jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add app passwords feature

Browse Source
This commit is contained in:
Girish Ramakrishnan
2020-01-31 15:28:42 -08:00
parent e3878fa381
commit 3427db3983
17 changed files with 459 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
src/test/users-test.js
View File

@@ -233,7 +233,7 @@ describe('User', function () {
after(cleanupUsers);
it('fails due to non existing user', function (done) {
users.verify('somerandomid', PASSWORD, function (error, result) {
users.verify('somerandomid', PASSWORD, users.AP_WEBADMIN, function (error, result) {
expect(error).to.be.ok();
expect(result).to.not.be.ok();
expect(error.reason).to.equal(BoxError.NOT_FOUND);
@@ -243,7 +243,7 @@ describe('User', function () {
});
it('fails due to empty password', function (done) {
users.verify(userObject.id, '', function (error, result) {
users.verify(userObject.id, '', users.AP_WEBADMIN, function (error, result) {
expect(error).to.be.ok();
expect(result).to.not.be.ok();
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
@@ -253,7 +253,7 @@ describe('User', function () {
});
it('fails due to wrong password', function (done) {
users.verify(userObject.id, PASSWORD+PASSWORD, function (error, result) {
users.verify(userObject.id, PASSWORD+PASSWORD, users.AP_WEBADMIN, function (error, result) {
expect(error).to.be.ok();
expect(result).to.not.be.ok();
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
@@ -263,7 +263,7 @@ describe('User', function () {
});
it('succeeds', function (done) {
users.verify(userObject.id, PASSWORD, function (error, result) {
users.verify(userObject.id, PASSWORD, users.AP_WEBADMIN, function (error, result) {
expect(error).to.not.be.ok();
expect(result).to.be.ok();
@@ -272,7 +272,7 @@ describe('User', function () {
});
it('fails for ghost if not enabled', function (done) {
users.verify(userObject.id, 'foobar', function (error) {
users.verify(userObject.id, 'foobar', users.AP_WEBADMIN, function (error) {
expect(error).to.be.a(BoxError);
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
done();
@@ -284,7 +284,7 @@ describe('User', function () {
ghost[userObject.username] = 'testpassword';
fs.writeFileSync(constants.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8');
users.verify(userObject.id, 'foobar', function (error) {
users.verify(userObject.id, 'foobar', users.AP_WEBADMIN, function (error) {
fs.unlinkSync(constants.GHOST_USER_FILE);
expect(error).to.be.a(BoxError);
@@ -298,7 +298,7 @@ describe('User', function () {
ghost[userObject.username] = 'testpassword';
fs.writeFileSync(constants.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8');
users.verify(userObject.id, 'testpassword', function (error, result) {
users.verify(userObject.id, 'testpassword', users.AP_WEBADMIN, function (error, result) {
fs.unlinkSync(constants.GHOST_USER_FILE);
expect(error).to.equal(null);
@@ -316,7 +316,7 @@ describe('User', function () {
ghost[userObject.username] = 'testpassword';
fs.writeFileSync(constants.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8');
users.verify(userObject.id, PASSWORD, function (error, result) {
users.verify(userObject.id, PASSWORD, users.AP_WEBADMIN, function (error, result) {
fs.unlinkSync(constants.GHOST_USER_FILE);
expect(error).to.not.be.ok();
@@ -333,7 +333,7 @@ describe('User', function () {
after(cleanupUsers);
it('fails due to non existing username', function (done) {
users.verifyWithUsername(USERNAME+USERNAME, PASSWORD, function (error, result) {
users.verifyWithUsername(USERNAME+USERNAME, PASSWORD, users.AP_WEBADMIN, function (error, result) {
expect(error).to.be.ok();
expect(result).to.not.be.ok();
expect(error.reason).to.equal(BoxError.NOT_FOUND);
@@ -343,7 +343,7 @@ describe('User', function () {
});
it('fails due to empty password', function (done) {
users.verifyWithUsername(USERNAME, '', function (error, result) {
users.verifyWithUsername(USERNAME, '', users.AP_WEBADMIN, function (error, result) {
expect(error).to.be.ok();
expect(result).to.not.be.ok();
