGroupNotFoundError } from '../errors/UserGroupErrors';
import { CreateUser } from '../models/actions/create/CreateUser';
import { UpdateUser } from '../models/actions/update/UpdateUser';
@@ -66,6 +66,10 @@ export class UserController {
@ResponseSchema(ResponseUser)
@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+ @ResponseSchema(PasswordTooShortError, { statusCode: 406 })
@OpenAPI({ description: 'Create a new user.
If you want to grant permissions to the user you have to create them seperately by posting to /api/permissions after creating the user.' })
async post(@Body({ validate: true }) createUser: CreateUser) {
let user;
@@ -85,6 +89,10 @@ export class UserController {
@ResponseSchema(UserNotFoundError, { statusCode: 404 })
@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+ @ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+ @ResponseSchema(PasswordTooShortError, { statusCode: 406 })
@OpenAPI({ description: "Update the user whose id you provided.
To change the permissions directly granted to the user please use /api/permissions instead.
Please remember that ids can't be changed." })
async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) {
let oldUser = await this.userRepository.findOne({ id: id });
diff --git a/src/errors/UserErrors.ts b/src/errors/UserErrors.ts
index ced02ed..4254903 100644
--- a/src/errors/UserErrors.ts
+++ b/src/errors/UserErrors.ts
@@ -71,4 +71,33 @@ export class UserDeletionNotConfirmedError extends NotAcceptableError {
@IsString()
message = "You are trying to delete a user! \n If you're sure about doing this: provide the ?force=true query param."
+}
+
+export class PasswordMustContainUppercaseLetterError extends NotAcceptableError {
+ @IsString()
+ name = "PasswordMustContainUppercaseLetterError"
+
+ @IsString()
+ message = "Passwords must contain at least one uppercase letter."
+}
+export class PasswordMustContainLowercaseLetterError extends NotAcceptableError {
+ @IsString()
+ name = "PasswordMustContainLowercaseLetterError"
+
+ @IsString()
+ message = "Passwords must contain at least one lowercase letter."
+}
+export class PasswordMustContainNumberError extends NotAcceptableError {
+ @IsString()
+ name = "PasswordMustContainNumberError"
+
+ @IsString()
+ message = "Passwords must contain at least one number."
+}
+export class PasswordTooShortError extends NotAcceptableError {
+ @IsString()
+ name = "PasswordTooShortError"
+
+ @IsString()
+ message = "Passwords must be at least ten characters long."
}
\ No newline at end of file
diff --git a/src/models/actions/create/CreateUser.ts b/src/models/actions/create/CreateUser.ts
index 06c2507..a29fb62 100644
--- a/src/models/actions/create/CreateUser.ts
+++ b/src/models/actions/create/CreateUser.ts
@@ -1,9 +1,10 @@
import * as argon2 from "argon2";
+import { passwordStrength } from "check-password-strength";
import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
import { getConnectionManager } from 'typeorm';
import * as uuid from 'uuid';
import { config } from '../../../config';
-import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
import { User } from '../../entities/User';
import { UserGroup } from '../../entities/UserGroup';
@@ -94,7 +95,13 @@ export class CreateUser {
if (!this.email) {
throw new UserEmailNeededError();
}
- if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
+ if (this.username?.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
+
+ let password_strength = passwordStrength(this.password);
+ if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
+ if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
+ if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
+ if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
newUser.email = this.email
newUser.username = this.username
diff --git a/src/models/actions/update/UpdateUser.ts b/src/models/actions/update/UpdateUser.ts
index f130672..e5685eb 100644
--- a/src/models/actions/update/UpdateUser.ts
+++ b/src/models/actions/update/UpdateUser.ts
@@ -1,12 +1,14 @@
import * as argon2 from "argon2";
+import { passwordStrength } from "check-password-strength";
import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
import { getConnectionManager } from 'typeorm';
import { config } from '../../../config';
-import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
import { User } from '../../entities/User';
import { UserGroup } from '../../entities/UserGroup';
+
/**
* This class is used to update a User entity (via put request).
