overleaf/services/web/test/UnitTests/coffee/PasswordReset/PasswordResetControllerTests.coffee

should = require('chai').should()
SandboxedModule = require('sandboxed-module')
assert = require('assert')
path = require('path')
sinon = require('sinon')
modulePath = path.join __dirname, "../../../../app/js/Features/PasswordReset/PasswordResetController"
expect = require("chai").expect

describe "PasswordResetController", ->

	beforeEach ->

		@settings = {}
		@PasswordResetHandler =
			generateAndEmailResetToken:sinon.stub()
			setNewUserPassword:sinon.stub()
		@RateLimiter = 
			addCount: sinon.stub()
		@PasswordResetController = SandboxedModule.require modulePath, requires:
			"settings-sharelatex":@settings
			"./PasswordResetHandler":@PasswordResetHandler
			"logger-sharelatex": log:->
			"../../infrastructure/RateLimiter":@RateLimiter

		@email = "bob@bob.com "
		@token = "my security token that was emailed to me"
		@password = "my new password"
		@req =
			body:
				email:@email
				passwordResetToken:@token
				password:@password

		@res = {}


	describe "requestReset", ->

		it "should error if the rate limit is hit", (done)->
			@PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1)
			@RateLimiter.addCount.callsArgWith(1, null, false)
			@res.send = (code)=>
				code.should.equal 500
				@PasswordResetHandler.generateAndEmailResetToken.calledWith(@email.trim()).should.equal false
				done()
			@PasswordResetController.requestReset @req, @res


		it "should tell the handler to process that email", (done)->
			@RateLimiter.addCount.callsArgWith(1, null, true)
			@PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1)
			@res.send = (code)=>
				code.should.equal 200
				@PasswordResetHandler.generateAndEmailResetToken.calledWith(@email.trim()).should.equal true
				done()
			@PasswordResetController.requestReset @req, @res

		it "should send a 500 if there is an error", (done)->
			@RateLimiter.addCount.callsArgWith(1, null, true)
			@PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1, "error")
			@res.send = (code)=>
				code.should.equal 500
				done()
			@PasswordResetController.requestReset @req, @res

	describe "setNewUserPassword", ->

		it "should tell the user handler to reset the password", (done)->
			@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
			@res.send = (code)=>
				code.should.equal 200
				@PasswordResetHandler.setNewUserPassword.calledWith(@token, @password).should.equal true
				done()
			@PasswordResetController.setNewUserPassword @req, @res

		it "should send a 500 if there is an error", (done)->
			@PasswordResetHandler.setNewUserPassword.callsArgWith(2, "error")
			@res.send = (code)=>
				code.should.equal 500
				done()
			@PasswordResetController.setNewUserPassword @req, @res

		it "should error if there is no password", (done)->
			@req.body.password = ""
			@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
			@res.send = (code)=>
				code.should.equal 500
				@PasswordResetHandler.setNewUserPassword.called.should.equal false
				done()
			@PasswordResetController.setNewUserPassword @req, @res

		it "should error if there is no password", (done)->
			@req.body.passwordResetToken = ""
			@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
			@res.send = (code)=>
				code.should.equal 500
				@PasswordResetHandler.setNewUserPassword.called.should.equal false
				done()
			@PasswordResetController.setNewUserPassword @req, @res
written password reset handler 2014-05-15 11:20:23 -04:00			`should = require('chai').should()`
			`SandboxedModule = require('sandboxed-module')`
			`assert = require('assert')`
			`path = require('path')`
			`sinon = require('sinon')`
			`modulePath = path.join __dirname, "../../../../app/js/Features/PasswordReset/PasswordResetController"`
			`expect = require("chai").expect`

