Commit graph

8 commits

Author SHA1 Message Date
Philip Molares
3ba9f95f83 test: fix test and use stronger passwords
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-10-03 10:36:46 +02:00
David Mehren
9c6d3d9dab test: test don't need to set up sessions by themselves
The setup is handled inside TestSetupBuilder.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 22:24:21 +01:00
David Mehren
552cb05d92 refactor(api/private/tokens): validate POST data with DTO
This adds a `AuthTokenCreateDto` which allows
to fully validate incoming JSON data.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 22:24:21 +01:00
David Mehren
a6734cc58f test: ensure testSetup.cleanup is called
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 22:24:21 +01:00
David Mehren
d1dbd1bb22 feat(test-setup): restructure to synchronous builder
The previous pattern used async methods for the builder pattern,
which were hideous to use when chained multiple times.

This extracts the builder into a separate class
and uses normal functions in the builder.
These queue async functions in arrays, which are executed
at the correct time, when the new async `build` function is called.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
b0e2987987
refactor(auth-token): rename lastUsed to lastUsedAt
This is part of an effort to name all date attributes
consistently.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 21:52:15 +01:00
David Mehren
b4a65b47f0
fix(auth): use sha-512 for auth tokens
Bcrypt hashes are too slow to be validated on every request.
As our tokens are random and have a fixed length, it is reasonable
to use SHA-512 instead.

SHA-512 is recommended as cryptographically strong by the BSI:
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile

Fixes https://github.com/hedgedoc/hedgedoc/issues/1881

Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-09 23:04:00 +01:00
David Mehren
1cc797f13d
Separate private and public API in TestSetup
Including both PublicApiModule and PrivateApiModule in the test setup
lead to the API routes overwriting each other.
This adds a router to separate the APIs as they are in the normal app.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-15 16:44:43 +02:00
Renamed from test/public-api/tokens.e2e-spec.ts (Browse further)