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
@@ -353,7 +353,7 @@ describe('User', function () {
});
it('fails due to wrong password', function (done) {
users.verifyWithUsername(USERNAME, PASSWORD+PASSWORD, function (error, result) {
users.verifyWithUsername(USERNAME, PASSWORD+PASSWORD, users.AP_WEBADMIN, function (error, result) {
expect(error).to.be.ok();
expect(result).to.not.be.ok();
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
@@ -363,7 +363,7 @@ describe('User', function () {
});
it('succeeds', function (done) {
users.verifyWithUsername(USERNAME, PASSWORD, function (error, result) {
users.verifyWithUsername(USERNAME, PASSWORD, users.AP_WEBADMIN, function (error, result) {
expect(error).to.not.be.ok();
expect(result).to.be.ok();
@@ -372,7 +372,7 @@ describe('User', function () {
});
it('succeeds for different username case', function (done) {
users.verifyWithUsername(USERNAME.toUpperCase(), PASSWORD, function (error, result) {
users.verifyWithUsername(USERNAME.toUpperCase(), PASSWORD, users.AP_WEBADMIN, function (error, result) {
expect(error).to.not.be.ok();
expect(result).to.be.ok();
@@ -386,7 +386,7 @@ describe('User', function () {
fs.writeFileSync(constants.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8');
users.verifyWithUsername(USERNAME, 'foobar', function (error) {
users.verifyWithUsername(USERNAME, 'foobar', users.AP_WEBADMIN, function (error) {
fs.unlinkSync(constants.GHOST_USER_FILE);
expect(error).to.be.a(BoxError);
@@ -401,7 +401,7 @@ describe('User', function () {
fs.writeFileSync(constants.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8');
users.verifyWithUsername(USERNAME, 'testpassword', function (error, result) {
users.verifyWithUsername(USERNAME, 'testpassword', users.AP_WEBADMIN, function (error, result) {
fs.unlinkSync(constants.GHOST_USER_FILE);
expect(error).to.equal(null);
@@ -420,7 +420,7 @@ describe('User', function () {
after(cleanupUsers);
it('fails due to non existing user', function (done) {
users.verifyWithEmail(EMAIL+EMAIL, PASSWORD, function (error, result) {
users.verifyWithEmail(EMAIL+EMAIL, PASSWORD, users.AP_WEBADMIN, function (error, result) {
expect(error).to.be.ok();
expect(result).to.not.be.ok();
expect(error.reason).to.equal(BoxError.NOT_FOUND);
@@ -430,7 +430,7 @@ describe('User', function () {
});
it('fails due to empty password', function (done) {
users.verifyWithEmail(EMAIL, '', function (error, result) {
users.verifyWithEmail(EMAIL, '', users.AP_WEBADMIN, function (error, result) {
expect(error).to.be.ok();
expect(result).to.not.be.ok();
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
@@ -440,7 +440,7 @@ describe('User', function () {
});
it('fails due to wrong password', function (done) {
users.verifyWithEmail(EMAIL, PASSWORD+PASSWORD, function (error, result) {
users.verifyWithEmail(EMAIL, PASSWORD+PASSWORD, users.AP_WEBADMIN, function (error, result) {
expect(error).to.be.ok();
expect(result).to.not.be.ok();
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
@@ -450,7 +450,7 @@ describe('User', function () {
});
it('succeeds', function (done) {
users.verifyWithEmail(EMAIL, PASSWORD, function (error, result) {
users.verifyWithEmail(EMAIL, PASSWORD, users.AP_WEBADMIN, function (error, result) {
expect(error).to.not.be.ok();
expect(result).to.be.ok();
@@ -459,7 +459,7 @@ describe('User', function () {
});
it('succeeds for different email case', function (done) {
users.verifyWithEmail(EMAIL.toUpperCase(), PASSWORD, function (error, result) {
users.verifyWithEmail(EMAIL.toUpperCase(), PASSWORD, users.AP_WEBADMIN, function (error, result) {
expect(error).to.not.be.ok();
expect(result).to.be.ok();
@@ -473,7 +473,7 @@ describe('User', function () {
fs.writeFileSync(constants.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8');
users.verifyWithEmail(EMAIL, 'foobar', function (error) {
users.verifyWithEmail(EMAIL, 'foobar', users.AP_WEBADMIN, function (error) {
fs.unlinkSync(constants.GHOST_USER_FILE);
expect(error).to.be.a(BoxError);
@@ -488,7 +488,7 @@ describe('User', function () {
