overleaf/services/web/test/unit/coffee/Security/OneTimeTokenHandlerTests.coffee

should = require('chai').should()
SandboxedModule = require('sandboxed-module')
assert = require('assert')
path = require('path')
sinon = require('sinon')
modulePath = path.join __dirname, "../../../../app/js/Features/Security/OneTimeTokenHandler"
expect = require("chai").expect
Errors = require "../../../../app/js/Features/Errors/Errors"
tk = require("timekeeper")

describe "OneTimeTokenHandler", ->
	beforeEach ->
		tk.freeze Date.now() # freeze the time for these tests
		@stubbedToken = "mock-token"
		@callback = sinon.stub()
		@OneTimeTokenHandler = SandboxedModule.require modulePath, requires:
			"settings-sharelatex":@settings
			"logger-sharelatex": log:->
			"crypto": randomBytes: () => @stubbedToken
			"../Errors/Errors": Errors
			"../../infrastructure/mongojs": db: @db = tokens: {}

	afterEach ->
		tk.reset()

	describe "getNewToken", ->
		beforeEach ->
			@db.tokens.insert = sinon.stub().yields()

		describe 'normally', ->
			beforeEach ->
				@OneTimeTokenHandler.getNewToken 'password', 'mock-data-to-store', @callback

			it "should insert a generated token with a 1 hour expiry", ->
				@db.tokens.insert
					.calledWith({
						use: 'password'
						token: @stubbedToken,
						createdAt: new Date(),
						expiresAt: new Date(Date.now() + 60 * 60 * 1000)
						data: 'mock-data-to-store'
					})
					.should.equal true

			it 'should call the callback with the token', ->
				@callback.calledWith(null, @stubbedToken).should.equal true

		describe 'with an optional expiresIn parameter', ->
			beforeEach ->
				@OneTimeTokenHandler.getNewToken 'password', 'mock-data-to-store', { expiresIn: 42 }, @callback

			it "should insert a generated token with a custom expiry", ->
				@db.tokens.insert
					.calledWith({
						use: 'password'
						token: @stubbedToken,
						createdAt: new Date(),
						expiresAt: new Date(Date.now() + 42 * 1000)
						data: 'mock-data-to-store'
					})
					.should.equal true

			it 'should call the callback with the token', ->
				@callback.calledWith(null, @stubbedToken).should.equal true

	describe "getValueFromTokenAndExpire", ->
		describe 'successfully', ->
			beforeEach ->
				@db.tokens.findAndModify = sinon.stub().yields(null, { data: 'mock-data' })
				@OneTimeTokenHandler.getValueFromTokenAndExpire 'password', 'mock-token', @callback

			it 'should expire the token', ->
				@db.tokens.findAndModify
					.calledWith({
						query: {
							use: 'password'
							token: 'mock-token',
							expiresAt: { $gt: new Date() },
							usedAt: { $exists: false }
						},
						update: {
							$set: { usedAt: new Date() }
						}
					})
					.should.equal true

			it 'should return the data', ->
				@callback.calledWith(null, 'mock-data').should.equal true

		describe 'when a valid token is not found', ->
			beforeEach ->
				@db.tokens.findAndModify = sinon.stub().yields(null, null)
				@OneTimeTokenHandler.getValueFromTokenAndExpire 'password', 'mock-token', @callback

