Compare commits
26 Commits
Author | SHA1 | Date |
---|---|---|
Nicolai Ort | 95135ddc89 | |
Nicolai Ort | a7fe1e1759 | |
Nicolai Ort | 56a5f41686 | |
Nicolai Ort | c23b4d907f | |
Nicolai Ort | bd7b81efe7 | |
Nicolai Ort | 274a146b9b | |
Nicolai Ort | 5a3fc5b2bd | |
Nicolai Ort | 070560e863 | |
Nicolai Ort | 536900091a | |
Nicolai Ort | 8154e715bb | |
Nicolai Ort | 4c6665062f | |
Nicolai Ort | cb3ea9b1eb | |
Nicolai Ort | 7a64f23937 | |
Nicolai Ort | 96ba25ec6c | |
Nicolai Ort | e6a8ebcb5b | |
Nicolai Ort | 888cab5898 | |
Nicolai Ort | 383a8095b8 | |
Nicolai Ort | 63f6526e4f | |
Nicolai Ort | b24e24ff7d | |
Nicolai Ort | 9ce35d8eb7 | |
Nicolai Ort | 48a87e8936 | |
Nicolai Ort | b8c28ebb08 | |
Nicolai Ort | 5daaa3a73c | |
Nicolai Ort | 24c38cce26 | |
Nicolai Ort | bd00f4f8d5 | |
Nicolai Ort | 03d76e6d0b |
33
CHANGELOG.md
33
CHANGELOG.md
|
@ -2,8 +2,39 @@
|
|||
|
||||
All notable changes to this project will be documented in this file. Dates are displayed in UTC.
|
||||
|
||||
#### [v0.7.1](https://git.odit.services/lfk/backend/compare/v0.7.1...v0.7.1)
|
||||
#### [v0.9.0](https://git.odit.services/lfk/backend/compare/v0.8.0...v0.9.0)
|
||||
|
||||
- Reenabled user tests [`4c66650`](https://git.odit.services/lfk/backend/commit/4c6665062fe6717242e43b58e66c1f1d030c018d)
|
||||
- Moved to tmp files to better check for other problems [`7a64f23`](https://git.odit.services/lfk/backend/commit/7a64f2393783f97a9729356bc1dfd831927dd312)
|
||||
- Added user creation invalid tests [`888cab5`](https://git.odit.services/lfk/backend/commit/888cab5898caf9e552c421346934bf90f717a653)
|
||||
- Updated auth test to comply with the new pw requirements [`63f6526`](https://git.odit.services/lfk/backend/commit/63f6526e4f59621edbf1fad59fc569b4bd6acbf2)
|
||||
- Added user deletion tests [`e6a8ebc`](https://git.odit.services/lfk/backend/commit/e6a8ebcb5b4f430254da4afe159141b21d8da0ed)
|
||||
- Added user creation valid tests [`383a809`](https://git.odit.services/lfk/backend/commit/383a8095b8286d51fb2fb24ae2fd0156230e56ab)
|
||||
- 📖New license file version [CI SKIP] [skip ci] [`bd7b81e`](https://git.odit.services/lfk/backend/commit/bd7b81efe795c02512c87f3b5dd5eec796580144)
|
||||
- Added password errors [`24c38cc`](https://git.odit.services/lfk/backend/commit/24c38cce26da41ccf375e1ccf04afa1868aad8df)
|
||||
- 🧾New changelog file version [CI SKIP] [skip ci] [`274a146`](https://git.odit.services/lfk/backend/commit/274a146b9bccfe5e1a879ca137ebb4f51eaa5d57)
|
||||
- Fixed test params [`070560e`](https://git.odit.services/lfk/backend/commit/070560e8632e833dd26505c02ccb2474462b63ac)
|
||||
- No longer using createuser in seeding process [`96ba25e`](https://git.odit.services/lfk/backend/commit/96ba25ec6c6c397cd2aa322afa79024395f658fe)
|
||||
- Added pw errors to user controller [`b24e24f`](https://git.odit.services/lfk/backend/commit/b24e24ff7dd75d972cdab0fd1e2fe6c532ca2b2f)
|
||||
- Now checking password rules on user creation [`5daaa3a`](https://git.odit.services/lfk/backend/commit/5daaa3a73c4eca2817d67e226679d125928a3645)
|
||||
- Now checking password rules on user update [`48a87e8`](https://git.odit.services/lfk/backend/commit/48a87e8936e13c48f4baa3f4b10f781ad2f55a44)
|
||||
- Fixed pw not getting hashed currectly; [`cb3ea9b`](https://git.odit.services/lfk/backend/commit/cb3ea9b1ebb82c650abd83d4be8629cfe29a5b21)
|
||||
- Added pw errors to me controller [`9ce35d8`](https://git.odit.services/lfk/backend/commit/9ce35d8eb78a01f40af8c70e640eca3bcb142304)
|
||||
- 🚀Bumped version to v0.8.0 [`c23b4d9`](https://git.odit.services/lfk/backend/commit/c23b4d907f20ed7af37a6de6ea4c61433e30b29b)
|
||||
- Added password checker dependency [`bd00f4f`](https://git.odit.services/lfk/backend/commit/bd00f4f8d585fb6878874810f7de0b8b9f3950d5)
