test(backend): add regression test for issue #3135

When a PasswordTooWeakError is encountered the newly created user should be removed again. This should prevent registration error from "burning" usernames for further use. Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-11-25 03:06:31 -05:00 · 2023-01-08 15:15:56 +01:00 · 2023-01-08 15:15:56 +01:00 · 8ee2d809c7
commit 8ee2d809c7
parent 47d1765b12
1 changed files with 163 additions and 129 deletions
--- a/backend/test/private-api/auth.e2e-spec.ts
+++ b/backend/test/private-api/auth.e2e-spec.ts
@ -10,6 +10,7 @@
 */
 import request from 'supertest';

+import { NotInDBError } from '../../src/errors/errors';
 import { LoginDto } from '../../src/identity/local/login.dto';
 import { RegisterDto } from '../../src/identity/local/register.dto';
 import { UpdatePasswordDto } from '../../src/identity/local/update-password.dto';
@ -65,6 +66,7 @@ describe('Auth', () => {
          (await newUser.identities)[0].passwordHash ?? '',
        ),
      ).resolves.toBeTruthy();
+      await testSetup.userService.deleteUser(newUser);
    });
    describe('fails', () => {
      it('when the user already exits', async () => {
@ -96,8 +98,39 @@ describe('Auth', () => {
        testSetup.configService.get('authConfig').local.enableRegister = true;
      });
    });
+    it('correctly deletes a user if the PasswordTooWeakError is encountered', async () => {
+      const registrationDto: RegisterDto = {
+        displayName: displayName,
+        password: 'test1234',
+        username: username,
+      };
+      const response = await request(testSetup.app.getHttpServer())
+        .post('/api/private/auth/local')
+        .set('Content-Type', 'application/json')
+        .send(JSON.stringify(registrationDto))
+        .expect(400);
+      expect(response.text).toContain('PasswordTooWeakError');
+      await expect(() =>
+        testSetup.userService.getUserByUsername(username, [
+          UserRelationEnum.IDENTITIES,
+        ]),
+      ).rejects.toThrow(NotInDBError);
+    });
  });

+  describe('Already existing user', () => {
+    beforeAll(async () => {
+      const registrationDto: RegisterDto = {
+        displayName: displayName,
+        password: password,
+        username: username,
+      };
+      await request(testSetup.app.getHttpServer())
+        .post('/api/private/auth/local')
+        .set('Content-Type', 'application/json')
+        .send(JSON.stringify(registrationDto))
+        .expect(201);
+    });
    describe('PUT /auth/local', () => {
      const newPassword = 'new_password';
      let cookie = '';
@ -244,3 +277,4 @@ describe('Auth', () => {
      });
    });
  });
+});