2016-04-17 16:42:45 +02:00
|
|
|
/* jslint node:true */
|
|
|
|
|
/* global it:false */
|
|
|
|
|
/* global describe:false */
|
|
|
|
|
/* global before:false */
|
|
|
|
|
/* global after:false */
|
|
|
|
|
|
|
|
|
|
'use strict';
|
|
|
|
|
|
2018-04-30 21:44:24 -07:00
|
|
|
var accesscontrol = require('../../accesscontrol.js'),
|
|
|
|
|
config = require('../../config.js'),
|
2016-04-17 16:42:45 +02:00
|
|
|
database = require('../../database.js'),
|
|
|
|
|
expect = require('expect.js'),
|
|
|
|
|
mailer = require('../../mailer.js'),
|
|
|
|
|
superagent = require('superagent'),
|
2018-04-30 21:44:24 -07:00
|
|
|
server = require('../../server.js'),
|
|
|
|
|
tokendb = require('../../tokendb.js');
|
2016-04-17 16:42:45 +02:00
|
|
|
|
2018-01-22 15:55:55 +01:00
|
|
|
const SERVER_URL = 'http://localhost:' + config.get('port');
|
2016-04-17 16:42:45 +02:00
|
|
|
|
2018-01-22 15:55:55 +01:00
|
|
|
const USERNAME_0 = 'superaDmIn';
|
|
|
|
|
const PASSWORD = 'Foobar?1337';
|
|
|
|
|
const EMAIL_0 = 'silLY@me.com';
|
|
|
|
|
const EMAIL_0_NEW = 'stupID@me.com';
|
|
|
|
|
const EMAIL_0_NEW_FALLBACK = 'stupIDfallback@me.com';
|
|
|
|
|
const DISPLAY_NAME_0_NEW = 'New Name';
|
2016-04-17 16:42:45 +02:00
|
|
|
|
|
|
|
|
describe('Profile API', function () {
|
|
|
|
|
this.timeout(5000);
|
|
|
|
|
|
2016-05-06 14:03:24 +02:00
|
|
|
var user_0 = null;
|
2016-04-17 16:42:45 +02:00
|
|
|
var token_0;
|
|
|
|
|
|
|
|
|
|
function setup(done) {
|
2017-11-27 15:30:55 -08:00
|
|
|
config._reset();
|
|
|
|
|
config.setFqdn('example-profile-test.com');
|
|
|
|
|
|
2016-04-17 16:42:45 +02:00
|
|
|
server.start(function (error) {
|
|
|
|
|
expect(!error).to.be.ok();
|
|
|
|
|
|
|
|
|
|
mailer._clearMailQueue();
|
|
|
|
|
|
2016-04-17 17:51:37 +02:00
|
|
|
database._clear(function (error) {
|
2016-04-17 16:42:45 +02:00
|
|
|
expect(error).to.eql(null);
|
|
|
|
|
|
|
|
|
|
superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
|
2018-01-18 13:41:10 -08:00
|
|
|
.query({ setupToken: 'somesetuptoken' })
|
|
|
|
|
.send({ username: USERNAME_0, password: PASSWORD, email: EMAIL_0 })
|
|
|
|
|
.end(function (err, res) {
|
|
|
|
|
expect(err).to.eql(null);
|
|
|
|
|
expect(res.statusCode).to.equal(201);
|
2016-04-17 16:42:45 +02:00
|
|
|
|
2018-01-18 13:41:10 -08:00
|
|
|
// stash for later use
|
|
|
|
|
token_0 = res.body.token;
|
2016-04-17 16:42:45 +02:00
|
|
|
|
2018-01-18 13:41:10 -08:00
|
|
|
done();
|
|
|
|
|
});
|
2016-04-17 16:42:45 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function cleanup(done) {
|
|
|
|
|
database._clear(function (error) {
|
|
|
|
|
expect(!error).to.be.ok();
|
|
|
|
|
|
|
|
|
|
mailer._clearMailQueue();
|
|
|
|
|
|
|
|
|
|
server.stop(done);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
describe('get profile', function () {
|
|
|
|
|
before(setup);
|
|
|
|
|
after(cleanup);
|
|
|
|
|
|
|
|
|
|
it('fails without token', function (done) {
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.get(SERVER_URL + '/api/v1/user/profile/').end(function (error, result) {
|
2016-04-17 16:42:45 +02:00
|
|
|
expect(result.statusCode).to.equal(401);
|
|
|
|
|
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('fails with empty token', function (done) {
