jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
d34b102e523fd67b52c4d7433ab1dec06d522409
cloudron-box/src/routes/test/user-directory-test.js
T
Girish Ramakrishnan d34b102e52 mandatory2fa: fix workflow when using external LDAP 
* Always allow the mandatory 2fa setting to be saved
* Show warning for user if they have no 2fa setup and if not external 2fa
* If they get locked out anyway, they have to use CLI tool
* redirect for mandatory 2fa only if not external 2fa as well
2024-06-12 12:26:40 +02:00

87 lines
3.3 KiB
JavaScript
Raw Blame History

/* jslint node:true */
/* global it:false */
/* global describe:false */
/* global before:false */
/* global after:false */
'use strict';
const common = require('./common.js'),
expect = require('expect.js'),
superagent = require('superagent');
describe('User Directory API', function () {
const { setup, cleanup, serverUrl, owner, user } = common;
before(setup);
after(cleanup);
describe('profile config', function () {
it('get default profile config', async function() {
const response = await superagent.get(`${serverUrl}/api/v1/user_directory/profile_config`)
.query({ access_token: owner.token })
.ok(() => true);
expect(response.statusCode).to.equal(200);
expect(response.body.lockUserProfiles).to.be(false);
expect(response.body.mandatory2FA).to.be(false);
});
it('cannot set profile config without mandatory2FA', async function() {
const response = await superagent.post(`${serverUrl}/api/v1/user_directory/profile_config`)
.query({ access_token: owner.token })
.send({ lockUserProfiles: true })
.ok(() => true);
expect(response.statusCode).to.equal(400);
});
it('cannot set as normal user', async function() {
const response = await superagent.post(`${serverUrl}/api/v1/user_directory/profile_config`)
.query({ access_token: user.token })
.send({ lockUserProfiles: true, mandatory2FA: true })
.ok(() => true);
expect(response.statusCode).to.equal(403);
});
it('can lock user profile', async function() {
const response = await superagent.post(`${serverUrl}/api/v1/user_directory/profile_config`)
.query({ access_token: owner.token })
.send({ lockUserProfiles: true, mandatory2FA: false })
.ok(() => true);
expect(response.statusCode).to.equal(200);
const response2 = await superagent.post(`${serverUrl}/api/v1/profile/email`)
.query({ access_token: owner.token })
.send({ email: 'newemail@example.Com', password: owner.password })
.ok(() => true);
expect(response2.statusCode).to.equal(403); // profile is locked
});
it('can set mandatory 2fa', async function() {
const response = await superagent.post(`${serverUrl}/api/v1/user_directory/profile_config`)
.query({ access_token: owner.token })
.send({ lockUserProfiles: true, mandatory2FA: true })
.ok(() => true);
expect(response.statusCode).to.equal(200);
// token gets revoked!
const response2 = await superagent.get(`${serverUrl}/api/v1/profile`)
.query({ access_token: owner.token })
.ok(() => true);
expect(response2.statusCode).to.equal(200); // token is not gone, since it is persisted
const response3 = await superagent.get(`${serverUrl}/api/v1/profile`)
.query({ access_token: user.token })
.ok(() => true);
expect(response3.statusCode).to.equal(401); // token is gone
});
});
});
Reference in New Issue View Git Blame Copy Permalink