src/routes/test/developer-test.js

'use strict';

/* jslint node:true */
/* global it:false */
/* global describe:false */
/* global before:false */
/* global after:false */

var async = require('async'),
    constants = require('../../constants.js'),
    database = require('../../database.js'),
    expect = require('expect.js'),
    speakeasy = require('speakeasy'),
    superagent = require('superagent'),
    server = require('../../server.js');

var SERVER_URL = 'http://localhost:' + constants.PORT;

var USERNAME = 'superadmin', PASSWORD = 'Foobar?1337', EMAIL ='silly@me.com';

function setup(done) {
    async.series([
        server.start.bind(server),
        database._clear
    ], done);
}

function cleanup(done) {
    database._clear(function (error) {
        expect(error).to.not.be.ok();

        server.stop(done);
    });
}

describe('Developer API', function () {
    describe('login', function () {
        before(function (done) {
            async.series([
                setup,
                function (callback) {
                    superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                        .query({ setupToken: 'somesetuptoken' })
                        .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
                        .end(function (error, result) {
                            expect(result).to.be.ok();

                            callback();
                        });
                },
            ], done);
        });

        after(cleanup);

        it('fails without body', function (done) {
            superagent.post(SERVER_URL + '/api/v1/developer/login')
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(401);
                    done();
                });
        });

        it('fails without username', function (done) {
            superagent.post(SERVER_URL + '/api/v1/developer/login')
                .send({ password: PASSWORD })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(401);
                    done();
                });
        });

        it('fails without password', function (done) {
            superagent.post(SERVER_URL + '/api/v1/developer/login')
                .send({ username: USERNAME })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(401);
                    done();
                });
        });

        it('fails with empty username', function (done) {
            superagent.post(SERVER_URL + '/api/v1/developer/login')
                .send({ username: '', password: PASSWORD })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(401);
                    done();
                });
        });

        it('fails with empty password', function (done) {
            superagent.post(SERVER_URL + '/api/v1/developer/login')
                .send({ username: USERNAME, password: '' })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(401);
                    done();
                });
        });

        it('fails with unknown username', function (done) {
            superagent.post(SERVER_URL + '/api/v1/developer/login')
                .send({ username: USERNAME + USERNAME, password: PASSWORD })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(401);
                    done();
                });
        });

        it('fails with unknown email', function (done) {
            superagent.post(SERVER_URL + '/api/v1/developer/login')
                .send({ username: USERNAME + EMAIL, password: PASSWORD })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(401);
                    done();
                });
        });

        it('fails with wrong password', function (done) {
            superagent.post(SERVER_URL + '/api/v1/developer/login')
                .send({ username: USERNAME, password: PASSWORD.toUpperCase() })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(401);
                    done();
                });
        });

        it('with username succeeds', function (done) {
            superagent.post(SERVER_URL + '/api/v1/developer/login')
                .send({ username: USERNAME, password: PASSWORD })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(200);
                    expect(new Date(result.body.expires).toString()).to.not.be('Invalid Date');
                    expect(result.body.accessToken).to.be.a('string');
                    done();
                });
        });

        it('with uppercase username succeeds', function (done) {
            superagent.post(SERVER_URL + '/api/v1/developer/login')
                .send({ username: USERNAME.toUpperCase(), password: PASSWORD })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(200);
                    expect(new Date(result.body.expires).toString()).to.not.be('Invalid Date');
                    expect(result.body.accessToken).to.be.a('string');
                    done();
                });
        });

        it('with email succeeds', function (done) {
            superagent.post(SERVER_URL + '/api/v1/developer/login')
                .send({ username: EMAIL, password: PASSWORD })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(200);
                    expect(new Date(result.body.expires).toString()).to.not.be('Invalid Date');
                    expect(result.body.accessToken).to.be.a('string');
                    done();
                });
        });

        it('with uppercase email succeeds', function (done) {
            superagent.post(SERVER_URL + '/api/v1/developer/login')
                .send({ username: EMAIL.toUpperCase(), password: PASSWORD })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(200);
                    expect(new Date(result.body.expires).toString()).to.not.be('Invalid Date');
                    expect(result.body.accessToken).to.be.a('string');
                    done();
                });
        });
    });

    describe('2fa login', function () {
        var secret, accessToken;

        before(function (done) {
            async.series([
                setup,
                function (callback) {
                    superagent.post(`${SERVER_URL}/api/v1/cloudron/activate`).query({ setupToken: 'somesetuptoken' }).send({ username: USERNAME, password: PASSWORD, email: EMAIL }).end(function (error) {
                        callback(error);
                    });
                },
                function (callback) {
                    superagent.post(`${SERVER_URL}/api/v1/developer/login`).send({ username: USERNAME, password: PASSWORD }).end(function (error, result) {
                        accessToken = result.body.accessToken;
                        callback(error);
                    });
                },
                function (callback) {
                    superagent.post(`${SERVER_URL}/api/v1/profile/twofactorauthentication`).query({ access_token: accessToken }).end(function (error, result) {
                        secret = result.body.secret;
                        callback(error);
                    });
                },
                function (callback) {
                    var totpToken = speakeasy.totp({
                        secret: secret,
                        encoding: 'base32'
                    });