|
||||
- 🚀Bumped version to v0.9.0 [`56a5f41`](https://git.odit.services/lfk/backend/commit/56a5f4168621263daeab5d2fda97b944cdc6ab31)
|
||||
- Merge pull request 'Password security feature/99-password_checks' (#177) from feature/99-password_checks into dev [`5a3fc5b`](https://git.odit.services/lfk/backend/commit/5a3fc5b2bd06b3e26177d017d3503f4f627be3f2)
|
||||
- Now forceing user deletion in tests [`8154e71`](https://git.odit.services/lfk/backend/commit/8154e715bbf18938bd5d1031656a88d39231fa81)
|
||||
- Fixed empty object getting called [`5369000`](https://git.odit.services/lfk/backend/commit/536900091afd7366128f21058490d0d4f15c6c89)
|
||||
- 🧾New changelog file version [CI SKIP] [skip ci] [`03d76e6`](https://git.odit.services/lfk/backend/commit/03d76e6d0bc5b4655f7f441232681c9462815526)
|
||||
- Formatting [`b8c28eb`](https://git.odit.services/lfk/backend/commit/b8c28ebb0808395218b5fb9031f477ae1d48e65e)
|
||||
|
||||
#### [v0.8.0](https://git.odit.services/lfk/backend/compare/v0.7.1...v0.8.0)
|
||||
|
||||
> 26 March 2021
|
||||
|
||||
- Merge pull request 'Release 0.8.0' (#176) from dev into main [`3f8e8ce`](https://git.odit.services/lfk/backend/commit/3f8e8ce3a66a943801c0c8e17885e71feeee744f)
|
||||
- 🧾New changelog file version [CI SKIP] [skip ci] [`c9bd6de`](https://git.odit.services/lfk/backend/commit/c9bd6de4762fec04e1e02cd3b667838d05ef39a7)
|
||||
- Merge pull request 'Selfservice deletion feature/174-selfservice_deletion' (#175) from feature/174-selfservice_deletion into dev [`e702118`](https://git.odit.services/lfk/backend/commit/e702118d4d80e362e41bb88c74343d50530d1338)
|
||||
- Added tests for the new endpoint [`20aeed8`](https://git.odit.services/lfk/backend/commit/20aeed87780247dc6401bba725801fc1874e50b5)
|
||||
- Removed param from test [`97159dd`](https://git.odit.services/lfk/backend/commit/97159dd9f81aed080c174a3eb8da9e66dfea9b10)
|
||||
|
|
29
licenses.md
29
licenses.md
|
@ -115,6 +115,35 @@ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
|||
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
|
||||
# check-password-strength
|
||||
**Author**: deanilvincent
|
||||
**Repo**: [object Object]
|
||||
**License**: MIT
|
||||
**Description**: A NPM Password strength checker based from Javascript RegExp. Check passphrase if it's "Weak", "Medium" or "Strong"
|
||||
## License Text
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2020 Mark Deanil Vicente
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
||||
|
||||
# class-transformer
|
||||
**Author**: [object Object]
|
||||
**Repo**: [object Object]
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "@odit/lfk-backend",
|
||||
"version": "0.7.1",
|
||||
"version": "0.9.0",
|
||||
"main": "src/app.ts",
|
||||
"repository": "https://git.odit.services/lfk/backend",
|
||||
"author": {
|
||||
|
@ -26,6 +26,7 @@
|
|||
"argon2": "^0.27.1",
|
||||
"axios": "^0.21.1",
|
||||
"body-parser": "^1.19.0",
|
||||
"check-password-strength": "^2.0.2",
|
||||
"class-transformer": "0.3.1",
|
||||
"class-validator": "^0.13.1",
|
||||
"consola": "^2.15.0",
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import { Body, CurrentUser, Delete, Get, JsonController, OnUndefined, Put, QueryParam } from 'routing-controllers';
|
||||
import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
|
||||
import { getConnectionManager, Repository } from 'typeorm';
|
||||
import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
|
||||
import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
|
||||
import { UpdateUser } from '../models/actions/update/UpdateUser';
|
||||
import { User } from '../models/entities/User';
|
||||