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.get(SERVER_URL + '/api/v1/user/profile/').query({ access_token: '' }).end(function (error, result) {
|
2016-04-17 16:42:45 +02:00
|
|
|
expect(result.statusCode).to.equal(401);
|
|
|
|
|
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('fails with invalid token', function (done) {
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.get(SERVER_URL + '/api/v1/user/profile/').query({ access_token: 'some token' }).end(function (error, result) {
|
2016-04-17 16:42:45 +02:00
|
|
|
expect(result.statusCode).to.equal(401);
|
|
|
|
|
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('succeeds', function (done) {
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.get(SERVER_URL + '/api/v1/user/profile/').query({ access_token: token_0 }).end(function (error, result) {
|
2016-04-17 16:42:45 +02:00
|
|
|
expect(result.statusCode).to.equal(200);
|
|
|
|
|
expect(result.body.username).to.equal(USERNAME_0.toLowerCase());
|
|
|
|
|
expect(result.body.email).to.equal(EMAIL_0.toLowerCase());
|
2018-01-22 15:55:55 +01:00
|
|
|
expect(result.body.fallbackEmail).to.equal(EMAIL_0.toLowerCase());
|
2016-04-17 16:42:45 +02:00
|
|
|
expect(result.body.admin).to.be.ok();
|
2016-05-06 14:02:21 +02:00
|
|
|
expect(result.body.displayName).to.be.a('string');
|
|
|
|
|
expect(result.body.password).to.not.be.ok();
|
|
|
|
|
expect(result.body.salt).to.not.be.ok();
|
2016-04-17 16:42:45 +02:00
|
|
|
|
|
|
|
|
user_0 = result.body;
|
|
|
|
|
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('fails with expired token', function (done) {
|
|
|
|
|
var token = tokendb.generateToken();
|
2016-04-17 16:49:09 +02:00
|
|
|
var expires = Date.now() - 2000; // 1 sec
|
2016-04-17 16:42:45 +02:00
|
|
|
|
2018-04-30 21:44:24 -07:00
|
|
|
tokendb.add(token, user_0.id, null, expires, accesscontrol.SCOPE_ANY, function (error) {
|
2016-04-17 16:42:45 +02:00
|
|
|
expect(error).to.not.be.ok();
|
|
|
|
|
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.get(SERVER_URL + '/api/v1/user/profile').query({ access_token: token }).end(function (error, result) {
|
2016-04-17 16:42:45 +02:00
|
|
|
expect(result.statusCode).to.equal(401);
|
|
|
|
|
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('fails with invalid token in auth header', function (done) {
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.get(SERVER_URL + '/api/v1/user/profile').set('Authorization', 'Bearer ' + 'x' + token_0).end(function (error, result) {
|
2016-04-17 16:42:45 +02:00
|
|
|
expect(result.statusCode).to.equal(401);
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('succeeds with token in auth header', function (done) {
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.get(SERVER_URL + '/api/v1/user/profile').set('Authorization', 'Bearer ' + token_0).end(function (error, result) {
|
2016-04-17 16:42:45 +02:00
|
|
|
expect(result.statusCode).to.equal(200);
|
|
|
|
|
expect(result.body.username).to.equal(USERNAME_0.toLowerCase());
|
|
|
|
|
expect(result.body.email).to.equal(EMAIL_0.toLowerCase());
|
|
|
|
|
expect(result.body.admin).to.be.ok();
|
|
|
|
|
expect(result.body.displayName).to.be.a('string');
|
|
|
|
|
