jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

tokens: async'ify

Browse Source
This commit is contained in:
Girish Ramakrishnan
2021-06-04 09:28:40 -07:00
parent 593038907c
commit 7bee7b9ef8
16 changed files with 517 additions and 727 deletions
Download Patch File Download Diff File Expand all files Collapse all files

328
src/routes/test/profile-test.js
View File

@@ -6,267 +6,187 @@
'use strict';
var constants = require('../../constants.js'),
database = require('../../database.js'),
const common = require('./common.js'),
expect = require('expect.js'),
hat = require('../../hat.js'),
mailer = require('../../mailer.js'),
superagent = require('superagent'),
server = require('../../server.js'),
tokendb = require('../../tokendb.js');
const SERVER_URL = 'http://localhost:' + constants.PORT;
const USERNAME_0 = 'superaDmIn';
const PASSWORD = 'Foobar?1337';
const EMAIL_0 = 'silLY@me.com';
const EMAIL_0_NEW = 'stupID@me.com';
const EMAIL_0_NEW_FALLBACK = 'stupIDfallback@me.com';
const DISPLAY_NAME_0_NEW = 'New Name';
tokens = require('../../tokens.js');
describe('Profile API', function () {
var user_0 = null;
var token_0;
const { setup, cleanup, serverUrl, owner } = common;
function setup(done) {
server.start(function (error) {
expect(!error).to.be.ok();
database._clear(function (error) {
expect(error).to.eql(null);
superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
.query({ setupToken: 'somesetuptoken' })
.send({ username: USERNAME_0, password: PASSWORD, email: EMAIL_0 })
.end(function (err, res) {
expect(err).to.eql(null);
expect(res.statusCode).to.equal(201);
// stash for later use
token_0 = res.body.token;
done();
});
});
});
}
function cleanup(done) {
database._clear(function (error) {
expect(!error).to.be.ok();
mailer._mailQueue = [];
server.stop(done);
});
}
before(setup);
after(cleanup);
describe('get profile', function () {
before(setup);
after(cleanup);
it('fails without token', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/profile`)
.ok(() => true);
it('fails without token', function (done) {
superagent.get(SERVER_URL + '/api/v1/profile/').end(function (error, result) {
expect(result.statusCode).to.equal(401);
done();
});
expect(response.statusCode).to.equal(401);
});
it('fails with empty token', function (done) {
superagent.get(SERVER_URL + '/api/v1/profile/').query({ access_token: '' }).end(function (error, result) {
expect(result.statusCode).to.equal(401);
it('fails with empty token', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/profile`)
.query({ access_token: '' })
.ok(() => true);
done();
});
expect(response.statusCode).to.equal(401);
});
it('fails with invalid token', function (done) {
superagent.get(SERVER_URL + '/api/v1/profile/').query({ access_token: 'some token' }).end(function (error, result) {
expect(result.statusCode).to.equal(401);
it('fails with invalid token', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/profile`)
.query({ access_token: 'some token' })
.ok(() => true);
done();
});
expect(response.statusCode).to.equal(401);
});
it('succeeds', function (done) {
superagent.get(SERVER_URL + '/api/v1/profile/').query({ access_token: token_0 }).end(function (error, result) {
expect(result.statusCode).to.equal(200);
expect(result.body.username).to.equal(USERNAME_0.toLowerCase());
expect(result.body.email).to.equal(EMAIL_0.toLowerCase());
expect(result.body.fallbackEmail).to.equal(EMAIL_0.toLowerCase());
expect(result.body.displayName).to.be.a('string');
expect(result.body.password).to.not.be.ok();
expect(result.body.salt).to.not.be.ok();
it('succeeds', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/profile`)
.query({ access_token: owner.token });
user_0 = result.body;
done();
});
expect(response.statusCode).to.equal(200);
expect(response.body.username).to.equal(owner.username.toLowerCase());
expect(response.body.email).to.equal(owner.email.toLowerCase());
expect(response.body.fallbackEmail).to.equal(owner.email.toLowerCase());
expect(response.body.displayName).to.be.a('string');
expect(response.body.password).to.not.be.ok();
expect(response.body.salt).to.not.be.ok();
});
it('fails with expired token', function (done) {
var token = hat(8 * 32);
var expires = Date.now() - 2000; // 1 sec
it('fails with expired token', async function () {
const token = await tokens.add({ identifier: '0', clientId: 'clientid-0', expires: Date.now() - 2000 });