import { ResponseUser } from '../models/responses/ResponseUser';
|
||||
|
@ -48,6 +48,10 @@ export class MeController {
|
|||
@ResponseSchema(UserNotFoundError, { statusCode: 404 })
|
||||
@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
|
||||
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
|
||||
@OpenAPI({ description: "Update the yourself. <br> You can't edit your own permissions or group memberships here - Please use the /api/users/:id enpoint instead. <br> Please remember that ids can't be changed." })
|
||||
async put(@CurrentUser() currentUser: User, @Body({ validate: true }) updateUser: UpdateUser) {
|
||||
let oldUser = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['groups'] });
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
|
||||
import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
|
||||
import { getConnectionManager, Repository } from 'typeorm';
|
||||
import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
|
||||
import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
|
||||
import { UserGroupNotFoundError } from '../errors/UserGroupErrors';
|
||||
import { CreateUser } from '../models/actions/create/CreateUser';
|
||||
import { UpdateUser } from '../models/actions/update/UpdateUser';
|
||||
|
@ -66,6 +66,10 @@ export class UserController {
|
|||
@ResponseSchema(ResponseUser)
|
||||
@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
|
||||
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
|
||||
@OpenAPI({ description: 'Create a new user. <br> If you want to grant permissions to the user you have to create them seperately by posting to /api/permissions after creating the user.' })
|
||||
async post(@Body({ validate: true }) createUser: CreateUser) {
|
||||
let user;
|
||||
|
@ -85,6 +89,10 @@ export class UserController {
|
|||
@ResponseSchema(UserNotFoundError, { statusCode: 404 })
|
||||
@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
|
||||
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
|
||||
@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
|
||||
@OpenAPI({ description: "Update the user whose id you provided. <br> To change the permissions directly granted to the user please use /api/permissions instead. <br> Please remember that ids can't be changed." })
|
||||
async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) {
|
||||
let oldUser = await this.userRepository.findOne({ id: id });
|
||||
|
|
|
@ -71,4 +71,33 @@ export class UserDeletionNotConfirmedError extends NotAcceptableError {
|
|||
|
||||
@IsString()
|
||||
message = "You are trying to delete a user! \n If you're sure about doing this: provide the ?force=true query param."
|
||||
}
|
||||
|
||||
export class PasswordMustContainUppercaseLetterError extends NotAcceptableError {
|
||||
@IsString()
|
||||
name = "PasswordMustContainUppercaseLetterError"
|
||||
|
||||
@IsString()
|
||||
message = "Passwords must contain at least one uppercase letter."
|
||||
}
|
||||
export class PasswordMustContainLowercaseLetterError extends NotAcceptableError {
|
||||
@IsString()
|
||||
name = "PasswordMustContainLowercaseLetterError"
|
||||
|
||||
@IsString()
|
||||
message = "Passwords must contain at least one lowercase letter."
|
||||
}
|
||||
export class PasswordMustContainNumberError extends NotAcceptableError {
|
||||
@IsString()
|
||||
name = "PasswordMustContainNumberError"
|
||||
|
||||
@IsString()
|
||||
message = "Passwords must contain at least one number."
|
||||
}
|
||||
export class PasswordTooShortError extends NotAcceptableError {
|
||||
@IsString()
|
||||
name = "PasswordTooShortError"
|
||||
|
||||
@IsString()
|
||||
message = "Passwords must be at least ten characters long."
