overleaf/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetTokenHandlerTests.coffee

should = require('chai').should()
SandboxedModule = require('sandboxed-module')
assert = require('assert')
path = require('path')
sinon = require('sinon')
modulePath = path.join __dirname, "../../../../app/js/Features/PasswordReset/PasswordResetTokenHandler"
expect = require("chai").expect

describe "PasswordResetTokenHandler", ->

	beforeEach ->
		@user_id = "user id here"
		@stubbedToken = require("crypto").randomBytes(32)

		@settings = 
			redis:
				web:{}
		@redisMulti =
			set:sinon.stub()
			get:sinon.stub()
			del:sinon.stub()
			expire:sinon.stub()
			exec:sinon.stub()
		self = @
		@PasswordResetTokenHandler = SandboxedModule.require modulePath, requires:
			"redis-sharelatex" :
				createClient: =>
					auth:->
					multi: -> return self.redisMulti

			"settings-sharelatex":@settings
			"logger-sharelatex": log:->
			"crypto": randomBytes: () => @stubbedToken


	describe "getNewToken", ->

		it "should set a new token into redis with a ttl", (done)->
			@redisMulti.exec.callsArgWith(0) 
			@PasswordResetTokenHandler.getNewToken @user_id, (err, token) =>
				@redisMulti.set.calledWith("password_token:#{@stubbedToken.toString("hex")}", @user_id).should.equal true
				@redisMulti.expire.calledWith("password_token:#{@stubbedToken.toString("hex")}", 60 * 60).should.equal true
				done()

		it "should return if there was an error", (done)->
			@redisMulti.exec.callsArgWith(0, "error")
			@PasswordResetTokenHandler.getNewToken @user_id, (err, token)=>
				err.should.exist
				done()

		it "should allow the expiry time to be overridden", (done) ->
			@redisMulti.exec.callsArgWith(0) 
			@ttl = 42
			@PasswordResetTokenHandler.getNewToken @user_id, {expiresIn: @ttl}, (err, token) =>
				@redisMulti.expire.calledWith("password_token:#{@stubbedToken.toString("hex")}", @ttl).should.equal true
				done()

	describe "getUserIdFromTokenAndExpire", ->

		it "should get and delete the token", (done)->
			@redisMulti.exec.callsArgWith(0, null, [@user_id]) 
			@PasswordResetTokenHandler.getUserIdFromTokenAndExpire @stubbedToken, (err, user_id)=>
				user_id.should.equal @user_id
				@redisMulti.get.calledWith("password_token:#{@stubbedToken}").should.equal true
				@redisMulti.del.calledWith("password_token:#{@stubbedToken}").should.equal true
				done()
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`should = require('chai').should()`
			`SandboxedModule = require('sandboxed-module')`
			`assert = require('assert')`
			`path = require('path')`
			`sinon = require('sinon')`
renamed TokenGenerator to PasswordResetTokenHandler and added Expire to function name 2014-05-16 05:43:55 -04:00			`modulePath = path.join __dirname, "../../../../app/js/Features/PasswordReset/PasswordResetTokenHandler"`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`expect = require("chai").expect`

renamed TokenGenerator to PasswordResetTokenHandler and added Expire to function name 2014-05-16 05:43:55 -04:00			`describe "PasswordResetTokenHandler", ->`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00
			`beforeEach ->`
			`@user_id = "user id here"`
Use crypto.randomBytes 2014-05-16 05:52:31 -04:00			`@stubbedToken = require("crypto").randomBytes(32)`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00
			`@settings =`
			`redis:`
			`web:{}`
			`@redisMulti =`
			`set:sinon.stub()`
writen getUserIdFromToken 2014-05-15 12:20:42 -04:00			`get:sinon.stub()`
			`del:sinon.stub()`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`expire:sinon.stub()`
			`exec:sinon.stub()`
			`self = @`
renamed TokenGenerator to PasswordResetTokenHandler and added Expire to function name 2014-05-16 05:43:55 -04:00			`@PasswordResetTokenHandler = SandboxedModule.require modulePath, requires:`
fixed tests 2014-09-26 12:49:31 -04:00			`"redis-sharelatex" :`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`createClient: =>`
			`auth:->`
			`multi: -> return self.redisMulti`

			`"settings-sharelatex":@settings`
			`"logger-sharelatex": log:->`
Fix test that could never fail 2014-05-16 06:01:36 -04:00			`"crypto": randomBytes: () => @stubbedToken`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00

			`describe "getNewToken", ->`

			`it "should set a new token into redis with a ttl", (done)->`
			`@redisMulti.exec.callsArgWith(0)`
Fix test that could never fail 2014-05-16 06:01:36 -04:00			`@PasswordResetTokenHandler.getNewToken @user_id, (err, token) =>`
			`@redisMulti.set.calledWith("password_token:#{@stubbedToken.toString("hex")}", @user_id).should.equal true`
			`@redisMulti.expire.calledWith("password_token:#{@stubbedToken.toString("hex")}", 60 * 60).should.equal true`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`done()`

			`it "should return if there was an error", (done)->`
			`@redisMulti.exec.callsArgWith(0, "error")`
renamed TokenGenerator to PasswordResetTokenHandler and added Expire to function name 2014-05-16 05:43:55 -04:00			`@PasswordResetTokenHandler.getNewToken @user_id, (err, token)=>`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`err.should.exist`
			`done()`
writen getUserIdFromToken 2014-05-15 12:20:42 -04:00
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00			`it "should allow the expiry time to be overridden", (done) ->`
			`@redisMulti.exec.callsArgWith(0)`
			`@ttl = 42`
			`@PasswordResetTokenHandler.getNewToken @user_id, {expiresIn: @ttl}, (err, token) =>`
			`@redisMulti.expire.calledWith("password_token:#{@stubbedToken.toString("hex")}", @ttl).should.equal true`
			`done()`
writen getUserIdFromToken 2014-05-15 12:20:42 -04:00
renamed TokenGenerator to PasswordResetTokenHandler and added Expire to function name 2014-05-16 05:43:55 -04:00			`describe "getUserIdFromTokenAndExpire", ->`
writen getUserIdFromToken 2014-05-15 12:20:42 -04:00
			`it "should get and delete the token", (done)->`
			`@redisMulti.exec.callsArgWith(0, null, [@user_id])`
renamed TokenGenerator to PasswordResetTokenHandler and added Expire to function name 2014-05-16 05:43:55 -04:00			`@PasswordResetTokenHandler.getUserIdFromTokenAndExpire @stubbedToken, (err, user_id)=>`
writen getUserIdFromToken 2014-05-15 12:20:42 -04:00			`user_id.should.equal @user_id`
token based reset works 2014-05-15 12:58:25 -04:00			`@redisMulti.get.calledWith("password_token:#{@stubbedToken}").should.equal true`
			`@redisMulti.del.calledWith("password_token:#{@stubbedToken}").should.equal true`
writen getUserIdFromToken 2014-05-15 12:20:42 -04:00			`done()`