sander
/
MuDBase
1
0
Fork 0
Code Issues 17 Pull Requests Projects 6 Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
121 Commits
7 Branches
0 Tags
4.0 MiB
 
 
 
 
Tag: Branch: Tree: f1a5597598
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f1a5597598'
${ noResults }
MuDBase/server/test/integration/flows/AuthFlow.js

145 lines
6.0 KiB
Raw Blame History

const chai = require('chai');
const chaiHttp = require('chai-http');
const express = require('express');
import { SetupApp } from '../../../app';
import * as helpers from './helpers';
async function init() {
chai.use(chaiHttp);
const app = express();
const knex = await helpers.initTestDB();
SetupApp(app, knex, '');
// Login as a test user.
var agent = chai.request.agent(app);
return agent;
}
describe('Auth registration password and email constraints', () => {
it('are enforced', async done => {
let req = await init();
try {
await helpers.createUser(req, "someone", "password1A!", 400); //no valid email
await helpers.createUser(req, "someone@email.com", "password1A", 400); //no special char
await helpers.createUser(req, "someone@email.com", "password1!", 400); //no capital letter
await helpers.createUser(req, "someone@email.com", "passwordA!", 400); //no number
await helpers.createUser(req, "someone@email.com", "Ϭassword1A!", 400); //non-ASCII in password
await helpers.createUser(req, "Ϭomeone@email.com", "password1A!", 400); //non-ASCII in email
await helpers.createUser(req, "someone@email.com", "pass1A!", 400); //password too short
await helpers.createUser(req, "someone@email.com", "password1A!", 200);
} finally {
req.close();
done();
}
});
});
describe('Attempting to register an already registered user', () => {
it('should fail', async done => {
let req = await init();
try {
await helpers.createUser(req, "someone@email.com", "password1A!", 200);
await helpers.createUser(req, "someone@email.com", "password1A!", 400);
} finally {
req.close();
done();
}
});
});
describe('Auth login access for users', () => {
it('is correctly enforced', async done => {
let req = await init();
try {
await helpers.createUser(req, "someone@email.com", "password1A!", 200);
await helpers.createUser(req, "someoneelse@other.com", "password2B!", 200);
await helpers.login(req, "someone@email.com", "password2B!", 401);
await helpers.login(req, "someoneelse@other.com", "password1A!", 401);
await helpers.login(req, "someone@email.com", "password1A!", 200);
await helpers.login(req, "someoneelse@other.com", "password2B!", 200);
} finally {
req.close();
done();
}
});
});
describe('Auth access to objects', () => {
it('is only possible when logged in', async done => {
let req = await init();
try {
await helpers.createUser(req, "someone@email.com", "password1A!", 200);
await helpers.login(req, "someone@email.com", "password1A!", 200);
await helpers.createTag(req, { name: "Tag1" }, 200, { id: 1 });
await helpers.createArtist(req, { name: "Artist1" }, 200, { id: 1} );
await helpers.createAlbum(req, { name: "Album1" }, 200, { id: 1 });
await helpers.createSong(req, { title: "Song1" }, 200, { id: 1 });
await helpers.checkTag(req, 1, 200);
await helpers.checkAlbum(req, 1, 200);
await helpers.checkArtist(req, 1, 200);
await helpers.checkSong(req, 1, 200);
await helpers.logout(req, 200);
await helpers.checkTag(req, 1, 401);
await helpers.checkAlbum(req, 1, 401);
await helpers.checkArtist(req, 1, 401);
await helpers.checkSong(req, 1, 401);
} finally {
req.close();
done();
}
});
});
describe('Auth access to user objects', () => {
it('is restricted to each user', async done => {
let req = await init();
try {
await helpers.createUser(req, "someone@email.com", "password1A!", 200);
await helpers.createUser(req, "someoneelse@other.com", "password2B!", 200);
await helpers.login(req, "someone@email.com", "password1A!", 200);
await helpers.createTag(req, { name: "Tag1" }, 200, { id: 1 });
await helpers.createArtist(req, { name: "Artist1" }, 200, { id: 1} );
await helpers.createAlbum(req, { name: "Album1" }, 200, { id: 1 });
await helpers.createSong(req, { title: "Song1" }, 200, { id: 1 });
await helpers.logout(req, 200);
await helpers.login(req, "someoneelse@other.com", "password2B!", 200);
await helpers.createTag(req, { name: "Tag2" }, 200, { id: 2 });
await helpers.createArtist(req, { name: "Artist2" }, 200, { id: 2 } );
await helpers.createAlbum(req, { name: "Album2" }, 200, { id: 2 });
await helpers.createSong(req, { title: "Song2" }, 200, { id: 2 });
await helpers.logout(req, 200);
await helpers.login(req, "someone@email.com", "password1A!", 200);
await helpers.checkTag(req, 2, 404);
await helpers.checkAlbum(req, 2, 404);
await helpers.checkArtist(req, 2, 404);
await helpers.checkSong(req, 2, 404);
await helpers.checkTag(req, 1, 200);
await helpers.checkAlbum(req, 1, 200);
await helpers.checkArtist(req, 1, 200);
await helpers.checkSong(req, 1, 200);
await helpers.logout(req, 200);
await helpers.login(req, "someoneelse@other.com", "password2B!", 200);
await helpers.checkTag(req, 1, 404);
await helpers.checkAlbum(req, 1, 404);
await helpers.checkArtist(req, 1, 404);
await helpers.checkSong(req, 1, 404);
await helpers.checkTag(req, 2, 200);
await helpers.checkAlbum(req, 2, 200);
await helpers.checkArtist(req, 2, 200);
await helpers.checkSong(req, 2, 200);
await helpers.logout(req, 200);
} finally {
req.close();
done();
}
});
});