From f27db349761e80c7fbe7b3872622568454c03fae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Moratinos?= Date: Mon, 3 Feb 2014 00:02:47 +0100 Subject: [PATCH] add server auth test (reset password) --- server/routes/auth.coffee | 2 +- test/server/auth.spec.coffee | 80 ++++++++++++++++++++++++++++++++---- 2 files changed, 74 insertions(+), 8 deletions(-) diff --git a/server/routes/auth.coffee b/server/routes/auth.coffee index 169e18a6d..0ab5476d4 100644 --- a/server/routes/auth.coffee +++ b/server/routes/auth.coffee @@ -74,7 +74,7 @@ module.exports.setupRoutes = (app) -> else return res.end() else - console.log 'new password is', user.get('passwordReset') + res.send user.get('passwordReset') return res.end() ) ) diff --git a/test/server/auth.spec.coffee b/test/server/auth.spec.coffee index 3a34d9b7c..c92a83d8c 100644 --- a/test/server/auth.spec.coffee +++ b/test/server/auth.spec.coffee @@ -1,4 +1,8 @@ require './common' +request = require 'request' + +urlLogin = getURL('/auth/login') +urlReset = getURL('/auth/reset') describe '/auth/whoami', -> http = require 'http' @@ -10,8 +14,6 @@ describe '/auth/whoami', -> ) describe '/auth/login', -> - url = getURL('/auth/login') - request = require 'request' it 'clears Users first', (done) -> User.remove {}, (err) -> @@ -19,7 +21,7 @@ describe '/auth/login', -> done() it 'finds no user', (done) -> - req = request.post(url, (error, response) -> + req = request.post(urlLogin, (error, response) -> expect(response).toBeDefined() expect(response.statusCode).toBe(401) done() @@ -40,7 +42,7 @@ describe '/auth/login', -> form.append('password', 'nada') it 'finds that created user', (done) -> - req = request.post(url, (error, response) -> + req = request.post(urlLogin, (error, response) -> expect(response).toBeDefined() expect(response.statusCode).toBe(200) done() @@ -50,7 +52,7 @@ describe '/auth/login', -> form.append('password', 'nada') it 'rejects wrong passwords', (done) -> - req = request.post(url, (error, response) -> + req = request.post(urlLogin, (error, response) -> expect(response.statusCode).toBe(401) expect(response.body.indexOf("wrong, wrong")).toBeGreaterThan(-1) done() @@ -60,10 +62,74 @@ describe '/auth/login', -> form.append('password', 'blahblah') it 'is completely case insensitive', (done) -> - req = request.post(url, (error, response) -> + req = request.post(urlLogin, (error, response) -> expect(response.statusCode).toBe(200) done() ) form = req.form() form.append('username', 'scoTT@gmaIL.com') - form.append('password', 'NaDa') \ No newline at end of file + form.append('password', 'NaDa') + + +describe '/auth/reset', -> + passwordReset = '' + + it 'emails require', (done) -> + req = request.post(urlReset, (error, response) -> + expect(response).toBeDefined() + expect(response.statusCode).toBe(422) + done() + ) + form = req.form() + form.append('username', 'scott@gmail.com') + + it 'can\'t reset an unknow user', (done) -> + req = request.post(urlReset, (error, response) -> + expect(response).toBeDefined() + expect(response.statusCode).toBe(404) + done() + ) + form = req.form() + form.append('email', 'unknow') + + it 'reset user password', (done) -> + req = request.post(urlReset, (error, response) -> + expect(response).toBeDefined() + expect(response.statusCode).toBe(200) + expect(response.body).toBeDefined() + passwordReset = response.body + done() + ) + form = req.form() + form.append('email', 'scott@gmail.com') + + it 'can login after resetting', (done) -> + req = request.post(urlLogin, (error, response) -> + expect(response).toBeDefined() + expect(response.statusCode).toBe(200) + done() + ) + form = req.form() + form.append('username', 'scott@gmail.com') + form.append('password', passwordReset) + + it 'resetting password is not permanent', (done) -> + req = request.post(urlLogin, (error, response) -> + expect(response).toBeDefined() + expect(response.statusCode).toBe(401) + done() + ) + form = req.form() + form.append('username', 'scott@gmail.com') + form.append('password', passwordReset) + + + it 'can still login with old password', (done) -> + req = request.post(urlLogin, (error, response) -> + expect(response).toBeDefined() + expect(response.statusCode).toBe(200) + done() + ) + form = req.form() + form.append('username', 'scott@gmail.com') + form.append('password', 'nada')