expect(token.accessToken).to.be.a('string');
tokendb.add({ id: 'tid-3', accessToken: token, identifier: user_0.id, clientId: null, expires: expires, scope: 'unused', name: 'fromtest' }, function (error) {
expect(error).to.not.be.ok();
const response = await superagent.get(`${serverUrl}/api/v1/profile`)
.query({ access_token: token.accessToken })
.ok(() => true);
superagent.get(SERVER_URL + '/api/v1/profile').query({ access_token: token }).end(function (error, result) {
expect(result.statusCode).to.equal(401);
done();
});
});
expect(response.statusCode).to.equal(401);
});
it('fails with invalid token in auth header', function (done) {
superagent.get(SERVER_URL + '/api/v1/profile').set('Authorization', 'Bearer ' + 'x' + token_0).end(function (error, result) {
expect(result.statusCode).to.equal(401);
done();
});
it('fails with invalid token in auth header', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/profile`)
.set('Authorization', 'Bearer ' + 'x' + owner.token)
.ok(() => true);
expect(response.statusCode).to.equal(401);
});
it('succeeds with token in auth header', function (done) {
superagent.get(SERVER_URL + '/api/v1/profile').set('Authorization', 'Bearer ' + token_0).end(function (error, result) {
expect(result.statusCode).to.equal(200);
expect(result.body.username).to.equal(USERNAME_0.toLowerCase());
expect(result.body.email).to.equal(EMAIL_0.toLowerCase());
expect(result.body.displayName).to.be.a('string');
expect(result.body.password).to.not.be.ok();
expect(result.body.salt).to.not.be.ok();
done();
});
it('succeeds with token in auth header', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/profile`).set('Authorization', 'Bearer ' + owner.token);
expect(response.statusCode).to.equal(200);
expect(response.body.username).to.equal(owner.username.toLowerCase());
expect(response.body.email).to.equal(owner.email.toLowerCase());
expect(response.body.displayName).to.be.a('string');
expect(response.body.password).to.not.be.ok();
expect(response.body.salt).to.not.be.ok();
});
});
describe('update', function () {
before(setup);
after(cleanup);
it('change email fails due to missing token', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/profile`)
.send({ email: 'newemail@example.com' })
.ok(() => true);
it('change email fails due to missing token', function (done) {
superagent.post(SERVER_URL + '/api/v1/profile')
.send({ email: EMAIL_0_NEW })
.end(function (error, result) {
expect(result.statusCode).to.equal(401);
done();
});
expect(response.statusCode).to.equal(401);
});
it('change email fails due to invalid email', function (done) {
superagent.post(SERVER_URL + '/api/v1/profile')
.query({ access_token: token_0 })
it('change email fails due to invalid email', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/profile`)
.query({ access_token: owner.token })
.send({ email: 'foo@bar' })
.end(function (error, result) {
expect(result.statusCode).to.equal(400);
done();
});
.ok(() => true);
expect(response.statusCode).to.equal(400);
});
it('change user succeeds without email nor displayName', function (done) {
superagent.post(SERVER_URL + '/api/v1/profile')
.query({ access_token: token_0 })
.send({})
.end(function (error, result) {
expect(result.statusCode).to.equal(204);
done();
});
it('change user succeeds without email nor displayName', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/profile`)
.query({ access_token: owner.token })
.send({});
expect(response.statusCode).to.equal(204);
});
it('change email succeeds', function (done) {
superagent.post(SERVER_URL + '/api/v1/profile')
.query({ access_token: token_0 })
.send({ email: EMAIL_0_NEW, fallbackEmail: EMAIL_0_NEW_FALLBACK })
.end(function (error, result) {
expect(result.statusCode).to.equal(204);
it('change email succeeds', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/profile`)
.query({ access_token: owner.token })
.send({ email: 'newemail@example.Com', fallbackEmail: 'NewFallbackemail@example.com' });
superagent.get(SERVER_URL + '/api/v1/profile')
.query({ access_token: token_0 })
.end(function (err, res) {
expect(res.statusCode).to.equal(200);
expect(res.body.username).to.equal(USERNAME_0.toLowerCase());
expect(res.body.email).to.equal(EMAIL_0_NEW.toLowerCase());
expect(res.body.fallbackEmail).to.equal(EMAIL_0_NEW_FALLBACK.toLowerCase());