			it 'should return a NotFoundError', ->
				@callback
					.calledWith(sinon.match.instanceOf(Errors.NotFoundError))
					.should.equal true
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`should = require('chai').should()`
			`SandboxedModule = require('sandboxed-module')`
			`assert = require('assert')`
			`path = require('path')`
			`sinon = require('sinon')`
make PasswordResetTokenHandler generic so it can be used for invites 2015-05-26 10:24:09 -04:00			`modulePath = path.join __dirname, "../../../../app/js/Features/Security/OneTimeTokenHandler"`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`expect = require("chai").expect`
Store OneTimeTokens in mongo rather than redis 2018-06-20 12:27:22 -04:00			`Errors = require "../../../../app/js/Features/Errors/Errors"`
			`tk = require("timekeeper")`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00
make PasswordResetTokenHandler generic so it can be used for invites 2015-05-26 10:24:09 -04:00			`describe "OneTimeTokenHandler", ->`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`beforeEach ->`
Store OneTimeTokens in mongo rather than redis 2018-06-20 12:27:22 -04:00			`tk.freeze Date.now() # freeze the time for these tests`
			`@stubbedToken = "mock-token"`
			`@callback = sinon.stub()`
make PasswordResetTokenHandler generic so it can be used for invites 2015-05-26 10:24:09 -04:00			`@OneTimeTokenHandler = SandboxedModule.require modulePath, requires:`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`"settings-sharelatex":@settings`
			`"logger-sharelatex": log:->`
Fix test that could never fail 2014-05-16 06:01:36 -04:00			`"crypto": randomBytes: () => @stubbedToken`
Store OneTimeTokens in mongo rather than redis 2018-06-20 12:27:22 -04:00			`"../Errors/Errors": Errors`
			`"../../infrastructure/mongojs": db: @db = tokens: {}`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00
Store OneTimeTokens in mongo rather than redis 2018-06-20 12:27:22 -04:00			`afterEach ->`
			`tk.reset()`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00
			`describe "getNewToken", ->`
Store OneTimeTokens in mongo rather than redis 2018-06-20 12:27:22 -04:00			`beforeEach ->`
			`@db.tokens.insert = sinon.stub().yields()`

			`describe 'normally', ->`
			`beforeEach ->`
			`@OneTimeTokenHandler.getNewToken 'password', 'mock-data-to-store', @callback`

			`it "should insert a generated token with a 1 hour expiry", ->`
			`@db.tokens.insert`
			`.calledWith({`
			`use: 'password'`
			`token: @stubbedToken,`
			`createdAt: new Date(),`
			`expiresAt: new Date(Date.now() + 60 * 60 * 1000)`
			`data: 'mock-data-to-store'`
			`})`
			`.should.equal true`

			`it 'should call the callback with the token', ->`
			`@callback.calledWith(null, @stubbedToken).should.equal true`

			`describe 'with an optional expiresIn parameter', ->`
			`beforeEach ->`
			`@OneTimeTokenHandler.getNewToken 'password', 'mock-data-to-store', { expiresIn: 42 }, @callback`

			`it "should insert a generated token with a custom expiry", ->`
			`@db.tokens.insert`
			`.calledWith({`
			`use: 'password'`
			`token: @stubbedToken,`
			`createdAt: new Date(),`
			`expiresAt: new Date(Date.now() + 42 * 1000)`
			`data: 'mock-data-to-store'`
			`})`
			`.should.equal true`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00
Store OneTimeTokens in mongo rather than redis 2018-06-20 12:27:22 -04:00			`it 'should call the callback with the token', ->`
			`@callback.calledWith(null, @stubbedToken).should.equal true`
writen getUserIdFromToken 2014-05-15 12:20:42 -04:00
make PasswordResetTokenHandler generic so it can be used for invites 2015-05-26 10:24:09 -04:00			`describe "getValueFromTokenAndExpire", ->`
Store OneTimeTokens in mongo rather than redis 2018-06-20 12:27:22 -04:00			`describe 'successfully', ->`
			`beforeEach ->`
			`@db.tokens.findAndModify = sinon.stub().yields(null, { data: 'mock-data' })`
			`@OneTimeTokenHandler.getValueFromTokenAndExpire 'password', 'mock-token', @callback`

			`it 'should expire the token', ->`
			`@db.tokens.findAndModify`
			`.calledWith({`
			`query: {`
			`use: 'password'`
			`token: 'mock-token',`
			`expiresAt: { $gt: new Date() },`
			`usedAt: { $exists: false }`
			`},`
			`update: {`
			`$set: { usedAt: new Date() }`
			`}`
			`})`
			`.should.equal true`

			`it 'should return the data', ->`
			`@callback.calledWith(null, 'mock-data').should.equal true`

			`describe 'when a valid token is not found', ->`
			`beforeEach ->`
			`@db.tokens.findAndModify = sinon.stub().yields(null, null)`
			`@OneTimeTokenHandler.getValueFromTokenAndExpire 'password', 'mock-token', @callback`

			`it 'should return a NotFoundError', ->`
			`@callback`
			`.calledWith(sinon.match.instanceOf(Errors.NotFoundError))`
			`.should.equal true`


writen getUserIdFromToken 2014-05-15 12:20:42 -04:00