mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-13 04:37:36 +01:00
147 lines
4.5 KiB
JavaScript
147 lines
4.5 KiB
JavaScript
import nconf from 'nconf';
|
|
import {
|
|
generateUser,
|
|
translate as t,
|
|
} from '../../../../../helpers/api-integration/v3';
|
|
import {
|
|
bcryptCompare,
|
|
sha1MakeSalt,
|
|
sha1Encrypt as sha1EncryptPassword,
|
|
} from '../../../../../../website/server/libs/password';
|
|
|
|
const ENDPOINT = '/user/auth/update-email';
|
|
|
|
describe('PUT /user/auth/update-email', () => {
|
|
const newEmail = 'SOmE-nEw-emAIl_2@example.net';
|
|
const oldPassword = 'password'; // from habitrpg/test/helpers/api-integration/v3/object-generators.js
|
|
|
|
context('Local Authentication User', async () => {
|
|
let user;
|
|
|
|
beforeEach(async () => {
|
|
user = await generateUser();
|
|
});
|
|
|
|
it('does not change email if email is not provided', async () => {
|
|
await expect(user.put(ENDPOINT)).to.eventually.be.rejected.and.eql({
|
|
code: 400,
|
|
error: 'BadRequest',
|
|
message: t('invalidReqParams'),
|
|
});
|
|
});
|
|
|
|
it('does not change email if password is not provided', async () => {
|
|
await expect(user.put(ENDPOINT, {
|
|
newEmail,
|
|
})).to.eventually.be.rejected.and.eql({
|
|
code: 400,
|
|
error: 'BadRequest',
|
|
message: t('invalidReqParams'),
|
|
});
|
|
});
|
|
|
|
it('does not change email if wrong password is provided', async () => {
|
|
await expect(user.put(ENDPOINT, {
|
|
newEmail,
|
|
password: 'wrong password',
|
|
})).to.eventually.be.rejected.and.eql({
|
|
code: 401,
|
|
error: 'NotAuthorized',
|
|
message: t('wrongPassword'),
|
|
});
|
|
});
|
|
|
|
it('changes email if new email and existing password are provided', async () => {
|
|
const lowerCaseNewEmail = newEmail.toLowerCase();
|
|
const response = await user.put(ENDPOINT, {
|
|
newEmail,
|
|
password: oldPassword,
|
|
});
|
|
expect(response.email).to.eql(lowerCaseNewEmail);
|
|
|
|
await user.sync();
|
|
expect(user.auth.local.email).to.eql(lowerCaseNewEmail);
|
|
});
|
|
|
|
it('rejects if email is already taken', async () => {
|
|
await expect(user.put(ENDPOINT, {
|
|
newEmail: user.auth.local.email,
|
|
password: oldPassword,
|
|
})).to.eventually.be.rejected.and.eql({
|
|
code: 401,
|
|
error: 'NotAuthorized',
|
|
message: t('cannotFulfillReq', { techAssistanceEmail: nconf.get('EMAILS_TECH_ASSISTANCE_EMAIL') }),
|
|
});
|
|
});
|
|
|
|
it('converts user with SHA1 encrypted password to bcrypt encryption', async () => {
|
|
const textPassword = 'mySecretPassword';
|
|
const salt = sha1MakeSalt();
|
|
const sha1HashedPassword = sha1EncryptPassword(textPassword, salt);
|
|
const myNewEmail = 'my-new-random-email@example.net';
|
|
|
|
await user.updateOne({
|
|
'auth.local.hashed_password': sha1HashedPassword,
|
|
'auth.local.passwordHashMethod': 'sha1',
|
|
'auth.local.salt': salt,
|
|
});
|
|
|
|
await user.sync();
|
|
expect(user.auth.local.passwordHashMethod).to.equal('sha1');
|
|
expect(user.auth.local.salt).to.equal(salt);
|
|
expect(user.auth.local.hashed_password).to.equal(sha1HashedPassword);
|
|
|
|
// update email
|
|
const response = await user.put(ENDPOINT, {
|
|
newEmail: myNewEmail,
|
|
password: textPassword,
|
|
});
|
|
expect(response).to.eql({ email: myNewEmail });
|
|
|
|
await user.sync();
|
|
|
|
expect(user.auth.local.email).to.equal(myNewEmail);
|
|
expect(user.auth.local.passwordHashMethod).to.equal('bcrypt');
|
|
expect(user.auth.local.salt).to.be.undefined;
|
|
expect(user.auth.local.hashed_password).not.to.equal(sha1HashedPassword);
|
|
|
|
const isValidPassword = await bcryptCompare(textPassword, user.auth.local.hashed_password);
|
|
expect(isValidPassword).to.equal(true);
|
|
});
|
|
|
|
it('invalidates any outstanding password reset code', async () => {
|
|
await user.updateOne({
|
|
'auth.local.passwordResetCode': 'impossible-reset-code',
|
|
});
|
|
|
|
await user.put(ENDPOINT, {
|
|
newEmail: 'bogo@example.com',
|
|
password: oldPassword,
|
|
});
|
|
|
|
await user.sync();
|
|
expect(user.auth.local.passwordResetCode).to.not.exist;
|
|
});
|
|
});
|
|
|
|
context('Social Login User', async () => {
|
|
let socialUser;
|
|
|
|
beforeEach(async () => {
|
|
socialUser = await generateUser();
|
|
await socialUser.updateOne({ 'auth.local': { ok: true } });
|
|
});
|
|
|
|
it('does not change email if user.auth.local.email does not exist for this user', async () => {
|
|
await expect(socialUser.put(ENDPOINT, {
|
|
newEmail,
|
|
password: oldPassword,
|
|
})).to.eventually.be.rejected.and.eql({
|
|
code: 400,
|
|
error: 'BadRequest',
|
|
message: t('userHasNoLocalRegistration'),
|
|
});
|
|
});
|
|
});
|
|
});
|