*/
@@ -104,6 +106,11 @@ export class UpdateUser {
if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
if (this.password) {
+ let password_strength = passwordStrength(this.password);
+ if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
+ if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
+ if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
+ if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
user.password = await argon2.hash(this.password + user.uuid);
user.refreshTokenCount = user.refreshTokenCount + 1;
}
diff --git a/src/seeds/SeedUsers.ts b/src/seeds/SeedUsers.ts
index 26fc233..219ac63 100644
--- a/src/seeds/SeedUsers.ts
+++ b/src/seeds/SeedUsers.ts
@@ -1,14 +1,14 @@
+import * as argon2 from "argon2";
import { Connection } from 'typeorm';
import { Factory, Seeder } from 'typeorm-seeding';
+import * as uuid from 'uuid';
import { CreatePermission } from '../models/actions/create/CreatePermission';
-import { CreateUser } from '../models/actions/create/CreateUser';
import { CreateUserGroup } from '../models/actions/create/CreateUserGroup';
import { Permission } from '../models/entities/Permission';
import { User } from '../models/entities/User';
import { UserGroup } from '../models/entities/UserGroup';
import { PermissionAction } from '../models/enums/PermissionAction';
import { PermissionTarget } from '../models/enums/PermissionTargets';
-
/**
* Seeds a admin group with a demo user into the database for initial setup and auto recovery.
* We know that the nameing isn't perfectly fitting. Feel free to change it.
@@ -16,7 +16,7 @@ import { PermissionTarget } from '../models/enums/PermissionTargets';
export default class SeedUsers implements Seeder {
public async run(factory: Factory, connection: Connection): Promise {
let adminGroup: UserGroup = await this.createAdminGroup(connection);
- await this.createUser(connection, adminGroup.id);
+ await this.createUser(connection, adminGroup);
await this.createPermissions(connection, adminGroup.id);
}
@@ -27,15 +27,16 @@ export default class SeedUsers implements Seeder {
return await connection.getRepository(UserGroup).save(await adminGroup.toEntity());
}
- public async createUser(connection: Connection, group: number) {
- let initialUser = new CreateUser();
+ public async createUser(connection: Connection, group: UserGroup) {
+ let initialUser = new User();
initialUser.firstname = "demo";
initialUser.lastname = "demo";
initialUser.username = "demo";
- initialUser.password = "demo";
+ initialUser.uuid = uuid.v4();
+ initialUser.password = await argon2.hash("demo" + initialUser.uuid);
initialUser.email = "demo@dev.lauf-fuer-kaya.de"
- initialUser.groups = group;
- return await connection.getRepository(User).save(await initialUser.toEntity());
+ initialUser.groups = [group];
+ return await connection.getRepository(User).save(initialUser);
}
public async createPermissions(connection: Connection, principal: number) {
diff --git a/src/tests/auth/auth_logout.spec.ts b/src/tests/auth/auth_logout.spec.ts
index 0431061..5077cdd 100644
--- a/src/tests/auth/auth_logout.spec.ts
+++ b/src/tests/auth/auth_logout.spec.ts
@@ -11,12 +11,12 @@ beforeAll(async () => {
jest.setTimeout(20000);
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
await axios.post(base + '/api/users', {
- "firstname": "demo_logout",
- "middlename": "demo_logout",
- "lastname": "demo_logout",
- "username": "demo_logout",
- "password": "demo_logout",
- "email": "demo_logout@dev.lauf-fuer-kaya.de"
+ "firstname": "demo_logoutASD123",
+ "middlename": "demo_logoutASD123",
+ "lastname": "demo_logoutASD123",
+ "username": "demo_logoutASD123",
+ "password": "demo_logoutASD123",
+ "email": "demo_logoutASD123@dev.lauf-fuer-kaya.de"
}, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined
@@ -26,7 +26,7 @@ beforeAll(async () => {
describe('POST /api/auth/logout valid', () => {
let refresh_coookie;
it('valid logout with token in cookie should return 200', async () => {
- const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
+ const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logoutASD123", password: "demo_logoutASD123" });
refresh_coookie = res_login.headers["set-cookie"];
const res = await axios.post(base + '/api/auth/logout', null, {
headers: { "Cookie": refresh_coookie },
@@ -35,7 +35,7 @@ describe('POST /api/auth/logout valid', () => {
expect(res.status).toEqual(200);
});
it('valid logout with token in body should return 200', async () => {
- const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
+ const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logoutASD123", password: "demo_logoutASD123" });
const res = await axios.post(base + '/api/auth/logout', { token: res_login.data["refresh_token"] }, axios_config);
expect(res.status).toEqual(200);
});
diff --git a/src/tests/auth/auth_refresh.spec.ts b/src/tests/auth/auth_refresh.spec.ts
index 0c0792a..1422295 100644
--- a/src/tests/auth/auth_refresh.spec.ts
+++ b/src/tests/auth/auth_refresh.spec.ts
@@ -11,12 +11,12 @@ beforeAll(async () => {