expect(res.body.displayName).to.equal('');
expect(response.statusCode).to.equal(204);
done();
});
});
const response2 = await superagent.get(`${serverUrl}/api/v1/profile`)
.query({ access_token: owner.token });
expect(response2.statusCode).to.equal(200);
expect(response2.body.username).to.equal(owner.username);
expect(response2.body.email).to.equal('newemail@example.com'); // lower cased
expect(response2.body.fallbackEmail).to.equal('newfallbackemail@example.com');
expect(response2.body.displayName).to.equal('');
});
it('change displayName succeeds', function (done) {
superagent.post(SERVER_URL + '/api/v1/profile')
.query({ access_token: token_0 })
.send({ displayName: DISPLAY_NAME_0_NEW })
.end(function (error, result) {
expect(result.statusCode).to.equal(204);
it('change displayName succeeds', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/profile`)
.query({ access_token: owner.token })
.send({ displayName: 'Agent Smith' });
superagent.get(SERVER_URL + '/api/v1/profile')
.query({ access_token: token_0 })
.end(function (err, res) {
expect(res.statusCode).to.equal(200);
expect(res.body.username).to.equal(USERNAME_0.toLowerCase());
expect(res.body.email).to.equal(EMAIL_0_NEW.toLowerCase());
expect(res.body.displayName).to.equal(DISPLAY_NAME_0_NEW);
expect(response.statusCode).to.equal(204);
done();
});
});
const response2 = await superagent.get(`${serverUrl}/api/v1/profile`)
.query({ access_token: owner.token });
expect(response2.statusCode).to.equal(200);
expect(response2.body.username).to.equal(owner.username);
expect(response2.body.email).to.equal('newemail@example.com'); // lower cased
expect(response2.body.displayName).to.equal('Agent Smith');
});
});
describe('password change', function () {
before(setup);
after(cleanup);
it('fails due to missing current password', function (done) {
superagent.post(SERVER_URL + '/api/v1/profile/password')
.query({ access_token: token_0 })
it('fails due to missing current password', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/profile/password`)
.query({ access_token: owner.token })
.send({ newPassword: 'some wrong password' })
.end(function (err, res) {
expect(res.statusCode).to.equal(400);
done();
});
.ok(() => true);
expect(response.statusCode).to.equal(400);
});
it('fails due to missing new password', function (done) {
superagent.post(SERVER_URL + '/api/v1/profile/password')
.query({ access_token: token_0 })
.send({ password: PASSWORD })
.end(function (err, res) {
expect(res.statusCode).to.equal(400);
done();
});
it('fails due to missing new password', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/profile/password`)
.query({ access_token: owner.token })
.send({ password: owner.password.password })
.ok(() => true);
expect(response.statusCode).to.equal(400);
});
it('fails due to wrong password', function (done) {
superagent.post(SERVER_URL + '/api/v1/profile/password')
.query({ access_token: token_0 })
it('fails due to wrong password', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/profile/password`)
.query({ access_token: owner.token })
.send({ password: 'some wrong password', newPassword: 'MOre#$%34' })
.end(function (err, res) {
expect(res.statusCode).to.equal(412);
done();
});
.ok(() => true);
expect(response.statusCode).to.equal(412);
});
it('fails due to invalid password', function (done) {
superagent.post(SERVER_URL + '/api/v1/profile/password')
.query({ access_token: token_0 })
.send({ password: PASSWORD, newPassword: 'five' })
.end(function (err, res) {
expect(res.statusCode).to.equal(400);
done();
});
it('fails due to invalid password', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/profile/password`)
.query({ access_token: owner.token })
.send({ password: owner.password, newPassword: 'five' })
.ok(() => true);
expect(response.statusCode).to.equal(400);
});
it('succeeds', function (done) {
superagent.post(SERVER_URL + '/api/v1/profile/password')
.query({ access_token: token_0 })
.send({ password: PASSWORD, newPassword: 'MOre#$%34' })
.end(function (err, res) {
expect(res.statusCode).to.equal(204);
done();
});
it('succeeds', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/profile/password`)
.query({ access_token: owner.token })
.send({ password: owner.password, newPassword: 'MOre#$%34' });
expect(response.statusCode).to.equal(204);
});
});
});