fs.writeFileSync(constants.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8');
users.verifyWithEmail(EMAIL, 'testpassword', function (error, result) {
users.verifyWithEmail(EMAIL, 'testpassword', users.AP_WEBADMIN, function (error, result) {
fs.unlinkSync(constants.GHOST_USER_FILE);
expect(error).to.equal(null);
@@ -510,7 +510,7 @@ describe('User', function () {
users.update(userObject.id, { active: false }, AUDIT_SOURCE, function (error) {
expect(error).to.not.be.ok();
users.verify(userObject.id, PASSWORD, function (error) {
users.verify(userObject.id, PASSWORD, users.AP_WEBADMIN, function (error) {
expect(error).to.be.ok();
expect(error.reason).to.equal(BoxError.NOT_FOUND);
@@ -523,7 +523,7 @@ describe('User', function () {
users.update(userObject.id, { active: true }, AUDIT_SOURCE, function (error) {
expect(error).to.not.be.ok();
users.verify(userObject.id, PASSWORD, function (error) {
users.verify(userObject.id, PASSWORD, users.AP_WEBADMIN, function (error) {
expect(error).to.not.be.ok();
done();
@@ -532,6 +532,94 @@ describe('User', function () {
});
});
describe('appPasswords', function () {
before(createOwner);
after(cleanupUsers);
let pwd;
it('can add app password', function (done) {
users.addAppPassword(userObject.id, 'appid', 'rpi', function (error, result) {
expect(error).to.be(null);
pwd = result;
done();
});
});
it('can get app passwords', function (done) {
users.getAppPasswords(userObject.id, function (error, result) {
expect(error).to.be(null);
expect(result.length).to.be(1);
expect(result[0].name).to.be('rpi');
expect(result[0].identifier).to.be('appid');
expect(result[0].hashedPassword).to.be(undefined);
done();
});
});
it('can get app password', function (done) {
users.getAppPassword(pwd.id, function (error, result) {
expect(error).to.be(null);
expect(result.name).to.be('rpi');
expect(result.identifier).to.be('appid');
expect(result.hashedPassword).to.be(undefined);
done();
});
});
it('can verify app password', function (done) {
users.verify(userObject.id, pwd.password, 'appid', function (error, result) {
expect(error).to.not.be.ok();
expect(result).to.be.ok();
expect(result.appPassword).to.be(true);
done();
});
});
it('can verify non-app password', function (done) {
users.verify(userObject.id, PASSWORD, 'appid', function (error, result) {
expect(error).to.not.be.ok();
expect(result).to.be.ok();
expect(result.appPassword).to.be(undefined);
done();
});
});
it('cannot verify bad password', function (done) {
users.verify(userObject.id, 'bad', 'appid', function (error, result) {
expect(error).to.be.ok();
expect(result).to.not.be.ok();
expect(error.reason).to.be(BoxError.INVALID_CREDENTIALS);
done();
});
});
it('cannot verify password for another app', function (done) {
users.verify(userObject.id, pwd.password, 'appid2', function (error, result) {
expect(error).to.be.ok();
expect(result).to.not.be.ok();
expect(error.reason).to.be(BoxError.INVALID_CREDENTIALS);
done();
});
});
it('can del app password', function (done) {
users.delAppPassword(pwd.id, function (error) {
if (error) return done(error);
// cannot verify anymore
users.verify(userObject.id, pwd.password, 'appid', function (error) {
expect(error).to.be.ok();
done();
});
});
});
});
describe('retrieving', function () {
before(createOwner);
after(cleanupUsers);
@@ -801,7 +889,7 @@ describe('User', function () {
});
it('actually changed the password (unable to login with old pasword)', function (done) {
users.verify(userObject.id, PASSWORD, function (error, result) {
users.verify(userObject.id, PASSWORD, users.AP_WEBADMIN, function (error, result) {
expect(error).to.be.ok();
expect(result).to.not.be.ok();
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
@@ -810,7 +898,7 @@ describe('User', function () {
});
it('actually changed the password (login with new password)', function (done) {
users.verify(userObject.id, NEW_PASSWORD, function (error, result) {
users.verify(userObject.id, NEW_PASSWORD, users.AP_WEBADMIN, function (error, result) {
expect(error).to.not.be.ok();
expect(result).to.be.ok();
done();