smc-hub
Version:
CoCalc: Backend webserver component
317 lines (306 loc) • 10.1 kB
JavaScript
// Generated by CoffeeScript 2.5.1
(function() {
//########################################################################
// This file is part of CoCalc: Copyright © 2020 Sagemath, Inc.
// License: AGPLv3 s.t. "Commons Clause" – see LICENSE.md for details
//########################################################################
/*
Testing password reset, change, email_address change, etc. related functionality
*/
var api, auth, expect, misc, reset, setup, teardown;
api = require('./apitest');
({setup, teardown, reset} = api);
misc = require('smc-util/misc');
expect = require('expect');
auth = require('../../auth');
describe('test changing password -- ', function() {
var account_id2, api_key2;
before(setup);
after(teardown);
beforeEach(reset);
it('changes the password', function(done) {
return api.call({
event: 'change_password',
body: {
account_id: api.account_id,
old_password: 'blah',
new_password: 'new-blah'
},
cb: function(err, resp) {
if (err) {
done(err);
return;
}
expect(resp != null ? resp.event : void 0).toBe('changed_password');
return done();
}
});
});
it("tries with invalid old password and fails (this also confirms that password was changed)", function(done) {
return api.call({
event: 'change_password',
body: {
account_id: api.account_id,
old_password: 'blah',
new_password: 'new2-blah'
},
cb: function(err, resp) {
expect(resp != null ? resp.error : void 0).toBe('invalid old password');
return done(err);
}
});
});
it('change it back, which confirms it was changed to what we think', function(done) {
return api.call({
event: 'change_password',
body: {
account_id: api.account_id,
old_password: 'new-blah',
new_password: 'blah'
},
cb: function(err, resp) {
expect(resp != null ? resp.event : void 0).toBe('changed_password');
return done(err);
}
});
});
account_id2 = void 0;
it("create another account with no password set", function(done) {
return api.db.create_account({
first_name: "Sage2",
last_name: "CoCalc2",
created_by: "1.2.3.5",
email_address: "cocalc2@sagemath.com",
cb: function(err, account_id) {
account_id2 = account_id;
return done(err);
}
});
});
it("tries -- AND FAILS -- to change that other user's password", function(done) {
return api.call({
event: 'change_password',
body: {
account_id: account_id2,
new_password: 'blah'
},
cb: function(err, resp) {
expect(resp != null ? resp.error : void 0).toEqual('invalid old password'); // invalid since not auth'd as them - a generic response
return done(err);
}
});
});
api_key2 = void 0;
it("get api key of user with no password", function(done) {
return api.db.regenerate_api_key({
account_id: account_id2,
cb: function(err, api_key) {
api_key2 = api_key;
return done(err);
}
});
});
it("tries and fails for a good reason", function(done) {
return api.call({
event: 'change_password',
api_key: api_key2,
body: {
account_id: account_id2,
new_password: 'blah'
},
cb: function(err, resp) {
expect(resp != null ? resp.error : void 0).toEqual({
new_password: 'Password must be between 6 and 64 characters in length.'
});
return done(err);
}
});
});
it("tries and fails for a good reason", function(done) {
return api.call({
event: 'change_password',
api_key: api_key2,
body: {
account_id: account_id2,
new_password: 'blahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblah'
},
cb: function(err, resp) {
expect(resp != null ? resp.error : void 0).toEqual({
new_password: 'Password must be between 6 and 64 characters in length.'
