mirror of
https://github.com/bigcapitalhq/bigcapital.git
synced 2026-02-13 03:10:31 +00:00
289 lines
9.3 KiB
JavaScript
289 lines
9.3 KiB
JavaScript
import { request, expect, createUser } from '~/testInit';
|
|
import { hashPassword } from 'utils';
|
|
import knex from '@/database/knex';
|
|
import {
|
|
tenantWebsite,
|
|
tenantFactory,
|
|
systemFactory,
|
|
loginRes
|
|
} from '~/dbInit';
|
|
import TenantUser from 'models/TenantUser';
|
|
import PasswordReset from '@/system/models/PasswordReset';
|
|
import SystemUser from '@/system/models/SystemUser';
|
|
|
|
|
|
describe('routes: /auth/', () => {
|
|
describe('POST `/api/auth/login`', () => {
|
|
it('Should `crediential` be required.', async () => {
|
|
const res = await request().post('/api/auth/login').send({});
|
|
expect(res.status).equals(422);
|
|
expect(res.body.code).equals('validation_error');
|
|
|
|
const paramsErrors = res.body.errors.map((error) => error.param);
|
|
expect(paramsErrors).to.include('crediential');
|
|
});
|
|
|
|
it('Should `password` be required.', async () => {
|
|
const res = await request().post('/api/auth/login').send();
|
|
expect(res.status).equals(422);
|
|
expect(res.body.code).equals('validation_error');
|
|
|
|
const paramsErrors = res.body.errors.map((error) => error.param);
|
|
expect(paramsErrors).to.include('password');
|
|
});
|
|
|
|
it('Should the min length of the `password` be 5 ch.', async () => {
|
|
const res = await request().post('/api/auth/login').send({
|
|
crediential: 'admin@admin.com',
|
|
password: 'test',
|
|
});
|
|
|
|
expect(res.status).equals(422);
|
|
expect(res.body.code).equals('validation_error');
|
|
|
|
const paramsErrors = res.body.errors.map((error) => error.param);
|
|
expect(paramsErrors).to.include('password');
|
|
});
|
|
|
|
it('Should be a valid email format in crediential attribute.', async () => {
|
|
const res = await request().post('/api/auth/login').send({
|
|
crediential: 'admin',
|
|
password: 'test',
|
|
});
|
|
|
|
expect(res.status).equals(422);
|
|
expect(res.body.code).equals('validation_error');
|
|
|
|
const paramsErrors = res.body.errors.map((error) => error.param);
|
|
expect(paramsErrors).to.include('password');
|
|
});
|
|
|
|
it('Should not authenticate with wrong user email and password.', async () => {
|
|
const res = await request().post('/api/auth/login').send({
|
|
crediential: 'admin@admin.com',
|
|
password: 'admin',
|
|
});
|
|
expect(res.body.errors).include.something.that.deep.equals({
|
|
type: 'INVALID_DETAILS', code: 100,
|
|
});
|
|
});
|
|
|
|
it('Should not authenticate in case user was not active.', async () => {
|
|
const user = await createUser(tenantWebsite, {
|
|
active: false,
|
|
email: 'admin@admin.com',
|
|
});
|
|
|
|
const res = await request().post('/api/auth/login').send({
|
|
crediential: 'admin@admin.com',
|
|
password: 'admin',
|
|
});
|
|
expect(res.status).equals(400);
|
|
expect(res.body.errors).include.something.that.deep.equals({
|
|
type: 'USER_INACTIVE', code: 110,
|
|
});
|
|
});
|
|
|
|
it('Should authenticate with correct email and password and active user.', async () => {
|
|
const user = await createUser(tenantWebsite, {
|
|
email: 'admin@admin.com',
|
|
});
|
|
const res = await request().post('/api/auth/login').send({
|
|
crediential: user.email,
|
|
password: 'admin',
|
|
});
|
|
expect(res.status).equals(200);
|
|
});
|
|
|
|
it('Should authenticate success with correct phone number and password.', async () => {
|
|
const password = await hashPassword('admin');
|
|
const user = await createUser(tenantWebsite, {
|
|
phone_number: '0920000000',
|
|
password,
|
|
});
|
|
const res = await request().post('/api/auth/login').send({
|
|
crediential: user.email,
|
|
password: 'admin',
|
|
});
|
|
|
|
expect(res.status).equals(200);
|
|
});
|
|
|
|
it('Should last login date be saved after success login.', async () => {
|
|
const user = await createUser(tenantWebsite, {
|
|
email: 'admin@admin.com',
|
|
});
|
|
const res = await request().post('/api/auth/login').send({
|
|
crediential: user.email,
|
|
password: 'admin',
|
|
});
|
|
const foundUserAfterUpdate = await TenantUser.tenant().query()
|
|
.where('email', user.email)
|
|
.where('first_name', user.first_name)
|
|
.first();
|
|
|
|
expect(res.status).equals(200);
|
|
expect(foundUserAfterUpdate.lastLoginAt).to.not.be.null;
|
|
});
|
|
});
|
|
|
|
describe('POST: `/auth/send_reset_password`', () => {
|
|
it('Should `email` be required.', async () => {
|
|
const res = await request().post('/api/auth/send_reset_password').send();
|
|
|
|
expect(res.status).equals(422);
|
|
expect(res.body.code).equals('validation_error');
|
|
});
|
|
|
|
it('Should response unproccessable if the email address was invalid.', async () => {
