krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-13 04:37:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
05933be20513ebdf86b85cef6c947848fc13d583
habitica/test/api/v3/integration/user/auth/POST-login-local.test.js
Fiz c947fa97d9 Updates & Fixes: Fix Orb of Rebirth bug, update blocked player ToS message, Fix redundant disabled styling (#15494) 
* add new frontend files

* Add UI for managing blockers

* correctly reset local data after creating blocker

* Tweak wording

* Add UI for managing blockers

* restructure admin pages

* add blocker to block emails from registration

* lint fixes

* Await genericPurchase completion before page reload to prevent request cancellation.

Also adds defensive check for undefined error.response in axios interceptor to prevent "t.response undefined" errors.

* Fix shop tabs overflow off screen at certain zoom levels
Fix quest cards get cut off on small screens
Fix pop-up windows extend past screen edges on mobile

* Update ToS error message

- Updated account suspension message from "This account, User ID..." to "Your account @[username] has been
  blocked..."
- Modified server auth middleware to pass username parameter when throwing account suspended error
-Modified auth utils loginRes function to include username in suspended account error
- Updated client bannedAccountModal component to pass username (empty string if unavailable)
- Updated login test to expect username in account suspended message

* lint fix

* Responsive Layout for Equipment Containers

- Added responsive CSS for mobile (<768px) and tablet (769px-1024px)
- Implemented flex-wrap layout that automatically stacks items in rows of 4 on smaller

* remove redundant disabled styles in task modals

The .disabled class conflicting with existing disabled state implementations

* Revert "Merge branch 'fiz/item-container-scaling' into qa/bat"

This reverts commit 4f28bfaad4, reversing
changes made to 477dd6328a.

* fix(blockers): duplicated code from rebase

* fix(admin): revert accidental change from rebase

* move !error.response to correct level

!error.response before any attempt to access error.response.status

* chore(github): split responsiveness to #15514

---------

Co-authored-by: Phillip Thelen <phillip@habitica.com>
Co-authored-by: Kalista Payne <kalista@habitica.com>
2025-09-22 11:12:09 -05:00

143 lines
4.0 KiB
JavaScript
Raw Blame History

import nconf from 'nconf';
import {
generateUser,
requester,
translate as t,
} from '../../../../../helpers/api-integration/v3';
import {
bcryptCompare,
sha1MakeSalt,
sha1Encrypt as sha1EncryptPassword,
} from '../../../../../../website/server/libs/password';
describe('POST /user/auth/local/login', () => {
let api;
let user;
const endpoint = '/user/auth/local/login';
const password = 'password';
beforeEach(async () => {
api = requester();
user = await generateUser();
});
it('success with username', async () => {
const response = await api.post(endpoint, {
username: user.auth.local.username,
password,
});
expect(response.apiToken).to.eql(user.apiToken);
});
it('success with email', async () => {
const response = await api.post(endpoint, {
username: user.auth.local.email,
password,
});
expect(response.apiToken).to.eql(user.apiToken);
});
it('user is blocked', async () => {
await user.updateOne({ 'auth.blocked': 1 });
await expect(api.post(endpoint, {
username: user.auth.local.username,
password,
})).to.eventually.be.rejected.and.eql({
code: 401,
error: 'NotAuthorized',
message: t('accountSuspended', { communityManagerEmail: nconf.get('EMAILS_COMMUNITY_MANAGER_EMAIL'), userId: user._id, username: user.auth.local.username }),
});
});
it('wrong password', async () => {
await expect(api.post(endpoint, {
username: user.auth.local.username,
password: 'wrong-password',
})).to.eventually.be.rejected.and.eql({
code: 401,
error: 'NotAuthorized',
message: t('invalidLoginCredentialsLong'),
});
});
it('missing username', async () => {
await expect(api.post(endpoint, {
password: 'wrong-password',
})).to.eventually.be.rejected.and.eql({
code: 400,
error: 'BadRequest',
message: t('invalidReqParams'),
});
});
it('missing password', async () => {
await expect(api.post(endpoint, {
username: user.auth.local.username,
})).to.eventually.be.rejected.and.eql({
code: 400,
error: 'BadRequest',
message: t('invalidReqParams'),
});
});
it('converts user with SHA1 encrypted password to bcrypt encryption', async () => {
const textPassword = 'mySecretPassword';
const salt = sha1MakeSalt();
const sha1HashedPassword = sha1EncryptPassword(textPassword, salt);
await user.updateOne({
'auth.local.hashed_password': sha1HashedPassword,
'auth.local.passwordHashMethod': 'sha1',
'auth.local.salt': salt,
});
await user.sync();
expect(user.auth.local.passwordHashMethod).to.equal('sha1');
expect(user.auth.local.salt).to.equal(salt);
expect(user.auth.local.hashed_password).to.equal(sha1HashedPassword);
// login
await api.post(endpoint, {
username: user.auth.local.email,
password: textPassword,
});
await user.sync();
expect(user.auth.local.passwordHashMethod).to.equal('bcrypt');
expect(user.auth.local.salt).to.be.undefined;
expect(user.auth.local.hashed_password).not.to.equal(sha1HashedPassword);
const isValidPassword = await bcryptCompare(textPassword, user.auth.local.hashed_password);
expect(isValidPassword).to.equal(true);
});
it('sets auth.timestamps.updated', async () => {
const oldUpdated = new Date(user.auth.timestamps.updated);
// login
await api.post(endpoint, {
username: user.auth.local.email,
password,
});
await user.sync();
expect(user.auth.timestamps.updated).to.be.greaterThan(oldUpdated);
});
it('user uses social authentication and has no password', async () => {
await user.unset({
'auth.local.hashed_password': 1,
});
await user.sync();
expect(user.auth.local.hashed_password).to.be.undefined;
await expect(api.post(endpoint, {
username: user.auth.local.username,
password: 'any-password',
})).to.eventually.be.rejected.and.eql({
code: 401,
error: 'NotAuthorized',
message: t('invalidLoginCredentialsLong'),
});
});
});
Reference in New Issue View Git Blame Copy Permalink