jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

unify totp check

Browse Source 
the totp check is done in several places causing errors like 3552232e99

* ldap (addon)
* accesscontrol (dashboard)
* proxyauth
* directoryserver (exposed ldap)
* externalldap (the connector)

The code also makes externalldap auto-create work now across all the cases where there is a username
This commit is contained in:
Girish Ramakrishnan
2023-03-12 15:09:20 +01:00
parent 8e0d1b61af
commit 53e9eccf72
11 changed files with 103 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/test/users-test.js
+26 -26
View File
@@ -244,43 +244,43 @@ describe('User', function () {
before(createOwner);
it('fails due to non existing user', async function () {
const [error] = await safe(users.verify('somerandomid', 'somepassword', users.AP_WEBADMIN));
const [error] = await safe(users.verify('somerandomid', 'somepassword', users.AP_WEBADMIN, {}));
expect(error.reason).to.equal(BoxError.NOT_FOUND);
});
it('fails due to empty password', async function () {
const [error] = await safe(users.verify(admin.id, '', users.AP_WEBADMIN));
const [error] = await safe(users.verify(admin.id, '', users.AP_WEBADMIN, {}));
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
});
it('fails due to wrong password', async function () {
const [error] = await safe(users.verify(admin.id, admin.password+'x', users.AP_WEBADMIN));
const [error] = await safe(users.verify(admin.id, admin.password+'x', users.AP_WEBADMIN, {}));
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
});
it('succeeds', async function () {
const result = await users.verify(admin.id, admin.password, users.AP_WEBADMIN);
const result = await users.verify(admin.id, admin.password, users.AP_WEBADMIN, {});
expect(result).to.be.ok();
expect(result.appPassword).to.not.be.ok();
expect(result.ghost).to.not.be.ok();
});
it('fails for ghost if not enabled', async function () {
const [error] = await safe(users.verify(admin.id, 'foobar', users.AP_WEBADMIN));
const [error] = await safe(users.verify(admin.id, 'foobar', users.AP_WEBADMIN, {}));
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
});
it('fails for ghost with wrong password', async function () {
await users.setGhost(admin, 'testpassword', 0);
const [error] = await safe(users.verify(admin.id, 'foobar', users.AP_WEBADMIN));
const [error] = await safe(users.verify(admin.id, 'foobar', users.AP_WEBADMIN, {}));
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
});
it('succeeds for ghost', async function () {
await users.setGhost(admin, 'testpassword', 0);
const result = await users.verify(admin.id, 'testpassword', users.AP_WEBADMIN);
const result = await users.verify(admin.id, 'testpassword', users.AP_WEBADMIN, {});
expect(result.id).to.equal(admin.id);
expect(result.ghost).to.be(true);
});
@@ -288,7 +288,7 @@ describe('User', function () {
it('succeeds for normal user password when ghost file exists', async function () {
await users.setGhost(admin, 'testpassword', 0);
const result = await users.verify(admin.id, admin.password, users.AP_WEBADMIN);
const result = await users.verify(admin.id, admin.password, users.AP_WEBADMIN, {});
expect(result.id).to.equal(admin.id);
expect(result.ghost).to.not.be.ok();
});
@@ -298,41 +298,41 @@ describe('User', function () {
before(createOwner);
it('fails due to non existing username', async function () {
const [error] = await safe(users.verifyWithUsername('someusername', 'somepass', users.AP_WEBADMIN));
const [error] = await safe(users.verifyWithUsername('someusername', 'somepass', users.AP_WEBADMIN, {}));
expect(error.reason).to.equal(BoxError.NOT_FOUND);
});
it('fails due to empty password', async function () {
const [error] = await safe(users.verifyWithUsername(admin.username, '', users.AP_WEBADMIN));
const [error] = await safe(users.verifyWithUsername(admin.username, '', users.AP_WEBADMIN, {}));
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
});
it('fails due to wrong password', async function () {
const [error] = await safe(users.verifyWithUsername(admin.username, 'somepass', users.AP_WEBADMIN));
const [error] = await safe(users.verifyWithUsername(admin.username, 'somepass', users.AP_WEBADMIN, {}));
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
});
it('succeeds', async function () {
const result = await users.verifyWithUsername(admin.username, admin.password, users.AP_WEBADMIN);
const result = await users.verifyWithUsername(admin.username, admin.password, users.AP_WEBADMIN, {});
expect(result.id).to.equal(admin.id);
});
it('succeeds for different username case', async function () {
