diff --git a/src/frontend-config/frontend-config.service.spec.ts b/src/frontend-config/frontend-config.service.spec.ts index c87c9815b..8fa9a1bd1 100644 --- a/src/frontend-config/frontend-config.service.spec.ts +++ b/src/frontend-config/frontend-config.service.spec.ts @@ -35,6 +35,7 @@ describe('FrontendConfigService', () => { local: { enableLogin: false, enableRegister: false, + minimalPasswordStrength: 2, }, facebook: { clientID: undefined, @@ -339,6 +340,7 @@ describe('FrontendConfigService', () => { local: { enableLogin: true, enableRegister, + minimalPasswordStrength: 3, }, }; const customizationConfig: CustomizationConfig = { diff --git a/test/private-api/alias.e2e-spec.ts b/test/private-api/alias.e2e-spec.ts index 700a5983a..b7777778c 100644 --- a/test/private-api/alias.e2e-spec.ts +++ b/test/private-api/alias.e2e-spec.ts @@ -8,7 +8,14 @@ import request from 'supertest'; import { AliasCreateDto } from '../../src/notes/alias-create.dto'; import { AliasUpdateDto } from '../../src/notes/alias-update.dto'; import { User } from '../../src/users/user.entity'; -import { TestSetup, TestSetupBuilder } from '../test-setup'; +import { + password1, + password2, + TestSetup, + TestSetupBuilder, + username1, + username2, +} from '../test-setup'; describe('Alias', () => { let testSetup: TestSetup; @@ -31,13 +38,13 @@ describe('Alias', () => { agent1 = request.agent(testSetup.app.getHttpServer()); await agent1 .post('/api/private/auth/local/login') - .send({ username: 'testuser1', password: 'testuser1' }) + .send({ username: username1, password: password1 }) .expect(201); agent2 = request.agent(testSetup.app.getHttpServer()); await agent2 .post('/api/private/auth/local/login') - .send({ username: 'testuser2', password: 'testuser2' }) + .send({ username: username2, password: password2 }) .expect(201); }); diff --git a/test/private-api/groups.e2e-spec.ts b/test/private-api/groups.e2e-spec.ts index 127bf5496..f62093997 100644 --- a/test/private-api/groups.e2e-spec.ts +++ b/test/private-api/groups.e2e-spec.ts @@ -6,7 +6,12 @@ import request from 'supertest'; import { LoginDto } from '../../src/identity/local/login.dto'; -import { TestSetup, TestSetupBuilder } from '../test-setup'; +import { + password1, + TestSetup, + TestSetupBuilder, + username1, +} from '../test-setup'; describe('Groups', () => { let testSetup: TestSetup; @@ -21,8 +26,8 @@ describe('Groups', () => { // log in to create a session const loginDto: LoginDto = { - password: 'testuser1', - username: 'testuser1', + password: password1, + username: username1, }; testuser1Session = request.agent(testSetup.app.getHttpServer()); await testuser1Session diff --git a/test/private-api/history.e2e-spec.ts b/test/private-api/history.e2e-spec.ts index ab2553e59..df7008834 100644 --- a/test/private-api/history.e2e-spec.ts +++ b/test/private-api/history.e2e-spec.ts @@ -33,21 +33,23 @@ describe('History', () => { testSetup.configService.get('noteConfig').forbiddenNoteIds[0]; const moduleRef = testSetup.moduleRef; + const username = 'hardcoded'; + const password = 'AHardcodedStrongP@ssword123'; await testSetup.app.init(); content = 'This is a test note.'; historyService = moduleRef.get(HistoryService); const userService = moduleRef.get(UsersService); identityService = moduleRef.get(IdentityService); - user = await userService.createUser('hardcoded', 'Testy'); - await identityService.createLocalIdentity(user, 'test'); + user = await userService.createUser(username, 'Testy'); + await identityService.createLocalIdentity(user, password); const notesService = moduleRef.get(NotesService); note = await notesService.createNote(content, user, 'note'); note2 = await notesService.createNote(content, user, 'note2'); agent = request.agent(testSetup.app.getHttpServer()); await agent .post('/api/private/auth/local/login') - .send({ username: 