expect(result.body.password).to.not.be.ok();
|
|
|
|
|
expect(result.body.salt).to.not.be.ok();
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('update', function () {
|
|
|
|
|
before(setup);
|
|
|
|
|
after(cleanup);
|
|
|
|
|
|
|
|
|
|
it('change email fails due to missing token', function (done) {
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.post(SERVER_URL + '/api/v1/user/profile')
|
2018-01-18 13:41:10 -08:00
|
|
|
.send({ email: EMAIL_0_NEW })
|
|
|
|
|
.end(function (error, result) {
|
|
|
|
|
expect(result.statusCode).to.equal(401);
|
|
|
|
|
done();
|
|
|
|
|
});
|
2016-04-17 16:42:45 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('change email fails due to invalid email', function (done) {
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.post(SERVER_URL + '/api/v1/user/profile')
|
2018-01-18 13:41:10 -08:00
|
|
|
.query({ access_token: token_0 })
|
|
|
|
|
.send({ email: 'foo@bar' })
|
|
|
|
|
.end(function (error, result) {
|
|
|
|
|
expect(result.statusCode).to.equal(400);
|
|
|
|
|
done();
|
|
|
|
|
});
|
2016-04-17 16:42:45 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('change user succeeds without email nor displayName', function (done) {
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.post(SERVER_URL + '/api/v1/user/profile')
|
2018-01-18 13:41:10 -08:00
|
|
|
.query({ access_token: token_0 })
|
|
|
|
|
.send({})
|
|
|
|
|
.end(function (error, result) {
|
|
|
|
|
expect(result.statusCode).to.equal(204);
|
|
|
|
|
done();
|
|
|
|
|
});
|
2016-04-17 16:42:45 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('change email succeeds', function (done) {
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.post(SERVER_URL + '/api/v1/user/profile')
|
2018-01-18 13:41:10 -08:00
|
|
|
.query({ access_token: token_0 })
|
2018-01-22 15:55:55 +01:00
|
|
|
.send({ email: EMAIL_0_NEW, fallbackEmail: EMAIL_0_NEW_FALLBACK })
|
2018-01-18 13:41:10 -08:00
|
|
|
.end(function (error, result) {
|
|
|
|
|
expect(result.statusCode).to.equal(204);
|
|
|
|
|
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.get(SERVER_URL + '/api/v1/user/profile')
|
2018-01-18 13:41:10 -08:00
|
|
|
.query({ access_token: token_0 })
|
|
|
|
|
.end(function (err, res) {
|
|
|
|
|
expect(res.statusCode).to.equal(200);
|
|
|
|
|
expect(res.body.username).to.equal(USERNAME_0.toLowerCase());
|
|
|
|
|
expect(res.body.email).to.equal(EMAIL_0_NEW.toLowerCase());
|
2018-01-22 15:55:55 +01:00
|
|
|
expect(res.body.fallbackEmail).to.equal(EMAIL_0_NEW_FALLBACK.toLowerCase());
|
2018-01-18 13:41:10 -08:00
|
|
|
expect(res.body.admin).to.equal(true);
|
|
|
|
|
expect(res.body.displayName).to.equal('');
|
|
|
|
|
|
|
|
|
|
done();
|
|
|
|
|
});
|
2016-04-17 16:42:45 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('change displayName succeeds', function (done) {
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.post(SERVER_URL + '/api/v1/user/profile')
|
2018-01-18 13:41:10 -08:00
|
|
|
.query({ access_token: token_0 })
|
|
|
|
|
.send({ displayName: DISPLAY_NAME_0_NEW })
|
|
|
|
|
.end(function (error, result) {
|
|
|
|
|
expect(result.statusCode).to.equal(204);
|
|
|
|
|
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.get(SERVER_URL + '/api/v1/user/profile')