|
||||
}
|
|
@ -1,9 +1,10 @@
|
|||
import * as argon2 from "argon2";
|
||||
import { passwordStrength } from "check-password-strength";
|
||||
import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
|
||||
import { getConnectionManager } from 'typeorm';
|
||||
import * as uuid from 'uuid';
|
||||
import { config } from '../../../config';
|
||||
import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
|
||||
import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
|
||||
import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
|
||||
import { User } from '../../entities/User';
|
||||
import { UserGroup } from '../../entities/UserGroup';
|
||||
|
@ -94,7 +95,13 @@ export class CreateUser {
|
|||
if (!this.email) {
|
||||
throw new UserEmailNeededError();
|
||||
}
|
||||
if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
|
||||
if (this.username?.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
|
||||
|
||||
let password_strength = passwordStrength(this.password);
|
||||
if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
|
||||
if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
|
||||
if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
|
||||
if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
|
||||
|
||||
newUser.email = this.email
|
||||
newUser.username = this.username
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
import * as argon2 from "argon2";
|
||||
import { passwordStrength } from "check-password-strength";
|
||||
import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
|
||||
import { getConnectionManager } from 'typeorm';
|
||||
import { config } from '../../../config';
|
||||
import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
|
||||
import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
|
||||
import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
|
||||
import { User } from '../../entities/User';
|
||||
import { UserGroup } from '../../entities/UserGroup';
|
||||
|
||||
|
||||
/**
|
||||
* This class is used to update a User entity (via put request).
|
||||
*/
|
||||
|
@ -104,6 +106,11 @@ export class UpdateUser {
|
|||
if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
|
||||
|
||||
if (this.password) {
|
||||
let password_strength = passwordStrength(this.password);
|
||||
if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
|
||||
if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
|
||||
if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
|
||||
if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
|
||||
user.password = await argon2.hash(this.password + user.uuid);
|
||||
user.refreshTokenCount = user.refreshTokenCount + 1;
|
||||
}
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
import * as argon2 from "argon2";
|
||||
import { Connection } from 'typeorm';
|
||||
import { Factory, Seeder } from 'typeorm-seeding';
|
||||
import * as uuid from 'uuid';
|
||||
import { CreatePermission } from '../models/actions/create/CreatePermission';
|
||||
import { CreateUser } from '../models/actions/create/CreateUser';
|
||||
import { CreateUserGroup } from '../models/actions/create/CreateUserGroup';
|
||||
import { Permission } from '../models/entities/Permission';
|
||||
import { User } from '../models/entities/User';
|
||||
import { UserGroup } from '../models/entities/UserGroup';
|
||||
import { PermissionAction } from '../models/enums/PermissionAction';
|
||||
import { PermissionTarget } from '../models/enums/PermissionTargets';
|
||||
|
||||
/**
|
||||
* Seeds a admin group with a demo user into the database for initial setup and auto recovery.
|
||||
* We know that the nameing isn't perfectly fitting. Feel free to change it.
|
||||
|
@ -16,7 +16,7 @@ import { PermissionTarget } from '../models/enums/PermissionTargets';
|
|||
export default class SeedUsers implements Seeder {
|
||||
public async run(factory: Factory, connection: Connection): Promise<any> {
|
||||
let adminGroup: UserGroup = await this.createAdminGroup(connection);
|
||||
await this.createUser(connection, adminGroup.id);
|
||||
await this.createUser(connection, adminGroup);
|
||||
await this.createPermissions(connection, adminGroup.id);
|
||||
}
|
||||
|
||||
|
@ -27,15 +27,16 @@ export default class SeedUsers implements Seeder {
|
|||
return await connection.getRepository(UserGroup).save(await adminGroup.toEntity());
|
||||
}
|
||||
|
||||
public async createUser(connection: Connection, group: number) {
