test(e2e): add tests for too weak passwords

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-11-25 03:06:31 -05:00 · 2022-09-25 11:21:09 +02:00 · 2022-09-25 11:21:09 +02:00 · 188f206746
commit 188f206746
parent 3ba9f95f83
1 changed files with 53 additions and 0 deletions
--- a/test/private-api/register-and-login.e2e-spec.ts
+++ b/test/private-api/register-and-login.e2e-spec.ts
@ -85,6 +85,20 @@ describe('Register and Login', () => {
      .expect(409);
  });

+  test('a user cannot create a local account with a weak password', async () => {
+    // register a new user
+    const registrationDto: RegisterDto = {
+      displayName: DISPLAYNAME,
+      password: 'test123',
+      username: USERNAME,
+    };
+    await request(testSetup.app.getHttpServer())
+      .post('/api/private/auth/local')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify(registrationDto))
+      .expect(400);
+  });
+
  test('a user can create a local account and change the password', async () => {
    // register a new user
    const registrationDto: RegisterDto = {
@ -140,4 +154,43 @@ describe('Register and Login', () => {
    // allowed to request profile now
    await session.get('/api/private/me').expect(200);
  });
+
+  test('a user can create a local account and cannot change the password to a weak one', async () => {
+    // register a new user
+    const registrationDto: RegisterDto = {
+      displayName: DISPLAYNAME,
+      password: PASSWORD,
+      username: USERNAME,
+    };
+    await request(testSetup.app.getHttpServer())
+      .post('/api/private/auth/local')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify(registrationDto))
+      .expect(201);
+
+    // log in with the new user and create a session
+    const loginDto: LoginDto = {
+      password: PASSWORD,
+      username: USERNAME,
+    };
+    const newPassword = 'pasword1';
+    const session = request.agent(testSetup.app.getHttpServer());
+    await session
+      .post('/api/private/auth/local/login')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify(loginDto))
+      .expect(201);
+
+    // change the password
+    await session
+      .put('/api/private/auth/local')
+      .set('Content-Type', 'application/json')
+      .send(
+        JSON.stringify({
+          currentPassword: PASSWORD,
+          newPassword: newPassword,
+        }),
+      )
+      .expect(400);
+  });
 });