			`describe "PasswordResetController", ->`

			`beforeEach ->`

			`@settings = {}`
written password reset controller 2014-05-15 11:50:38 -04:00			`@PasswordResetHandler =`
			`generateAndEmailResetToken:sinon.stub()`
			`setNewUserPassword:sinon.stub()`
added rate limiting to password reset endpoint 2014-05-16 05:31:33 -04:00			`@RateLimiter =`
			`addCount: sinon.stub()`
written password reset handler 2014-05-15 11:20:23 -04:00			`@PasswordResetController = SandboxedModule.require modulePath, requires:`
			`"settings-sharelatex":@settings`
written password reset controller 2014-05-15 11:50:38 -04:00			`"./PasswordResetHandler":@PasswordResetHandler`
written password reset handler 2014-05-15 11:20:23 -04:00			`"logger-sharelatex": log:->`
added rate limiting to password reset endpoint 2014-05-16 05:31:33 -04:00			`"../../infrastructure/RateLimiter":@RateLimiter`
written password reset handler 2014-05-15 11:20:23 -04:00
written password reset controller 2014-05-15 11:50:38 -04:00			`@email = "bob@bob.com "`
			`@token = "my security token that was emailed to me"`
			`@password = "my new password"`
			`@req =`
			`body:`
			`email:@email`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`passwordResetToken:@token`
written password reset controller 2014-05-15 11:50:38 -04:00			`password:@password`
written password reset handler 2014-05-15 11:20:23 -04:00
added rate limiting to password reset endpoint 2014-05-16 05:31:33 -04:00			`@res = {}`
written password reset handler 2014-05-15 11:20:23 -04:00

written password reset controller 2014-05-15 11:50:38 -04:00			`describe "requestReset", ->`
written password reset handler 2014-05-15 11:20:23 -04:00
added rate limiting to password reset endpoint 2014-05-16 05:31:33 -04:00			`it "should error if the rate limit is hit", (done)->`
			`@PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1)`
			`@RateLimiter.addCount.callsArgWith(1, null, false)`
			`@res.send = (code)=>`
			`code.should.equal 500`
			`@PasswordResetHandler.generateAndEmailResetToken.calledWith(@email.trim()).should.equal false`
			`done()`
			`@PasswordResetController.requestReset @req, @res`


written password reset controller 2014-05-15 11:50:38 -04:00			`it "should tell the handler to process that email", (done)->`
added rate limiting to password reset endpoint 2014-05-16 05:31:33 -04:00			`@RateLimiter.addCount.callsArgWith(1, null, true)`
written password reset controller 2014-05-15 11:50:38 -04:00			`@PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1)`
			`@res.send = (code)=>`
			`code.should.equal 200`
			`@PasswordResetHandler.generateAndEmailResetToken.calledWith(@email.trim()).should.equal true`
			`done()`
			`@PasswordResetController.requestReset @req, @res`
written password reset handler 2014-05-15 11:20:23 -04:00
written password reset controller 2014-05-15 11:50:38 -04:00			`it "should send a 500 if there is an error", (done)->`
added rate limiting to password reset endpoint 2014-05-16 05:31:33 -04:00			`@RateLimiter.addCount.callsArgWith(1, null, true)`
written password reset controller 2014-05-15 11:50:38 -04:00			`@PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1, "error")`
			`@res.send = (code)=>`
			`code.should.equal 500`
			`done()`
			`@PasswordResetController.requestReset @req, @res`

			`describe "setNewUserPassword", ->`

			`it "should tell the user handler to reset the password", (done)->`
			`@PasswordResetHandler.setNewUserPassword.callsArgWith(2)`
			`@res.send = (code)=>`
			`code.should.equal 200`
			`@PasswordResetHandler.setNewUserPassword.calledWith(@token, @password).should.equal true`
			`done()`
			`@PasswordResetController.setNewUserPassword @req, @res`

			`it "should send a 500 if there is an error", (done)->`
			`@PasswordResetHandler.setNewUserPassword.callsArgWith(2, "error")`
			`@res.send = (code)=>`
			`code.should.equal 500`
			`done()`
			`@PasswordResetController.setNewUserPassword @req, @res`

			`it "should error if there is no password", (done)->`
			`@req.body.password = ""`
			`@PasswordResetHandler.setNewUserPassword.callsArgWith(2)`
			`@res.send = (code)=>`
			`code.should.equal 500`
			`@PasswordResetHandler.setNewUserPassword.called.should.equal false`
			`done()`
			`@PasswordResetController.setNewUserPassword @req, @res`

			`it "should error if there is no password", (done)->`
added the token generator and its getNewToken function 2014-05-15 12:16:20 -04:00			`@req.body.passwordResetToken = ""`
written password reset controller 2014-05-15 11:50:38 -04:00			`@PasswordResetHandler.setNewUserPassword.callsArgWith(2)`
			`@res.send = (code)=>`
			`code.should.equal 500`
			`@PasswordResetHandler.setNewUserPassword.called.should.equal false`
			`done()`
			`@PasswordResetController.setNewUserPassword @req, @res`

written password reset handler 2014-05-15 11:20:23 -04:00