|
||||
let initialUser = new CreateUser();
|
||||
public async createUser(connection: Connection, group: UserGroup) {
|
||||
let initialUser = new User();
|
||||
initialUser.firstname = "demo";
|
||||
initialUser.lastname = "demo";
|
||||
initialUser.username = "demo";
|
||||
initialUser.password = "demo";
|
||||
initialUser.uuid = uuid.v4();
|
||||
initialUser.password = await argon2.hash("demo" + initialUser.uuid);
|
||||
initialUser.email = "demo@dev.lauf-fuer-kaya.de"
|
||||
initialUser.groups = group;
|
||||
return await connection.getRepository(User).save(await initialUser.toEntity());
|
||||
initialUser.groups = [group];
|
||||
return await connection.getRepository(User).save(initialUser);
|
||||
}
|
||||
|
||||
public async createPermissions(connection: Connection, principal: number) {
|
||||
|
|
|
@ -11,12 +11,12 @@ beforeAll(async () => {
|
|||
jest.setTimeout(20000);
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
|
||||
await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_logout",
|
||||
"middlename": "demo_logout",
|
||||
"lastname": "demo_logout",
|
||||
"username": "demo_logout",
|
||||
"password": "demo_logout",
|
||||
"email": "demo_logout@dev.lauf-fuer-kaya.de"
|
||||
"firstname": "demo_logoutASD123",
|
||||
"middlename": "demo_logoutASD123",
|
||||
"lastname": "demo_logoutASD123",
|
||||
"username": "demo_logoutASD123",
|
||||
"password": "demo_logoutASD123",
|
||||
"email": "demo_logoutASD123@dev.lauf-fuer-kaya.de"
|
||||
}, {
|
||||
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
|
||||
validateStatus: undefined
|
||||
|
@ -26,7 +26,7 @@ beforeAll(async () => {
|
|||
describe('POST /api/auth/logout valid', () => {
|
||||
let refresh_coookie;
|
||||
it('valid logout with token in cookie should return 200', async () => {
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logoutASD123", password: "demo_logoutASD123" });
|
||||
refresh_coookie = res_login.headers["set-cookie"];
|
||||
const res = await axios.post(base + '/api/auth/logout', null, {
|
||||
headers: { "Cookie": refresh_coookie },
|
||||
|
@ -35,7 +35,7 @@ describe('POST /api/auth/logout valid', () => {
|
|||
expect(res.status).toEqual(200);
|
||||
});
|
||||
it('valid logout with token in body should return 200', async () => {
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logoutASD123", password: "demo_logoutASD123" });
|
||||
const res = await axios.post(base + '/api/auth/logout', { token: res_login.data["refresh_token"] }, axios_config);
|
||||
expect(res.status).toEqual(200);
|
||||
});
|
||||
|
|
|
@ -11,12 +11,12 @@ beforeAll(async () => {
|
|||
jest.setTimeout(20000);
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
|
||||
await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_refresh",
|
||||
"middlename": "demo_refresh",
|
||||
"lastname": "demo_refresh",
|
||||
"username": "demo_refresh",
|
||||
"password": "demo_refresh",
|
||||
"email": "demo_refresh@dev.lauf-fuer-kaya.de"
|
||||
"firstname": "demo_refreshASD312",
|
||||
"middlename": "demo_refreshASD312",
|
||||
"lastname": "demo_refreshASD312",
|
||||
"username": "demo_refreshASD312",
|
||||
"password": "demo_refreshASD312",
|
||||
"email": "demo_refreshASD312@dev.lauf-fuer-kaya.de"
|
||||
}, {
|
||||
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
|
||||
validateStatus: undefined
|
||||
|
@ -25,7 +25,7 @@ beforeAll(async () => {
|
|||
|
||||
describe('POST /api/auth/refresh valid', () => {
|
||||
it('valid refresh with token in cookie should return 200', async () => {
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refreshASD312", password: "demo_refreshASD312" });
|
||||
const res = await axios.post(base + '/api/auth/refresh', null, {
|
||||
headers: { "Cookie": res_login.headers["set-cookie"] },
|
||||
validateStatus: undefined
|
||||
|
@ -33,7 +33,7 @@ describe('POST /api/auth/refresh valid', () => {
|
|||
expect(res.status).toEqual(200);
|
||||
});
|
||||
it('valid refresh with token in body should return 200', async () => {
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refreshASD312", password: "demo_refreshASD312" });
|
||||
const res = await axios.post(base + '/api/auth/refresh', { token: res_login.data["refresh_token"] }, axios_config);
|
||||
expect(res.status).toEqual(200);
|
||||
});
|
||||
|
|
|
@ -11,23 +11,23 @@ beforeAll(async () => {
|
|||
jest.setTimeout(20000);
|
||||
const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