|
|
const res = await request().post('/api/auth/send_reset_password').send({
|
|
email: 'invalid_email',
|
|
});
|
|
|
|
expect(res.status).equals(422);
|
|
expect(res.body.code).equals('validation_error');
|
|
});
|
|
|
|
it('Should response unproccessable if the email address was not exist.', async () => {
|
|
const res = await request().post('/api/auth/send_reset_password').send({
|
|
email: 'admin@admin.com',
|
|
});
|
|
|
|
expect(res.status).equals(400);
|
|
expect(res.body.errors).include.something.that.deep.equals({
|
|
type: 'EMAIL.NOT.REGISTERED', code: 200,
|
|
});
|
|
});
|
|
|
|
it('Should delete all already tokens that associate to the given email.', async () => {
|
|
const user = await createUser(tenantWebsite);
|
|
const token = '123123';
|
|
|
|
await knex('password_resets').insert({ email: user.email, token });
|
|
|
|
await request().post('/api/auth/send_reset_password').send({
|
|
email: user.email,
|
|
});
|
|
|
|
const oldPasswordToken = await knex('password_resets').where('token', token);
|
|
|
|
expect(oldPasswordToken).to.have.lengthOf(0);
|
|
});
|
|
|
|
it('Should store new token associate with the given email.', async () => {
|
|
const user = await createUser(tenantWebsite);
|
|
await request().post('/api/auth/send_reset_password').send({
|
|
email: user.email,
|
|
});
|
|
|
|
const token = await knex('password_resets').where('email', user.email);
|
|
|
|
expect(token).to.have.lengthOf(1);
|
|
});
|
|
|
|
it('Should response success if the email was exist.', async () => {
|
|
const user = await createUser(tenantWebsite);
|
|
const res = await request().post('/api/auth/send_reset_password').send({
|
|
email: user.email,
|
|
});
|
|
|
|
expect(res.status).equals(200);
|
|
});
|
|
});
|
|
|
|
describe('POST: `/auth/reset/:token`', () => {
|
|
// it('Should response forbidden if the token was invalid.', () => {
|
|
|
|
// });
|
|
|
|
it('Should response forbidden if the token was expired.', () => {
|
|
|
|
});
|
|
|
|
it('Should `password` be required.', async () => {
|
|
const user = await createUser(tenantWebsite);
|
|
const passwordReset = await systemFactory.create('password_reset', {
|
|
email: user.email,
|
|
});
|
|
|
|
const res = await request()
|
|
.post(`/api/auth/reset/${passwordReset.token}`)
|
|
.send();
|
|
|
|
expect(res.status).equals(422);
|
|
expect(res.body.code).equals('validation_error');
|
|
|
|
const paramsErrors = res.body.errors.map((error) => error.param);
|
|
expect(paramsErrors).to.include('password');
|
|
});
|
|
|
|
it('Should password and confirm_password be equal.', async () => {
|
|
const user = await createUser(tenantWebsite);
|
|
const passwordReset = await systemFactory.create('password_reset', {
|
|
email: user.email,
|
|
});
|
|
|
|
const res = await request()
|
|
.post(`/api/auth/reset/${passwordReset.token}`)
|
|
.send({
|
|
password: '123123',
|
|
});
|
|
|
|
expect(res.status).equals(422);
|
|
expect(res.body.code).equals('validation_error');
|
|
|
|
const paramsErrors = res.body.errors.map((error) => error.param);
|
|
expect(paramsErrors).to.include('password');
|
|
});
|
|
|
|
it('Should response success with correct data form.', async () => {
|
|
const user = await createUser(tenantWebsite);
|
|
const passwordReset = await systemFactory.create('password_reset', {
|
|
email: user.email,
|
|
});
|
|
|
|
const res = await request()
|
|
.post(`/api/auth/reset/${passwordReset.token}`)
|
|
.send({
|
|
password: '123123',
|
|
confirm_password: '123123',
|
|
});
|
|
expect(res.status).equals(200);
|
|
});
|
|
|
|
it('Should token be deleted after success response.', async () => {
|
|
const user = await createUser(tenantWebsite);
|
|
const passwordReset = await systemFactory.create('password_reset', {
|
|
email: user.email,
|
|
});
|
|
await request()
|
|
.post(`/api/auth/reset/${passwordReset.token}`)
|
|
.send({
|
|
password: '123123',
|
|
confirm_password: '123123',
|
|
});
|
|
|
|
const foundTokens = await PasswordReset.query().where('email', passwordReset.email);
|
|
|
|
expect(foundTokens).to.have.lengthOf(0);
|
|
});
|
|
|
|
it('Should password be updated after success response.', async () => {
|
|
const user = await createUser(tenantWebsite);
|
|
const passwordReset = await systemFactory.create('password_reset', {
|
|
email: user.email,
|
|
});
|
|
|
|
const res = await request().post(`/api/auth/reset/${passwordReset.token}`).send({
|
|
password: '123123',
|
|
confirm_password: '123123',
|
|
});
|
|
const systemUserPasswordUpdated = await SystemUser.query()
|
|
.where('id', user.id).first();
|
|
|
|
expect(systemUserPasswordUpdated.id).equals(user.id);
|
|
expect(systemUserPasswordUpdated.password).not.equals(user.password);
|
|
});
|
|
});
|
|
});
|