                    superagent.post(`${SERVER_URL}/api/v1/profile/twofactorauthentication/enable`).query({ access_token: accessToken }).send({ totpToken: totpToken }).end(function (error) {
                        callback(error);
                    });
                }
            ], done);
        });

        after(function (done) {
            async.series([
                function (callback) {
                    superagent.post(`${SERVER_URL}/api/v1/profile/twofactorauthentication/disable`).query({ access_token: accessToken }).send({ password: PASSWORD }).end(function (error) {
                        callback(error);
                    });
                },
                cleanup
            ], done);
        });

        it('fails due to missing token', function (done) {
            superagent.post(`${SERVER_URL}/api/v1/developer/login`).send({ username: USERNAME, password: PASSWORD }).end(function (error, result) {
                expect(result.statusCode).to.equal(401);
                done();
            });
        });

        it('fails due to wrong token', function (done) {
            superagent.post(`${SERVER_URL}/api/v1/developer/login`).send({ username: USERNAME, password: PASSWORD }).send({ totpToken: 'wrongtoken' }).end(function (error, result) {
                expect(result.statusCode).to.equal(401);
                done();
            });
        });

        it('succeeds', function (done) {
            var totpToken = speakeasy.totp({
                secret: secret,
                encoding: 'base32'
            });

            superagent.post(`${SERVER_URL}/api/v1/developer/login`).send({ username: USERNAME, password: PASSWORD }).send({ totpToken: totpToken }).end(function (error, result) {
                expect(error).to.be(null);
                expect(result.statusCode).to.equal(200);
                expect(result.body).to.be.an(Object);
                expect(result.body.accessToken).to.be.a('string');
                done();
            });
        });
    });
});
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`'use strict';`

			`/* jslint node:true */`
			`/* global it:false */`
			`/* global describe:false */`
			`/* global before:false */`
			`/* global after:false */`

			`var async = require('async'),`
Make port a constant 2019-07-25 15:43:51 -07:00			`constants = require('../../constants.js'),`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`database = require('../../database.js'),`
			`expect = require('expect.js'),`
Add 2fa tests for developer login api 2018-04-27 12:29:11 +02:00			`speakeasy = require('speakeasy'),`
update superagent the latest superchanged changed the meaning of 'error'. Previously, error implied a network error. With the latest superagent, error means a REST api error i.e 4xx, 5xx are flagged as errors. error && !error.response means network error 2015-12-15 09:12:52 -08:00			`superagent = require('superagent'),`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`server = require('../../server.js');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
Make port a constant 2019-07-25 15:43:51 -07:00			`var SERVER_URL = 'http://localhost:' + constants.PORT;`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
reserve the "admin" username 2016-04-13 16:50:20 -07:00			`var USERNAME = 'superadmin', PASSWORD = 'Foobar?1337', EMAIL ='silly@me.com';`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
			`function setup(done) {`
Fix route/ tests 2017-11-27 15:30:55 -08:00			`async.series([`
			`server.start.bind(server),`
			`database._clear`
			`], done);`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`}`

			`function cleanup(done) {`
			`database._clear(function (error) {`
			`expect(error).to.not.be.ok();`

			`server.stop(done);`
			`});`
			`}`

			`describe('Developer API', function () {`
			`describe('login', function () {`
			`before(function (done) {`
			`async.series([`
			`setup,`
			`function (callback) {`
update superagent the latest superchanged changed the meaning of 'error'. Previously, error implied a network error. With the latest superagent, error means a REST api error i.e 4xx, 5xx are flagged as errors. error && !error.response means network error 2015-12-15 09:12:52 -08:00			`superagent.post(SERVER_URL + '/api/v1/cloudron/activate')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.query({ setupToken: 'somesetuptoken' })`
			`.send({ username: USERNAME, password: PASSWORD, email: EMAIL })`
			`.end(function (error, result) {`
			`expect(result).to.be.ok();`

			`callback();`
			`});`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`},`
			`], done);`
			`});`

			`after(cleanup);`

			`it('fails without body', function (done) {`
update superagent the latest superchanged changed the meaning of 'error'. Previously, error implied a network error. With the latest superagent, error means a REST api error i.e 4xx, 5xx are flagged as errors. error && !error.response means network error 2015-12-15 09:12:52 -08:00			`superagent.post(SERVER_URL + '/api/v1/developer/login')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(401);`
			`done();`
			`});`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`