|
||||
await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_reset",
|
||||
"middlename": "demo_reset",
|
||||
"lastname": "demo_reset",
|
||||
"username": "demo_reset",
|
||||
"password": "demo_reset",
|
||||
"email": "demo_reset1@dev.lauf-fuer-kaya.de"
|
||||
"firstname": "demo_resetASD312",
|
||||
"middlename": "demo_resetASD312",
|
||||
"lastname": "demo_resetASD312",
|
||||
"username": "demo_resetASD312",
|
||||
"password": "demo_resetASD312",
|
||||
"email": "demo_resetASD3121@dev.lauf-fuer-kaya.de"
|
||||
}, {
|
||||
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
|
||||
validateStatus: undefined
|
||||
});
|
||||
await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_reset2",
|
||||
"middlename": "demo_reset2",
|
||||
"lastname": "demo_reset2",
|
||||
"username": "demo_reset2",
|
||||
"password": "demo_reset2",
|
||||
"email": "demo_reset2@dev.lauf-fuer-kaya.de"
|
||||
"firstname": "demo_resetASD3122",
|
||||
"middlename": "demo_resetASD3122",
|
||||
"lastname": "demo_resetASD3122",
|
||||
"username": "demo_resetASD3122",
|
||||
"password": "demo_resetASD3122",
|
||||
"email": "demo_resetASD3122@dev.lauf-fuer-kaya.de"
|
||||
}, {
|
||||
headers: { "authorization": "Bearer " + res_login.data["access_token"] },
|
||||
validateStatus: undefined
|
||||
|
@ -37,7 +37,7 @@ beforeAll(async () => {
|
|||
describe('POST /api/auth/reset valid', () => {
|
||||
let reset_token;
|
||||
it('valid reset token request should return 200 (500 w/o correct auth)', async () => {
|
||||
const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_reset1@dev.lauf-fuer-kaya.de" }, axios_config);
|
||||
const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3121@dev.lauf-fuer-kaya.de" }, axios_config);
|
||||
reset_token = res1.data.resetToken;
|
||||
expect(res1.status).toEqual(200);
|
||||
});
|
||||
|
@ -45,8 +45,8 @@ describe('POST /api/auth/reset valid', () => {
|
|||
// ---------------
|
||||
describe('POST /api/auth/reset invalid requests', () => {
|
||||
it('request another password reset before the timeout should return 406', async () => {
|
||||
const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_reset2@dev.lauf-fuer-kaya.de" }, axios_config);
|
||||
const res2 = await axios.post(base + '/api/auth/reset', { email: "demo_reset2@dev.lauf-fuer-kaya.de" }, axios_config);
|
||||
const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3122@dev.lauf-fuer-kaya.de" }, axios_config);
|
||||
const res2 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3122@dev.lauf-fuer-kaya.de" }, axios_config);
|
||||
expect(res2.status).toEqual(406);
|
||||
});
|
||||
});
|
||||
|
|
|
@ -16,7 +16,7 @@ beforeAll(async () => {
|
|||
});
|
||||
|
||||
// ---------------
|
||||
describe('adding + deletion (non-existant)', () => {
|
||||
describe('deletion (non-existant)', () => {
|
||||
it('delete', async () => {
|
||||
const res2 = await axios.delete(base + '/api/organizations/0', axios_config);
|
||||
expect(res2.status).toEqual(204);
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
import axios from 'axios';
|
||||
import { config } from '../../config';
|
||||
const base = "http://localhost:" + config.internal_port
|
||||
|
||||
let access_token;
|
||||
let axios_config;
|
||||
|
||||
beforeAll(async () => {
|
||||
jest.setTimeout(20000);
|
||||
const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
|
||||
access_token = res.data["access_token"];
|
||||
axios_config = {
|
||||
headers: { "authorization": "Bearer " + access_token },
|
||||
validateStatus: undefined
|
||||
};
|
||||
});
|
||||
|
||||
// ---------------
|
||||
describe('adding + deletion (non-existant)', () => {
|
||||
it('delete', async () => {
|
||||
const res2 = await axios.delete(base + '/api/users/0?force=true', axios_config);
|
||||
expect(res2.status).toEqual(204);
|
||||
});
|
||||
});
|
||||
// ---------------
|
||||
describe('adding + deletion (successfull)', () => {
|
||||
let added_user
|
||||
it('valid user creation with minimal parameters should return 200', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "string",
|
||||
"middlename": "string",
|
||||
"lastname": "string",
|
||||
"email": "demo_123_123_123asdASD@example.com",
|
||||
"password": "demo_123_123_123asdASD",
|
||||
"enabled": true
|
||||
}
|
||||
, axios_config);
|
||||
added_user = res.data;
|
||||
expect(res.status).toEqual(200);
|
||||
});
|
||||
it('delete', async () => {