|
2018-01-18 13:41:10 -08:00
|
|
|
.query({ access_token: token_0 })
|
|
|
|
|
.end(function (err, res) {
|
|
|
|
|
expect(res.statusCode).to.equal(200);
|
|
|
|
|
expect(res.body.username).to.equal(USERNAME_0.toLowerCase());
|
|
|
|
|
expect(res.body.email).to.equal(EMAIL_0_NEW.toLowerCase());
|
|
|
|
|
expect(res.body.admin).to.be.ok();
|
|
|
|
|
expect(res.body.displayName).to.equal(DISPLAY_NAME_0_NEW);
|
|
|
|
|
|
|
|
|
|
done();
|
|
|
|
|
});
|
2016-04-17 16:42:45 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2016-04-17 17:51:37 +02:00
|
|
|
describe('password change', function () {
|
2016-04-17 16:42:45 +02:00
|
|
|
before(setup);
|
2016-04-17 17:51:37 +02:00
|
|
|
after(cleanup);
|
2016-04-17 16:42:45 +02:00
|
|
|
|
2016-05-06 14:02:21 +02:00
|
|
|
it('fails due to missing current password', function (done) {
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.post(SERVER_URL + '/api/v1/user/profile/password')
|
2018-01-18 13:41:10 -08:00
|
|
|
.query({ access_token: token_0 })
|
|
|
|
|
.send({ newPassword: 'some wrong password' })
|
|
|
|
|
.end(function (err, res) {
|
|
|
|
|
expect(res.statusCode).to.equal(400);
|
|
|
|
|
done();
|
|
|
|
|
});
|
2016-04-17 16:42:45 +02:00
|
|
|
});
|
|
|
|
|
|
2016-05-06 14:02:21 +02:00
|
|
|
it('fails due to missing new password', function (done) {
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.post(SERVER_URL + '/api/v1/user/profile/password')
|
2018-01-18 13:41:10 -08:00
|
|
|
.query({ access_token: token_0 })
|
|
|
|
|
.send({ password: PASSWORD })
|
|
|
|
|
.end(function (err, res) {
|
|
|
|
|
expect(res.statusCode).to.equal(400);
|
|
|
|
|
done();
|
|
|
|
|
});
|
2016-04-17 16:42:45 +02:00
|
|
|
});
|
|
|
|
|
|
2016-05-06 14:02:21 +02:00
|
|
|
it('fails due to wrong password', function (done) {
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.post(SERVER_URL + '/api/v1/user/profile/password')
|
2018-01-18 13:41:10 -08:00
|
|
|
.query({ access_token: token_0 })
|
|
|
|
|
.send({ password: 'some wrong password', newPassword: 'MOre#$%34' })
|
|
|
|
|
.end(function (err, res) {
|
|
|
|
|
expect(res.statusCode).to.equal(403);
|
|
|
|
|
done();
|
|
|
|
|
});
|
2016-04-17 16:42:45 +02:00
|
|
|
});
|
|
|
|
|
|
2016-05-06 14:02:21 +02:00
|
|
|
it('fails due to invalid password', function (done) {
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.post(SERVER_URL + '/api/v1/user/profile/password')
|
2018-01-18 13:41:10 -08:00
|
|
|
.query({ access_token: token_0 })
|
|
|
|
|
.send({ password: PASSWORD, newPassword: 'five' })
|
|
|
|
|
.end(function (err, res) {
|
|
|
|
|
expect(res.statusCode).to.equal(400);
|
|
|
|
|
done();
|
|
|
|
|
});
|
2016-04-17 16:42:45 +02:00
|
|
|
});
|
|
|
|
|
|
2016-05-06 14:02:21 +02:00
|
|
|
it('succeeds', function (done) {
|
2018-04-26 19:57:44 -07:00
|
|
|
superagent.post(SERVER_URL + '/api/v1/user/profile/password')
|
2018-01-18 13:41:10 -08:00
|
|
|
.query({ access_token: token_0 })
|
|
|
|
|
.send({ password: PASSWORD, newPassword: 'MOre#$%34' })
|
|
|
|
|
.end(function (err, res) {
|
|
|
|
|
expect(res.statusCode).to.equal(204);
|
|
|
|
|
done();
|
|
|
|
|
});
|
2016-04-17 16:42:45 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