			`it('fails without username', function (done) {`
update superagent the latest superchanged changed the meaning of 'error'. Previously, error implied a network error. With the latest superagent, error means a REST api error i.e 4xx, 5xx are flagged as errors. error && !error.response means network error 2015-12-15 09:12:52 -08:00			`superagent.post(SERVER_URL + '/api/v1/developer/login')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.send({ password: PASSWORD })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(401);`
			`done();`
			`});`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`

			`it('fails without password', function (done) {`
update superagent the latest superchanged changed the meaning of 'error'. Previously, error implied a network error. With the latest superagent, error means a REST api error i.e 4xx, 5xx are flagged as errors. error && !error.response means network error 2015-12-15 09:12:52 -08:00			`superagent.post(SERVER_URL + '/api/v1/developer/login')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.send({ username: USERNAME })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(401);`
			`done();`
			`});`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`

			`it('fails with empty username', function (done) {`
update superagent the latest superchanged changed the meaning of 'error'. Previously, error implied a network error. With the latest superagent, error means a REST api error i.e 4xx, 5xx are flagged as errors. error && !error.response means network error 2015-12-15 09:12:52 -08:00			`superagent.post(SERVER_URL + '/api/v1/developer/login')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.send({ username: '', password: PASSWORD })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(401);`
			`done();`
			`});`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`

			`it('fails with empty password', function (done) {`
update superagent the latest superchanged changed the meaning of 'error'. Previously, error implied a network error. With the latest superagent, error means a REST api error i.e 4xx, 5xx are flagged as errors. error && !error.response means network error 2015-12-15 09:12:52 -08:00			`superagent.post(SERVER_URL + '/api/v1/developer/login')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.send({ username: USERNAME, password: '' })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(401);`
			`done();`
			`});`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`

			`it('fails with unknown username', function (done) {`
update superagent the latest superchanged changed the meaning of 'error'. Previously, error implied a network error. With the latest superagent, error means a REST api error i.e 4xx, 5xx are flagged as errors. error && !error.response means network error 2015-12-15 09:12:52 -08:00			`superagent.post(SERVER_URL + '/api/v1/developer/login')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.send({ username: USERNAME + USERNAME, password: PASSWORD })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(401);`
			`done();`
			`});`
Test case-insensitive developer login 2016-04-13 12:39:50 +02:00			`});`

			`it('fails with unknown email', function (done) {`
			`superagent.post(SERVER_URL + '/api/v1/developer/login')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.send({ username: USERNAME + EMAIL, password: PASSWORD })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(401);`
			`done();`
			`});`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`

			`it('fails with wrong password', function (done) {`
update superagent the latest superchanged changed the meaning of 'error'. Previously, error implied a network error. With the latest superagent, error means a REST api error i.e 4xx, 5xx are flagged as errors. error && !error.response means network error 2015-12-15 09:12:52 -08:00			`superagent.post(SERVER_URL + '/api/v1/developer/login')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.send({ username: USERNAME, password: PASSWORD.toUpperCase() })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(401);`
			`done();`
			`});`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`

			`it('with username succeeds', function (done) {`
update superagent the latest superchanged changed the meaning of 'error'. Previously, error implied a network error. With the latest superagent, error means a REST api error i.e 4xx, 5xx are flagged as errors. error && !error.response means network error 2015-12-15 09:12:52 -08:00			`superagent.post(SERVER_URL + '/api/v1/developer/login')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.send({ username: USERNAME, password: PASSWORD })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(200);`
merge developer.js into clients.js 2018-05-01 13:40:25 -07:00			`expect(new Date(result.body.expires).toString()).to.not.be('Invalid Date');`
			`expect(result.body.accessToken).to.be.a('string');`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`done();`
			`});`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`

Test case-insensitive developer login 2016-04-13 12:39:50 +02:00			`it('with uppercase username succeeds', function (done) {`
			`superagent.post(SERVER_URL + '/api/v1/developer/login')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.send({ username: USERNAME.toUpperCase(), password: PASSWORD })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(200);`
merge developer.js into clients.js 2018-05-01 13:40:25 -07:00			`expect(new Date(result.body.expires).toString()).to.not.be('Invalid Date');`
			`expect(result.body.accessToken).to.be.a('string');`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`done();`
			`});`
Test case-insensitive developer login 2016-04-13 12:39:50 +02:00			`});`

