jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

directoryserver: 2fa validation tests

Browse Source
This commit is contained in:
Girish Ramakrishnan
2024-01-06 13:25:12 +01:00
parent c422e2d570
commit e13f427267
2 changed files with 35 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/test/directoryserver-test.js
View File

@@ -13,7 +13,9 @@ const async = require('async'),
expect = require('expect.js'),
groups = require('../groups.js'),
ldap = require('ldapjs'),
safe = require('safetydance');
safe = require('safetydance'),
speakeasy = require('speakeasy'),
users = require('../users.js');
async function ldapBind(dn, password) {
return new Promise((resolve, reject) => {
@@ -68,7 +70,7 @@ async function ldapSearch(dn, opts, auth) {
}
describe('Directory Server (LDAP)', function () {
const { setup, cleanup, admin, user, app, domain } = common;
const { setup, cleanup, admin, user, app, domain, auditSource } = common;
let group, group2;
const mockApp = Object.assign({}, app);
const auth = {
@@ -100,6 +102,8 @@ describe('Directory Server (LDAP)', function () {
});
describe('user bind', function () {
let twofa;
it('cn= fails for nonexisting user', async function () {
const [error] = await safe(ldapBind('cn=doesnotexist,ou=users,dc=cloudron', 'password'));
expect(error).to.be.a(ldap.NoSuchObjectError);
@@ -130,6 +134,29 @@ describe('Directory Server (LDAP)', function () {
it('mail= succeeds with email', async function () {
await ldapBind(`mail=${admin.email},ou=users,dc=cloudron`, admin.password);
});
it('enable 2fa', async function () {
twofa = await users.setTwoFactorAuthenticationSecret(admin.id, auditSource);
const totpToken = speakeasy.totp({ secret: twofa.secret, encoding: 'base32' });
await users.enableTwoFactorAuthentication(admin.id, totpToken, auditSource);
});
it('fails without 2fa', async function () {
const [error] = await safe(ldapBind(`cn=${admin.id},ou=users,dc=cloudron`, admin.password));
expect(error).to.be.a(ldap.InvalidCredentialsError);
expect(error.lde_message).to.be('A totpToken must be provided');
});
it('fails with invalid 2fa', async function () {
const [error] = await safe(ldapBind(`cn=${admin.id}+totptoken=schlecht,ou=users,dc=cloudron`, admin.password));
expect(error).to.be.a(ldap.InvalidCredentialsError);
expect(error.lde_message).to.be('Invalid totpToken');
});
it('succeeds with valid 2fa', async function () {
const totpToken = speakeasy.totp({ secret: twofa.secret, encoding: 'base32' });
await ldapBind(`cn=${admin.email}+totpToken=${totpToken},ou=users,dc=cloudron`, admin.password);
});
});
describe('search users', function () {