jest.setTimeout(20000);
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
await axios.post(base + '/api/users', {
- "firstname": "demo_refresh",
- "middlename": "demo_refresh",
- "lastname": "demo_refresh",
- "username": "demo_refresh",
- "password": "demo_refresh",
- "email": "demo_refresh@dev.lauf-fuer-kaya.de"
+ "firstname": "demo_refreshASD312",
+ "middlename": "demo_refreshASD312",
+ "lastname": "demo_refreshASD312",
+ "username": "demo_refreshASD312",
+ "password": "demo_refreshASD312",
+ "email": "demo_refreshASD312@dev.lauf-fuer-kaya.de"
}, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined
@@ -25,7 +25,7 @@ beforeAll(async () => {
describe('POST /api/auth/refresh valid', () => {
it('valid refresh with token in cookie should return 200', async () => {
- const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
+ const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refreshASD312", password: "demo_refreshASD312" });
const res = await axios.post(base + '/api/auth/refresh', null, {
headers: { "Cookie": res_login.headers["set-cookie"] },
validateStatus: undefined
@@ -33,7 +33,7 @@ describe('POST /api/auth/refresh valid', () => {
expect(res.status).toEqual(200);
});
it('valid refresh with token in body should return 200', async () => {
- const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
+ const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refreshASD312", password: "demo_refreshASD312" });
const res = await axios.post(base + '/api/auth/refresh', { token: res_login.data["refresh_token"] }, axios_config);
expect(res.status).toEqual(200);
});
diff --git a/src/tests/auth/auth_reset.spec.ts b/src/tests/auth/auth_reset.spec.ts
index 02f0ee0..626ef02 100644
--- a/src/tests/auth/auth_reset.spec.ts
+++ b/src/tests/auth/auth_reset.spec.ts
@@ -11,23 +11,23 @@ beforeAll(async () => {
jest.setTimeout(20000);
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
await axios.post(base + '/api/users', {
- "firstname": "demo_reset",
- "middlename": "demo_reset",
- "lastname": "demo_reset",
- "username": "demo_reset",
- "password": "demo_reset",
- "email": "demo_reset1@dev.lauf-fuer-kaya.de"
+ "firstname": "demo_resetASD312",
+ "middlename": "demo_resetASD312",
+ "lastname": "demo_resetASD312",
+ "username": "demo_resetASD312",
+ "password": "demo_resetASD312",
+ "email": "demo_resetASD3121@dev.lauf-fuer-kaya.de"
}, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined
});
await axios.post(base + '/api/users', {
- "firstname": "demo_reset2",
- "middlename": "demo_reset2",
- "lastname": "demo_reset2",
- "username": "demo_reset2",
- "password": "demo_reset2",
- "email": "demo_reset2@dev.lauf-fuer-kaya.de"
+ "firstname": "demo_resetASD3122",
+ "middlename": "demo_resetASD3122",
+ "lastname": "demo_resetASD3122",
+ "username": "demo_resetASD3122",
+ "password": "demo_resetASD3122",
+ "email": "demo_resetASD3122@dev.lauf-fuer-kaya.de"
}, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined
@@ -37,7 +37,7 @@ beforeAll(async () => {
describe('POST /api/auth/reset valid', () => {
let reset_token;
it('valid reset token request should return 200 (500 w/o correct auth)', async () => {
- const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_reset1@dev.lauf-fuer-kaya.de" }, axios_config);
+ const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3121@dev.lauf-fuer-kaya.de" }, axios_config);
reset_token = res1.data.resetToken;
expect(res1.status).toEqual(200);
});
@@ -45,8 +45,8 @@ describe('POST /api/auth/reset valid', () => {
// ---------------
describe('POST /api/auth/reset invalid requests', () => {
it('request another password reset before the timeout should return 406', async () => {
- const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_reset2@dev.lauf-fuer-kaya.de" }, axios_config);
- const res2 = await axios.post(base + '/api/auth/reset', { email: "demo_reset2@dev.lauf-fuer-kaya.de" }, axios_config);
+ const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3122@dev.lauf-fuer-kaya.de" }, axios_config);
+ const res2 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3122@dev.lauf-fuer-kaya.de" }, axios_config);
expect(res2.status).toEqual(406);
});
});
diff --git a/src/tests/runnerOrgs/org_delete.spec.ts b/src/tests/runnerOrgs/org_delete.spec.ts
index 6f4c768..92cbfce 100644
--- a/src/tests/runnerOrgs/org_delete.spec.ts
+++ b/src/tests/runnerOrgs/org_delete.spec.ts
@@ -16,7 +16,7 @@ beforeAll(async () => {
});
// ---------------
-describe('adding + deletion (non-existant)', () => {
+describe('deletion (non-existant)', () => {
it('delete', async () => {
const res2 = await axios.delete(base + '/api/organizations/0', axios_config);
expect(res2.status).toEqual(204);
diff --git a/src/tests/users/user_delete.spec.ts b/src/tests/users/user_delete.spec.ts
new file mode 100644
index 0000000..071ceb8
--- /dev/null
+++ b/src/tests/users/user_delete.spec.ts
@@ -0,0 +1,51 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+ jest.setTimeout(20000);
+ const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+ access_token = res.data["access_token"];
