Add E2E tests for login and registration

Signed-off-by: David Mehren <git@herrmehren.de>
2024-11-26 11:43:59 -05:00 · 2021-10-21 19:51:42 +02:00 · 2021-10-21 19:51:42 +02:00 · ef2e90da20
commit ef2e90da20
parent 5a16047f50
1 changed files with 139 additions and 0 deletions
--- a/test/private-api/register-and-login.e2e-spec.ts
+++ b/test/private-api/register-and-login.e2e-spec.ts
@ -0,0 +1,139 @@
+/*
+ * SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+import request from 'supertest';
+
+import { LoginDto } from '../../src/identity/local/login.dto';
+import { RegisterDto } from '../../src/identity/local/register.dto';
+import { TestSetup } from '../test-setup';
+
+describe('Register and Login', () => {
+  let testSetup: TestSetup;
+
+  const USERNAME = 'testuser';
+  const DISPLAYNAME = 'A Test User';
+  const PASSWORD = 'secure';
+
+  beforeEach(async () => {
+    testSetup = await TestSetup.create();
+    await testSetup.app.init();
+  });
+
+  afterEach(async () => {
+    await testSetup.app.close();
+  });
+
+  test('a user can successfully create a local account and log in', async () => {
+    // register a new user
+    const registrationDto: RegisterDto = {
+      displayname: DISPLAYNAME,
+      password: PASSWORD,
+      username: USERNAME,
+    };
+    await request(testSetup.app.getHttpServer())
+      .post('/api/private/auth/local')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify(registrationDto))
+      .expect(201);
+
+    // log in with the new user and create a session
+    const loginDto: LoginDto = {
+      password: PASSWORD,
+      username: USERNAME,
+    };
+    const session = request.agent(testSetup.app.getHttpServer());
+    await session
+      .post('/api/private/auth/local/login')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify(loginDto))
+      .expect(201);
+
+    // request user profile
+    const profile = await session.get('/api/private/me').expect(200);
+    expect(profile.body.username).toEqual(USERNAME);
+    expect(profile.body.displayName).toEqual(DISPLAYNAME);
+
+    // logout again
+    await session.delete('/api/private/auth/logout').expect(200);
+
+    // not allowed to request profile now
+    await session.get('/api/private/me').expect(401);
+  });
+
+  test('a username cannot be used twice', async () => {
+    // register a new user
+    const registrationDto: RegisterDto = {
+      displayname: DISPLAYNAME,
+      password: PASSWORD,
+      username: USERNAME,
+    };
+    await request(testSetup.app.getHttpServer())
+      .post('/api/private/auth/local')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify(registrationDto))
+      .expect(201);
+
+    // try to use the same username again
+    await request(testSetup.app.getHttpServer())
+      .post('/api/private/auth/local')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify(registrationDto))
+      .expect(409);
+  });
+
+  test('a user can create a local account and change the password', async () => {
+    // register a new user
+    const registrationDto: RegisterDto = {
+      displayname: DISPLAYNAME,
+      password: PASSWORD,
+      username: USERNAME,
+    };
+    await request(testSetup.app.getHttpServer())
+      .post('/api/private/auth/local')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify(registrationDto))
+      .expect(201);
+
+    // log in with the new user and create a session
+    const loginDto: LoginDto = {
+      password: PASSWORD,
+      username: USERNAME,
+    };
+    let session = request.agent(testSetup.app.getHttpServer());
+    await session
+      .post('/api/private/auth/local/login')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify(loginDto))
+      .expect(201);
+
+    // change the password
+    await session
+      .put('/api/private/auth/local')
+      .set('Content-Type', 'application/json')
+      .send(
+        JSON.stringify({
+          newPassword: 'newPassword',
+        }),
+      )
+      .expect(200);
+
+    // get new session
+    session = request.agent(testSetup.app.getHttpServer());
+
+    // not allowed to request profile now
+    await session.get('/api/private/me').expect(401);
+
+    // login with new password
+    loginDto.password = 'newPassword';
+    await session
+      .post('/api/private/auth/local/login')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify(loginDto))
+      .expect(201);
+
+    // allowed to request profile now
+    await session.get('/api/private/me').expect(200);
+  });
+});