|
||||
const res2 = await axios.delete(base + '/api/users/' + added_user.id + "?force=true", axios_config);
|
||||
expect(res2.status).toEqual(200);
|
||||
expect(res2.headers['content-type']).toContain("application/json")
|
||||
});
|
||||
it('check if user really was deleted', async () => {
|
||||
const res3 = await axios.get(base + '/api/users/' + added_user.id, axios_config);
|
||||
expect(res3.status).toEqual(404);
|
||||
expect(res3.headers['content-type']).toContain("application/json")
|
||||
});
|
||||
});
|
|
@ -0,0 +1,113 @@
|
|||
import axios from 'axios';
|
||||
import { config } from '../../config';
|
||||
|
||||
const base = "http://localhost:" + config.internal_port
|
||||
|
||||
let axios_config = {};
|
||||
|
||||
beforeAll(async () => {
|
||||
jest.setTimeout(20000);
|
||||
const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
|
||||
let access_token = res.data["access_token"];
|
||||
axios_config = {
|
||||
headers: { "authorization": "Bearer " + access_token },
|
||||
validateStatus: undefined
|
||||
};
|
||||
});
|
||||
|
||||
describe('POST /api/users valid', () => {
|
||||
it('valid user creation with minimal parameters should return 200', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123",
|
||||
"lastname": "demo_createASD123",
|
||||
"password": "demo_createASD123",
|
||||
"email": "demo_createASD123@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(200);
|
||||
});
|
||||
it('valid user creation with all parameters should return 200', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123_2",
|
||||
"middlename": "demo_createASD123_2",
|
||||
"lastname": "demo_createASD123_2",
|
||||
"username": "demo_createASD123_2",
|
||||
"password": "demo_createASD123_2",
|
||||
"email": "demo_createASD123_2@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(200);
|
||||
});
|
||||
});
|
||||
// ---------------
|
||||
describe('POST /api/users invalid -> 400', () => {
|
||||
it('user creation w/o firstname should return 400', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"lastname": "demo_createASD123_3",
|
||||
"password": "demo_createASD123_3",
|
||||
"email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(400);
|
||||
});
|
||||
it('user creation w/o lastname should return 400', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123_3",
|
||||
"password": "demo_createASD123_3",
|
||||
"email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(400);
|
||||
});
|
||||
it('user creation w/o password should return 400', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123_3",
|
||||
"lastname": "demo_createASD123_3",
|
||||
"email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(400);
|
||||
});
|
||||
it('user creation w/o email should return 400', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123_3",
|
||||
"lastname": "demo_createASD123_3",
|
||||
"password": "demo_createASD123_3"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(400);
|
||||
});
|
||||
});
|
||||
// ---------------
|
||||
describe('POST /api/users invalid -> Password errors', () => {
|
||||
it('user creation w/ invalid password -> No numbers should return 406', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123_4",
|
||||
"lastname": "demo_createASD123_4",
|
||||
"password": "demo_createASD",
|
||||
"email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(406);
|
||||
});
|
||||
it('user creation w/ invalid password -> No uppercase should return 406', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123_4",
|
||||
"lastname": "demo_createASD123_4",
|
||||
"password": "demo_create_4",
|
||||
"email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(406);
|
||||
});
|
||||
it('user creation w/ invalid password -> No lowercase should return 406', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123_4",
|
||||
"lastname": "demo_createASD123_4",
|
||||
"password": "DEMO123123ASD",
|
||||
"email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(406);
|
||||
});
|
||||
it('user creation w/ invalid password -> Too short should return 406', async () => {
|
||||
const res = await axios.post(base + '/api/users', {
|
||||
"firstname": "demo_createASD123_4",
|
||||
"lastname": "demo_createASD123_4",
|
||||
"password": "1Aa_",
|
||||
"email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
|
||||
}, axios_config);
|
||||
expect(res.status).toEqual(406);
|
||||
});
|
||||
});
|
Loading…
Reference in New Issue