mirror of
https://github.com/codeninjasllc/codecombat.git
synced 2025-02-16 00:19:50 -05:00
Merge pull request #323 from smoratinos/master
server auth reset password fix + test
This commit is contained in:
Michael Schmatz
commit
06667436e1
2 changed files with 75 additions and 9 deletions
|
|
@ -56,7 +56,7 @@ module.exports.setupRoutes = (app) ->
|
|||
|
||||
app.post('/auth/reset', (req, res) ->
|
||||
unless req.body.email
|
||||
return errors.badInput(res, [{message:'Need an email specified.', property:email}])
|
||||
return errors.badInput(res, [{message:'Need an email specified.', property:'email'}])
|
||||
|
||||
User.findOne({emailLower:req.body.email.toLowerCase()}).exec((err, user) ->
|
||||
if not user
|
||||
|
|
@ -74,7 +74,7 @@ module.exports.setupRoutes = (app) ->
|
|||
else
|
||||
return res.end()
|
||||
else
|
||||
console.log 'new password is', user.get('passwordReset')
|
||||
res.send user.get('passwordReset')
|
||||
return res.end()
|
||||
)
|
||||
)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,8 @@
|
|||
require './common'
|
||||
request = require 'request'
|
||||
|
||||
urlLogin = getURL('/auth/login')
|
||||
urlReset = getURL('/auth/reset')
|
||||
|
||||
describe '/auth/whoami', ->
|
||||
http = require 'http'
|
||||
|
|
@ -10,8 +14,6 @@ describe '/auth/whoami', ->
|
|||
)
|
||||
|
||||
describe '/auth/login', ->
|
||||
url = getURL('/auth/login')
|
||||
request = require 'request'
|
||||
|
||||
it 'clears Users first', (done) ->
|
||||
User.remove {}, (err) ->
|
||||
|
|
@ -19,7 +21,7 @@ describe '/auth/login', ->
|
|||
done()
|
||||
|
||||
it 'finds no user', (done) ->
|
||||
req = request.post(url, (error, response) ->
|
||||
req = request.post(urlLogin, (error, response) ->
|
||||
expect(response).toBeDefined()
|
||||
expect(response.statusCode).toBe(401)
|
||||
done()
|
||||
|
|
@ -40,7 +42,7 @@ describe '/auth/login', ->
|
|||
form.append('password', 'nada')
|
||||
|
||||
it 'finds that created user', (done) ->
|
||||
req = request.post(url, (error, response) ->
|
||||
req = request.post(urlLogin, (error, response) ->
|
||||
expect(response).toBeDefined()
|
||||
expect(response.statusCode).toBe(200)
|
||||
done()
|
||||
|
|
@ -50,7 +52,7 @@ describe '/auth/login', ->
|
|||
form.append('password', 'nada')
|
||||
|
||||
it 'rejects wrong passwords', (done) ->
|
||||
req = request.post(url, (error, response) ->
|
||||
req = request.post(urlLogin, (error, response) ->
|
||||
expect(response.statusCode).toBe(401)
|
||||
expect(response.body.indexOf("wrong, wrong")).toBeGreaterThan(-1)
|
||||
done()
|
||||
|
|
@ -60,10 +62,74 @@ describe '/auth/login', ->
|
|||
form.append('password', 'blahblah')
|
||||
|
||||
it 'is completely case insensitive', (done) ->
|
||||
req = request.post(url, (error, response) ->
|
||||
req = request.post(urlLogin, (error, response) ->
|
||||
expect(response.statusCode).toBe(200)
|
||||
done()
|
||||
)
|
||||
form = req.form()
|
||||
form.append('username', 'scoTT@gmaIL.com')
|
||||
form.append('password', 'NaDa')
|
||||
form.append('password', 'NaDa')
|
||||
|
||||
|
||||
describe '/auth/reset', ->
|
||||
passwordReset = ''
|
||||
|
||||
it 'emails require', (done) ->
|
||||
req = request.post(urlReset, (error, response) ->
|
||||
expect(response).toBeDefined()
|
||||
expect(response.statusCode).toBe(422)
|
||||
done()
|
||||
)
|
||||
form = req.form()
|
||||
form.append('username', 'scott@gmail.com')
|
||||
|
||||
it 'can\'t reset an unknow user', (done) ->
|
||||
req = request.post(urlReset, (error, response) ->
|
||||
expect(response).toBeDefined()
|
||||
expect(response.statusCode).toBe(404)
|
||||
done()
|
||||
)
|
||||
form = req.form()
|
||||
form.append('email', 'unknow')
|
||||
|
||||
it 'reset user password', (done) ->
|
||||
req = request.post(urlReset, (error, response) ->
|
||||
expect(response).toBeDefined()
|
||||
expect(response.statusCode).toBe(200)
|
||||
expect(response.body).toBeDefined()
|
||||
passwordReset = response.body
|
||||
done()
|
||||
)
|
||||
form = req.form()
|
||||
form.append('email', 'scott@gmail.com')
|
||||
|
||||
it 'can login after resetting', (done) ->
|
||||
req = request.post(urlLogin, (error, response) ->
|
||||
expect(response).toBeDefined()
|
||||
expect(response.statusCode).toBe(200)
|
||||
done()
|
||||
)
|
||||
form = req.form()
|
||||
form.append('username', 'scott@gmail.com')
|
||||
form.append('password', passwordReset)
|
||||
|
||||
it 'resetting password is not permanent', (done) ->
|
||||
req = request.post(urlLogin, (error, response) ->
|
||||
expect(response).toBeDefined()
|
||||
expect(response.statusCode).toBe(401)
|
||||
done()
|
||||
)
|
||||
form = req.form()
|
||||
form.append('username', 'scott@gmail.com')
|
||||
form.append('password', passwordReset)
|
||||
|
||||
|
||||
it 'can still login with old password', (done) ->
|
||||
req = request.post(urlLogin, (error, response) ->
|
||||
expect(response).toBeDefined()
|
||||
expect(response.statusCode).toBe(200)
|
||||
done()
|
||||
)
|
||||
form = req.form()
|
||||
form.append('username', 'scott@gmail.com')
|
||||
form.append('password', 'nada')
|
||||
|
|
|
|||
Loading…
Reference in a new issue