UNPKG

@budibase/worker

Version:

Budibase background service

github.com/Budibase/budibase

Budibase/budibase

96 lines (78 loc) 2.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
import lockout from "../lockout" import { cache } from "@budibase/backend-core" import * as userSdk from "../../sdk/users" import env from "../../environment" jest.mock("@budibase/backend-core", () => ({ cache: { get: jest.fn(), }, })) jest.mock("../../sdk/users", () => ({ db: { getUserByEmail: jest.fn(), }, })) describe("lockout middleware", () => { let ctx: any let next: jest.Mock beforeEach(() => { ctx = { request: { body: {}, }, set: jest.fn(), throw: jest.fn(), } next = jest.fn() jest.clearAllMocks() }) it("should call next if no email provided", async () => { ctx.request.body = {} await lockout(ctx, next) expect(next).toHaveBeenCalled() expect(ctx.throw).not.toHaveBeenCalled() }) it("should call next if user not found", async () => { ctx.request.body = { username: "test@example.com" } ;(userSdk.db.getUserByEmail as jest.Mock).mockResolvedValue(null) await lockout(ctx, next) expect(next).toHaveBeenCalled() expect(ctx.throw).not.toHaveBeenCalled() }) it("should call next if user exists but not locked", async () => { ctx.request.body = { username: "test@example.com" } ;(userSdk.db.getUserByEmail as jest.Mock).mockResolvedValue({ email: "test@example.com", }) ;(cache.get as jest.Mock).mockResolvedValue(null) await lockout(ctx, next) expect(next).toHaveBeenCalled() expect(ctx.throw).not.toHaveBeenCalled() }) it("should throw 403 if user is locked", async () => { ctx.request.body = { username: "test@example.com" } ;(userSdk.db.getUserByEmail as jest.Mock).mockResolvedValue({ email: "test@example.com", }) ;(cache.get as jest.Mock).mockResolvedValue("1") // Mock ctx.throw to actually throw ctx.throw = jest.fn().mockImplementation((status, message) => { const error = new Error(message) ;(error as any).status = status throw error }) await expect(lockout(ctx, next)).rejects.toThrow( "Account temporarily locked. Try again later." ) expect(next).not.toHaveBeenCalled() expect(ctx.set).toHaveBeenCalledWith("X-Account-Locked", "1") expect(ctx.set).toHaveBeenCalledWith( "Retry-After", String(env.LOGIN_LOCKOUT_SECONDS) ) expect(ctx.throw).toHaveBeenCalledWith( 403, "Account temporarily locked. Try again later." ) }) })