'hardcoded', password: 'test' }) + .send({ username: username, password: password }) .expect(201); }); diff --git a/test/private-api/me.e2e-spec.ts b/test/private-api/me.e2e-spec.ts index ad673f3d2..13503154c 100644 --- a/test/private-api/me.e2e-spec.ts +++ b/test/private-api/me.e2e-spec.ts @@ -28,11 +28,12 @@ describe('Me', () => { uploadPath = testSetup.configService.get('mediaConfig').backend.filesystem.uploadPath; - + const username = 'hardcoded'; + const password = 'AHardcodedStrongP@ssword123'; await testSetup.app.init(); - user = await testSetup.userService.createUser('hardcoded', 'Testy'); - await testSetup.identityService.createLocalIdentity(user, 'test'); + user = await testSetup.userService.createUser(username, 'Testy'); + await testSetup.identityService.createLocalIdentity(user, password); content = 'This is a test note.'; alias2 = 'note2'; @@ -41,7 +42,7 @@ describe('Me', () => { agent = request.agent(testSetup.app.getHttpServer()); await agent .post('/api/private/auth/local/login') - .send({ username: 'hardcoded', password: 'test' }) + .send({ username: username, password: password }) .expect(201); }); diff --git a/test/private-api/media.e2e-spec.ts b/test/private-api/media.e2e-spec.ts index 73b05d8d5..90ac75f99 100644 --- a/test/private-api/media.e2e-spec.ts +++ b/test/private-api/media.e2e-spec.ts @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file) + * SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file) * * SPDX-License-Identifier: AGPL-3.0-only */ @@ -20,6 +20,8 @@ describe('Media', () => { let user: User; beforeAll(async () => { + const username = 'hardcoded'; + const password = 'AHardcodedStrongP@ssword123'; testSetup = await TestSetupBuilder.create().build(); uploadPath = @@ -39,13 +41,13 @@ describe('Media', () => { null, 'test_upload_media', ); - user = await testSetup.userService.createUser('hardcoded', 'Testy'); - await testSetup.identityService.createLocalIdentity(user, 'test'); + user = await testSetup.userService.createUser(username, 'Testy'); + await testSetup.identityService.createLocalIdentity(user, password); agent = request.agent(testSetup.app.getHttpServer()); await agent .post('/api/private/auth/local/login') - .send({ username: 'hardcoded', password: 'test' }) + .send({ username: username, password: password }) .expect(201); }); diff --git a/test/private-api/notes.e2e-spec.ts b/test/private-api/notes.e2e-spec.ts index 1aafa74c6..365865642 100644 --- a/test/private-api/notes.e2e-spec.ts +++ b/test/private-api/notes.e2e-spec.ts @@ -31,21 +31,22 @@ describe('Notes', () => { testSetup.configService.get('mediaConfig').backend.filesystem.uploadPath; await testSetup.app.init(); + const username1 = 'hardcoded'; + const password1 = 'AHardcodedStrongP@ssword123'; + const username2 = 'hardcoded2'; + const password2 = 'AHardcodedStrongP@ssword12'; - user = await testSetup.userService.createUser('hardcoded', 'Testy'); - await testSetup.identityService.createLocalIdentity(user, 'test'); - user2 = await testSetup.userService.createUser( - 'hardcoded2', - 'Max Mustermann', - ); - await testSetup.identityService.createLocalIdentity(user2, 'test'); + user = await testSetup.userService.createUser(username1, 'Testy'); + await testSetup.identityService.createLocalIdentity(user, password1); + user2 = await testSetup.userService.createUser(username2, 'Max Mustermann'); + await testSetup.identityService.createLocalIdentity(user2, password2); content = 'This is a test note.'; testImage = await fs.readFile('test/public-api/fixtures/test.png'); agent = request.agent(testSetup.app.getHttpServer()); await agent .post('/api/private/auth/local/login') - .send({ username: 'hardcoded', password: 'test' }) + .send({ username: username1, password: password1 }) .expect(201); }); diff --git a/test/private-api/register-and-login.e2e-spec.ts