app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`it('with email succeeds', function (done) {`
update superagent the latest superchanged changed the meaning of 'error'. Previously, error implied a network error. With the latest superagent, error means a REST api error i.e 4xx, 5xx are flagged as errors. error && !error.response means network error 2015-12-15 09:12:52 -08:00			`superagent.post(SERVER_URL + '/api/v1/developer/login')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.send({ username: EMAIL, password: PASSWORD })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(200);`
merge developer.js into clients.js 2018-05-01 13:40:25 -07:00			`expect(new Date(result.body.expires).toString()).to.not.be('Invalid Date');`
			`expect(result.body.accessToken).to.be.a('string');`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`done();`
			`});`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`
Test case-insensitive developer login 2016-04-13 12:39:50 +02:00
			`it('with uppercase email succeeds', function (done) {`
			`superagent.post(SERVER_URL + '/api/v1/developer/login')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.send({ username: EMAIL.toUpperCase(), password: PASSWORD })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(200);`
merge developer.js into clients.js 2018-05-01 13:40:25 -07:00			`expect(new Date(result.body.expires).toString()).to.not.be('Invalid Date');`
			`expect(result.body.accessToken).to.be.a('string');`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`done();`
			`});`
Test case-insensitive developer login 2016-04-13 12:39:50 +02:00			`});`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`
Add test case for developer tokens 2016-06-03 11:11:11 +02:00
Add 2fa tests for developer login api 2018-04-27 12:29:11 +02:00			`describe('2fa login', function () {`
			`var secret, accessToken;`

			`before(function (done) {`
			`async.series([`
			`setup,`
			`function (callback) {`
config.js is dead, long live config.js we use settings now 2019-07-26 10:49:29 -07:00			superagent.post(`${SERVER_URL}/api/v1/cloudron/activate`).query({ setupToken: 'somesetuptoken' }).send({ username: USERNAME, password: PASSWORD, email: EMAIL }).end(function (error) {
Add 2fa tests for developer login api 2018-04-27 12:29:11 +02:00			`callback(error);`
			`});`
			`},`
			`function (callback) {`
			superagent.post(`${SERVER_URL}/api/v1/developer/login`).send({ username: USERNAME, password: PASSWORD }).end(function (error, result) {
merge developer.js into clients.js 2018-05-01 13:40:25 -07:00			`accessToken = result.body.accessToken;`
Add 2fa tests for developer login api 2018-04-27 12:29:11 +02:00			`callback(error);`
			`});`
			`},`
			`function (callback) {`
remove /user from profile route 2018-05-13 21:52:48 -07:00			superagent.post(`${SERVER_URL}/api/v1/profile/twofactorauthentication`).query({ access_token: accessToken }).end(function (error, result) {
Add 2fa tests for developer login api 2018-04-27 12:29:11 +02:00			`secret = result.body.secret;`
			`callback(error);`
			`});`
			`},`
			`function (callback) {`
			`var totpToken = speakeasy.totp({`
			`secret: secret,`
			`encoding: 'base32'`
			`});`

config.js is dead, long live config.js we use settings now 2019-07-26 10:49:29 -07:00			superagent.post(`${SERVER_URL}/api/v1/profile/twofactorauthentication/enable`).query({ access_token: accessToken }).send({ totpToken: totpToken }).end(function (error) {
Add 2fa tests for developer login api 2018-04-27 12:29:11 +02:00			`callback(error);`
			`});`
			`}`
			`], done);`
			`});`

			`after(function (done) {`
			`async.series([`
			`function (callback) {`
config.js is dead, long live config.js we use settings now 2019-07-26 10:49:29 -07:00			superagent.post(`${SERVER_URL}/api/v1/profile/twofactorauthentication/disable`).query({ access_token: accessToken }).send({ password: PASSWORD }).end(function (error) {
Add 2fa tests for developer login api 2018-04-27 12:29:11 +02:00			`callback(error);`
			`});`
			`},`
			`cleanup`
			`], done);`
			`});`

			`it('fails due to missing token', function (done) {`
			superagent.post(`${SERVER_URL}/api/v1/developer/login`).send({ username: USERNAME, password: PASSWORD }).end(function (error, result) {
			`expect(result.statusCode).to.equal(401);`
			`done();`
			`});`
			`});`

			`it('fails due to wrong token', function (done) {`
			superagent.post(`${SERVER_URL}/api/v1/developer/login`).send({ username: USERNAME, password: PASSWORD }).send({ totpToken: 'wrongtoken' }).end(function (error, result) {
			`expect(result.statusCode).to.equal(401);`
			`done();`
			`});`
			`});`

			`it('succeeds', function (done) {`
			`var totpToken = speakeasy.totp({`
			`secret: secret,`
			`encoding: 'base32'`
			`});`

			superagent.post(`${SERVER_URL}/api/v1/developer/login`).send({ username: USERNAME, password: PASSWORD }).send({ totpToken: totpToken }).end(function (error, result) {
			`expect(error).to.be(null);`
			`expect(result.statusCode).to.equal(200);`
			`expect(result.body).to.be.an(Object);`
merge developer.js into clients.js 2018-05-01 13:40:25 -07:00			`expect(result.body.accessToken).to.be.a('string');`
Add 2fa tests for developer login api 2018-04-27 12:29:11 +02:00			`done();`
			`});`
			`});`
			`});`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`