const result = await users.verifyWithUsername(admin.username.toUpperCase(), admin.password, users.AP_WEBADMIN);
const result = await users.verifyWithUsername(admin.username.toUpperCase(), admin.password, users.AP_WEBADMIN, {});
expect(result.id).to.equal(admin.id);
});
it('fails for ghost with wrong password', async function () {
await users.setGhost(admin, 'testpassword', 0);
const [error] = await safe(users.verifyWithUsername(admin.username, 'foobar', users.AP_WEBADMIN));
const [error] = await safe(users.verifyWithUsername(admin.username, 'foobar', users.AP_WEBADMIN, {}));
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
});
it('succeeds for ghost', async function () {
await users.setGhost(admin, 'testpassword', 0);
const result = await users.verifyWithUsername(admin.username, 'testpassword', users.AP_WEBADMIN);
const result = await users.verifyWithUsername(admin.username, 'testpassword', users.AP_WEBADMIN, {});
expect(result.id).to.equal(admin.id);
expect(result.ghost).to.be(true);
});
@@ -342,41 +342,41 @@ describe('User', function () {
before(createOwner);
it('fails due to non existing user', async function () {
const [error] = await safe(users.verifyWithEmail('bad@email.com', admin.password, users.AP_WEBADMIN));
const [error] = await safe(users.verifyWithEmail('bad@email.com', admin.password, users.AP_WEBADMIN, {}));
expect(error.reason).to.equal(BoxError.NOT_FOUND);
});
it('fails due to empty password', async function () {
const [error] = await safe(users.verifyWithEmail(admin.email, '', users.AP_WEBADMIN));
const [error] = await safe(users.verifyWithEmail(admin.email, '', users.AP_WEBADMIN, {}));
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
});
it('fails due to wrong password', async function () {
const [error] = await safe(users.verifyWithEmail(admin.email, 'badpassword', users.AP_WEBADMIN));
const [error] = await safe(users.verifyWithEmail(admin.email, 'badpassword', users.AP_WEBADMIN, {}));
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
});
it('succeeds', async function () {
const result = await users.verifyWithEmail(admin.email, admin.password, users.AP_WEBADMIN);
const result = await users.verifyWithEmail(admin.email, admin.password, users.AP_WEBADMIN, {});
expect(result.id).to.be(admin.id);
});
it('succeeds for different email case', async function () {
const result = await users.verifyWithEmail(admin.email.toUpperCase(), admin.password, users.AP_WEBADMIN);
const result = await users.verifyWithEmail(admin.email.toUpperCase(), admin.password, users.AP_WEBADMIN, {});
expect(result.id).to.be(admin.id);
});
it('fails for ghost with wrong password', async function () {
await users.setGhost(admin, 'testpassword', 0);
const [error] = await safe(users.verifyWithEmail(admin.email, 'foobar', users.AP_WEBADMIN));
const [error] = await safe(users.verifyWithEmail(admin.email, 'foobar', users.AP_WEBADMIN, {}));
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
});
it('succeeds for ghost', async function () {
await users.setGhost(admin, 'testpassword', 0);
const result = await users.verifyWithEmail(admin.email, 'testpassword', users.AP_WEBADMIN);
const result = await users.verifyWithEmail(admin.email, 'testpassword', users.AP_WEBADMIN, {});
expect(result.id).to.equal(admin.id);
expect(result.ghost).to.equal(true);
});
@@ -387,13 +387,13 @@ describe('User', function () {
it('verify fails for inactive user', async function () {
await users.update(admin, { active: false }, auditSource);
const [error] = await safe(users.verify(admin.id, admin.password, users.AP_WEBADMIN));
const [error] = await safe(users.verify(admin.id, admin.password, users.AP_WEBADMIN, {}));
expect(error.reason).to.equal(BoxError.NOT_FOUND);
});
it('verify succeeds for inactive user', async function () {
await users.update(admin, { active: true }, auditSource);
await users.verify(admin.id, admin.password, users.AP_WEBADMIN);
await users.verify(admin.id, admin.password, users.AP_WEBADMIN, {});
});
});
@@ -455,12 +455,12 @@ describe('User', function () {
});
it('actually changed the password (unable to login with old pasword)', async function () {
const [error] = await safe(users.verify(admin.id, admin.password, users.AP_WEBADMIN));
const [error] = await safe(users.verify(admin.id, admin.password, users.AP_WEBADMIN, {}));
expect(error.reason).to.equal(BoxError.INVALID_CREDENTIALS);
});
it('actually changed the password (login with new password)', async function () {
await users.verify(admin.id, 'ThisIsNew1Password', users.AP_WEBADMIN);
await users.verify(admin.id, 'ThisIsNew1Password', users.AP_WEBADMIN, {});
});
});