mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-14 05:07:22 +01:00
f8d315ff6e
* remove some unused dependencies * update mongoose version * make common tests pass * Make unit tests pass * make api v3 integration tests pass * fix lint issues * fix issue with package-lock * fix(lint): we don't need no .js * fix(lint): update to latest config-habitrpg * chore(npm): update package locks * fix(test): replace deprecated fn * chore(package): update eslint-habitrpg again * fix(lint): server linting * fix(lint): client linting * fix(client): correct mangled common imports * chore(npm): update package-locks * fix(lint): punctuation, module --------- Co-authored-by: SabreCat <sabrecat@gmail.com> Co-authored-by: SabreCat <sabe@habitica.com>
131 lines
3.7 KiB
JavaScript
131 lines
3.7 KiB
JavaScript
import nconf from 'nconf';
|
|
import {
|
|
generateUser,
|
|
requester,
|
|
translate as t,
|
|
} from '../../../../../helpers/api-integration/v3';
|
|
import {
|
|
bcryptCompare,
|
|
sha1MakeSalt,
|
|
sha1Encrypt as sha1EncryptPassword,
|
|
} from '../../../../../../website/server/libs/password';
|
|
|
|
describe('POST /user/auth/local/login', () => {
|
|
let api;
|
|
let user;
|
|
const endpoint = '/user/auth/local/login';
|
|
const password = 'password';
|
|
beforeEach(async () => {
|
|
api = requester();
|
|
user = await generateUser();
|
|
});
|
|
|
|
it('success with username', async () => {
|
|
const response = await api.post(endpoint, {
|
|
username: user.auth.local.username,
|
|
password,
|
|
});
|
|
expect(response.apiToken).to.eql(user.apiToken);
|
|
});
|
|
|
|
it('success with email', async () => {
|
|
const response = await api.post(endpoint, {
|
|
username: user.auth.local.email,
|
|
password,
|
|
});
|
|
expect(response.apiToken).to.eql(user.apiToken);
|
|
});
|
|
|
|
it('user is blocked', async () => {
|
|
await user.updateOne({ 'auth.blocked': 1 });
|
|
await expect(api.post(endpoint, {
|
|
username: user.auth.local.username,
|
|
password,
|
|
})).to.eventually.be.rejected.and.eql({
|
|
code: 401,
|
|
error: 'NotAuthorized',
|
|
message: t('accountSuspended', { communityManagerEmail: nconf.get('EMAILS_COMMUNITY_MANAGER_EMAIL'), userId: user._id }),
|
|
});
|
|
});
|
|
|
|
it('wrong password', async () => {
|
|
await expect(api.post(endpoint, {
|
|
username: user.auth.local.username,
|
|
password: 'wrong-password',
|
|
})).to.eventually.be.rejected.and.eql({
|
|
code: 401,
|
|
error: 'NotAuthorized',
|
|
message: t('invalidLoginCredentialsLong'),
|
|
});
|
|
});
|
|
|
|
it('missing username', async () => {
|
|
await expect(api.post(endpoint, {
|
|
password: 'wrong-password',
|
|
})).to.eventually.be.rejected.and.eql({
|
|
code: 400,
|
|
error: 'BadRequest',
|
|
message: t('invalidReqParams'),
|
|
});
|
|
});
|
|
|
|
it('missing password', async () => {
|
|
await expect(api.post(endpoint, {
|
|
username: user.auth.local.username,
|
|
})).to.eventually.be.rejected.and.eql({
|
|
code: 400,
|
|
error: 'BadRequest',
|
|
message: t('invalidReqParams'),
|
|
});
|
|
});
|
|
|
|
it('converts user with SHA1 encrypted password to bcrypt encryption', async () => {
|
|
const textPassword = 'mySecretPassword';
|
|
const salt = sha1MakeSalt();
|
|
const sha1HashedPassword = sha1EncryptPassword(textPassword, salt);
|
|
|
|
await user.updateOne({
|
|
'auth.local.hashed_password': sha1HashedPassword,
|
|
'auth.local.passwordHashMethod': 'sha1',
|
|
'auth.local.salt': salt,
|
|
});
|
|
|
|
await user.sync();
|
|
expect(user.auth.local.passwordHashMethod).to.equal('sha1');
|
|
expect(user.auth.local.salt).to.equal(salt);
|
|
expect(user.auth.local.hashed_password).to.equal(sha1HashedPassword);
|
|
|
|
// login
|
|
await api.post(endpoint, {
|
|
username: user.auth.local.email,
|
|
password: textPassword,
|
|
});
|
|
|
|
await user.sync();
|
|
expect(user.auth.local.passwordHashMethod).to.equal('bcrypt');
|
|
expect(user.auth.local.salt).to.be.undefined;
|
|
expect(user.auth.local.hashed_password).not.to.equal(sha1HashedPassword);
|
|
|
|
const isValidPassword = await bcryptCompare(textPassword, user.auth.local.hashed_password);
|
|
expect(isValidPassword).to.equal(true);
|
|
});
|
|
|
|
it('user uses social authentication and has no password', async () => {
|
|
await user.unset({
|
|
'auth.local.hashed_password': 1,
|
|
});
|
|
|
|
await user.sync();
|
|
expect(user.auth.local.hashed_password).to.be.undefined;
|
|
|
|
await expect(api.post(endpoint, {
|
|
username: user.auth.local.username,
|
|
password: 'any-password',
|
|
})).to.eventually.be.rejected.and.eql({
|
|
code: 401,
|
|
error: 'NotAuthorized',
|
|
message: t('invalidLoginCredentialsLong'),
|
|
});
|
|
});
|
|
});
|