+ axios_config = {
+ headers: { "authorization": "Bearer " + access_token },
+ validateStatus: undefined
+ };
+});
+
+// ---------------
+describe('adding + deletion (non-existant)', () => {
+ it('delete', async () => {
+ const res2 = await axios.delete(base + '/api/users/0?force=true', axios_config);
+ expect(res2.status).toEqual(204);
+ });
+});
+// ---------------
+describe('adding + deletion (successfull)', () => {
+ let added_user
+ it('valid user creation with minimal parameters should return 200', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "string",
+ "middlename": "string",
+ "lastname": "string",
+ "email": "demo_123_123_123asdASD@example.com",
+ "password": "demo_123_123_123asdASD",
+ "enabled": true
+ }
+ , axios_config);
+ added_user = res.data;
+ expect(res.status).toEqual(200);
+ });
+ it('delete', async () => {
+ const res2 = await axios.delete(base + '/api/users/' + added_user.id + "?force=true", axios_config);
+ expect(res2.status).toEqual(200);
+ expect(res2.headers['content-type']).toContain("application/json")
+ });
+ it('check if user really was deleted', async () => {
+ const res3 = await axios.get(base + '/api/users/' + added_user.id, axios_config);
+ expect(res3.status).toEqual(404);
+ expect(res3.headers['content-type']).toContain("application/json")
+ });
+});
\ No newline at end of file
diff --git a/src/tests/users/user_post.spec.ts b/src/tests/users/user_post.spec.ts
new file mode 100644
index 0000000..8a6f7be
--- /dev/null
+++ b/src/tests/users/user_post.spec.ts
@@ -0,0 +1,113 @@
+import axios from 'axios';
+import { config } from '../../config';
+
+const base = "http://localhost:" + config.internal_port
+
+let axios_config = {};
+
+beforeAll(async () => {
+ jest.setTimeout(20000);
+ const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+ let access_token = res.data["access_token"];
+ axios_config = {
+ headers: { "authorization": "Bearer " + access_token },
+ validateStatus: undefined
+ };
+});
+
+describe('POST /api/users valid', () => {
+ it('valid user creation with minimal parameters should return 200', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123",
+ "lastname": "demo_createASD123",
+ "password": "demo_createASD123",
+ "email": "demo_createASD123@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(200);
+ });
+ it('valid user creation with all parameters should return 200', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123_2",
+ "middlename": "demo_createASD123_2",
+ "lastname": "demo_createASD123_2",
+ "username": "demo_createASD123_2",
+ "password": "demo_createASD123_2",
+ "email": "demo_createASD123_2@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(200);
+ });
+});
+// ---------------
+describe('POST /api/users invalid -> 400', () => {
+ it('user creation w/o firstname should return 400', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "lastname": "demo_createASD123_3",
+ "password": "demo_createASD123_3",
+ "email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(400);
+ });
+ it('user creation w/o lastname should return 400', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123_3",
+ "password": "demo_createASD123_3",
+ "email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(400);
+ });
+ it('user creation w/o password should return 400', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123_3",
+ "lastname": "demo_createASD123_3",
+ "email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(400);
+ });
+ it('user creation w/o email should return 400', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123_3",
+ "lastname": "demo_createASD123_3",
+ "password": "demo_createASD123_3"
+ }, axios_config);
+ expect(res.status).toEqual(400);
+ });
+});
+// ---------------
+describe('POST /api/users invalid -> Password errors', () => {
+ it('user creation w/ invalid password -> No numbers should return 406', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123_4",
+ "lastname": "demo_createASD123_4",
+ "password": "demo_createASD",
+ "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(406);
+ });
+ it('user creation w/ invalid password -> No uppercase should return 406', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123_4",
+ "lastname": "demo_createASD123_4",
+ "password": "demo_create_4",
+ "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(406);
+ });
+ it('user creation w/ invalid password -> No lowercase should return 406', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123_4",
+ "lastname": "demo_createASD123_4",
+ "password": "DEMO123123ASD",
+ "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(406);
+ });
+ it('user creation w/ invalid password -> Too short should return 406', async () => {
+ const res = await axios.post(base + '/api/users', {
+ "firstname": "demo_createASD123_4",
+ "lastname": "demo_createASD123_4",
+ "password": "1Aa_",
+ "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
+ }, axios_config);
+ expect(res.status).toEqual(406);
+ });
+});
\ No newline at end of file