b/test/private-api/register-and-login.e2e-spec.ts index 2cd705ae0..62e74bd6f 100644 --- a/test/private-api/register-and-login.e2e-spec.ts +++ b/test/private-api/register-and-login.e2e-spec.ts @@ -14,7 +14,7 @@ describe('Register and Login', () => { const USERNAME = 'testuser'; const DISPLAYNAME = 'A Test User'; - const PASSWORD = 'secure'; + const PASSWORD = 'AVerySecurePassword'; beforeEach(async () => { testSetup = await TestSetupBuilder.create().build(); @@ -103,6 +103,7 @@ describe('Register and Login', () => { password: PASSWORD, username: USERNAME, }; + const newPassword = 'ASecureNewPassword'; let session = request.agent(testSetup.app.getHttpServer()); await session .post('/api/private/auth/local/login') @@ -117,7 +118,7 @@ describe('Register and Login', () => { .send( JSON.stringify({ currentPassword: PASSWORD, - newPassword: 'newPassword', + newPassword: newPassword, }), ) .expect(200); @@ -129,7 +130,7 @@ describe('Register and Login', () => { await session.get('/api/private/me').expect(401); // login with new password - loginDto.password = 'newPassword'; + loginDto.password = newPassword; await session .post('/api/private/auth/local/login') .set('Content-Type', 'application/json') diff --git a/test/private-api/tokens.e2e-spec.ts b/test/private-api/tokens.e2e-spec.ts index 0f88b8678..cf9080924 100644 --- a/test/private-api/tokens.e2e-spec.ts +++ b/test/private-api/tokens.e2e-spec.ts @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file) + * SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file) * * SPDX-License-Identifier: AGPL-3.0-only */ @@ -17,15 +17,17 @@ describe('Tokens', () => { beforeAll(async () => { testSetup = await TestSetupBuilder.create().build(); + const username = 'hardcoded'; + const password = 'AHardcodedStrongP@ssword123'; - user = await testSetup.userService.createUser('hardcoded', 'Testy'); - await testSetup.identityService.createLocalIdentity(user, 'test'); + user = await testSetup.userService.createUser(username, 'Testy'); + await testSetup.identityService.createLocalIdentity(user, password); await testSetup.app.init(); agent = request.agent(testSetup.app.getHttpServer()); await agent .post('/api/private/auth/local/login') - .send({ username: 'hardcoded', password: 'test' }) + .send({ username: username, password: password }) .expect(201); }); diff --git a/test/test-setup.ts b/test/test-setup.ts index 6363fc61b..a11548b6c 100644 --- a/test/test-setup.ts +++ b/test/test-setup.ts @@ -320,27 +320,27 @@ export class TestSetupBuilder { this.setupPostCompile.push(async () => { // Create users this.testSetup.users.push( - await this.testSetup.userService.createUser('testuser1', 'Test User 1'), + await this.testSetup.userService.createUser(username1, 'Test User 1'), ); this.testSetup.users.push( - await this.testSetup.userService.createUser('testuser2', 'Test User 2'), + await this.testSetup.userService.createUser(username2, 'Test User 2'), ); this.testSetup.users.push( - await this.testSetup.userService.createUser('testuser3', 'Test User 3'), + await this.testSetup.userService.createUser(username3, 'Test User 3'), ); // Create identities for login await this.testSetup.identityService.createLocalIdentity( this.testSetup.users[0], - 'testuser1', + password1, ); await this.testSetup.identityService.createLocalIdentity( this.testSetup.users[1], - 'testuser2', + password2, ); await this.testSetup.identityService.createLocalIdentity( this.testSetup.users[2], - 'testuser3', + password3, ); // create auth tokens @@ -410,3 +410,10 @@ export class TestSetupBuilder { return this; } } + +export const username1 = 'testuser1'; +export const password1 = 'AStrongP@sswordForUser1'; +export const username2 = 'testuser2'; +export const password2 = 'AStrongP@sswordForUser2'; +export const username3 = 'testuser3'; +export const password3 = 'AStrongP@sswordForUser3';