});
return done(err);
}
});
});
return it("tries -- AND SUCCEEDS -- to change that other user's password", function(done) {
return api.call({
event: 'change_password',
api_key: api_key2,
body: {
account_id: account_id2,
new_password: 'blahblah'
},
cb: function(err, resp) {
expect(resp != null ? resp.error : void 0).toBe(void 0);
return done(err);
}
});
});
});
describe('test changing email address -- ', function() {
var account_id2;
before(setup);
after(teardown);
beforeEach(reset);
it("changes it", function(done) {
return api.call({
event: 'change_email_address',
body: {
new_email_address: "cocalc+1@sagemath.com",
password: 'blah',
account_id: api.account_id
},
cb: function(err, resp) {
expect(resp != null ? resp.event : void 0).toBe('changed_email_address');
return done(err);
}
});
});
it('confirms it really changed', function(done) {
return api.call({
event: 'query',
body: {
query: {
accounts: {
email_address: null
}
}
},
cb: function(err, resp) {
var ref, ref1;
expect(resp != null ? (ref = resp.query) != null ? (ref1 = ref.accounts) != null ? ref1.email_address : void 0 : void 0 : void 0).toBe('cocalc+1@sagemath.com');
return done(err);
}
});
});
it('tries to change with wrong password', function(done) {
return api.call({
event: 'change_email_address',
body: {
new_email_address: "cocalc+2@sagemath.com",
password: 'blahblah',
account_id: api.account_id
},
cb: function(err, resp) {
expect(resp != null ? resp.error : void 0).toBe('invalid_password');
return done(err);
}
});
});
it('confirms it did NOT change', function(done) {
return api.call({
event: 'query',
body: {
query: {
accounts: {
email_address: null
}
}
},
cb: function(err, resp) {
var ref, ref1;
expect(resp != null ? (ref = resp.query) != null ? (ref1 = ref.accounts) != null ? ref1.email_address : void 0 : void 0 : void 0).toBe('cocalc+1@sagemath.com');
return done(err);
}
});
});
account_id2 = void 0;
it("create another account", function(done) {
return api.db.create_account({
first_name: "Sage2",
last_name: "CoCalc2",
created_by: "1.2.3.5",
email_address: "cocalc389@sagemath.com",
cb: function(err, account_id) {
account_id2 = account_id;
return done(err);
}
});
});
return it('tries to change to that email address', function(done) {
return api.call({
event: 'change_email_address',
body: {
new_email_address: "cocalc389@sagemath.com",
password: 'blah',
account_id: api.account_id
},
cb: function(err, resp) {
expect(resp != null ? resp.error : void 0).toBe('email_already_taken');
return done(err);
}
});
});
});
describe('tests sending a forgot password email --', function() {
var reset_code;
before(setup);
after(teardown);
beforeEach(reset);
it('sends a forgot password email for an address that does not exist', function(done) {
return api.call({
event: 'forgot_password',
body: {
email_address: 'cocalc+17@sagemath.com'
},
cb: function(err, resp) {
expect(resp != null ? resp.error : void 0).toBe('No account with e-mail address cocalc+17@sagemath.com');
return done(err);
}
});
});
reset_code = void 0;
it('sends a forgot password email', function(done) {
return api.call({
event: 'forgot_password',
body: {
email_address: 'cocalc@sagemath.com'
},
cb: function(err, resp) {
var i, ref, ref1, ref2;
expect(resp.error).toBe(false);
expect((ref = api.last_email) != null ? ref.subject : void 0).toBe('CoCalc Password Reset');
i = (ref1 = api.last_email) != null ? ref1.body.indexOf('?forgot=') : void 0;
reset_code = (ref2 = api.last_email) != null ? ref2.body.slice(i + '?forgot='.length, i + '?forgot='.length + 36) : void 0;
expect(misc.is_valid_uuid_string(reset_code)).toBe(true);
return done(err);
}
});
});
it('uses the forgot password token', function(done) {
return api.call({
event: 'reset_forgot_password',
body: {
reset_code: reset_code,
new_password: 'foobar'
},
cb: function(err, resp) {
expect(!!(resp != null ? resp.error : void 0)).toBe(false);
return done(err);
}
});
});
return it('verifies that password was properly reset', function(done) {
return auth.is_password_correct({
database: api.db,
account_id: api.account_id,
password: 'foobar',
cb: function(err, is_correct) {
expect(is_correct).toBe(true);
return done(err);
}
});
});
});
}).call(this);
//# sourceMappingURL=password.js.map