2014-05-15 11:20:23 -04:00
|
|
|
should = require('chai').should()
|
|
|
|
SandboxedModule = require('sandboxed-module')
|
|
|
|
assert = require('assert')
|
|
|
|
path = require('path')
|
|
|
|
sinon = require('sinon')
|
|
|
|
modulePath = path.join __dirname, "../../../../app/js/Features/PasswordReset/PasswordResetController"
|
|
|
|
expect = require("chai").expect
|
|
|
|
|
|
|
|
describe "PasswordResetController", ->
|
|
|
|
|
|
|
|
beforeEach ->
|
|
|
|
|
|
|
|
@settings = {}
|
2014-05-15 11:50:38 -04:00
|
|
|
@PasswordResetHandler =
|
|
|
|
generateAndEmailResetToken:sinon.stub()
|
|
|
|
setNewUserPassword:sinon.stub()
|
2014-05-16 05:31:33 -04:00
|
|
|
@RateLimiter =
|
|
|
|
addCount: sinon.stub()
|
2014-05-15 11:20:23 -04:00
|
|
|
@PasswordResetController = SandboxedModule.require modulePath, requires:
|
|
|
|
"settings-sharelatex":@settings
|
2014-05-15 11:50:38 -04:00
|
|
|
"./PasswordResetHandler":@PasswordResetHandler
|
2014-05-15 11:20:23 -04:00
|
|
|
"logger-sharelatex": log:->
|
2014-05-16 05:31:33 -04:00
|
|
|
"../../infrastructure/RateLimiter":@RateLimiter
|
2014-05-15 11:20:23 -04:00
|
|
|
|
2014-05-15 11:50:38 -04:00
|
|
|
@email = "bob@bob.com "
|
|
|
|
@token = "my security token that was emailed to me"
|
|
|
|
@password = "my new password"
|
|
|
|
@req =
|
|
|
|
body:
|
|
|
|
email:@email
|
2014-05-15 12:16:20 -04:00
|
|
|
passwordResetToken:@token
|
2014-05-15 11:50:38 -04:00
|
|
|
password:@password
|
2014-08-01 09:03:38 -04:00
|
|
|
i18n:
|
|
|
|
translate:->
|
2014-05-15 11:20:23 -04:00
|
|
|
|
2014-05-16 05:31:33 -04:00
|
|
|
@res = {}
|
2014-05-15 11:20:23 -04:00
|
|
|
|
|
|
|
|
2014-05-15 11:50:38 -04:00
|
|
|
describe "requestReset", ->
|
2014-05-15 11:20:23 -04:00
|
|
|
|
2014-05-16 05:31:33 -04:00
|
|
|
it "should error if the rate limit is hit", (done)->
|
2014-08-08 06:41:54 -04:00
|
|
|
@PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1, null, true)
|
2014-05-16 05:31:33 -04:00
|
|
|
@RateLimiter.addCount.callsArgWith(1, null, false)
|
|
|
|
@res.send = (code)=>
|
|
|
|
code.should.equal 500
|
|
|
|
@PasswordResetHandler.generateAndEmailResetToken.calledWith(@email.trim()).should.equal false
|
|
|
|
done()
|
|
|
|
@PasswordResetController.requestReset @req, @res
|
|
|
|
|
|
|
|
|
2014-05-15 11:50:38 -04:00
|
|
|
it "should tell the handler to process that email", (done)->
|
2014-05-16 05:31:33 -04:00
|
|
|
@RateLimiter.addCount.callsArgWith(1, null, true)
|
2014-08-08 06:41:54 -04:00
|
|
|
@PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1, null, true)
|
2015-07-08 11:56:38 -04:00
|
|
|
@res.sendStatus = (code)=>
|
2014-05-15 11:50:38 -04:00
|
|
|
code.should.equal 200
|
|
|
|
@PasswordResetHandler.generateAndEmailResetToken.calledWith(@email.trim()).should.equal true
|
|
|
|
done()
|
|
|
|
@PasswordResetController.requestReset @req, @res
|
2014-05-15 11:20:23 -04:00
|
|
|
|
2014-05-15 11:50:38 -04:00
|
|
|
it "should send a 500 if there is an error", (done)->
|
2014-05-16 05:31:33 -04:00
|
|
|
@RateLimiter.addCount.callsArgWith(1, null, true)
|
2014-05-15 11:50:38 -04:00
|
|
|
@PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1, "error")
|
|
|
|
@res.send = (code)=>
|
|
|
|
code.should.equal 500
|
|
|
|
done()
|
|
|
|
@PasswordResetController.requestReset @req, @res
|
|
|
|
|
2014-08-08 06:41:54 -04:00
|
|
|
it "should send a 404 if the email doesn't exist", (done)->
|
|
|
|
@RateLimiter.addCount.callsArgWith(1, null, true)
|
|
|
|
@PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1, null, false)
|
|
|
|
@res.send = (code)=>
|
|
|
|
code.should.equal 404
|
|
|
|
done()
|
|
|
|
@PasswordResetController.requestReset @req, @res
|
|
|
|
|
2014-06-10 12:54:29 -04:00
|
|
|
it "should lowercase the email address", (done)->
|
|
|
|
@email = "UPerCaseEMAIL@example.Com"
|
|
|
|
@req.body.email = @email
|
|
|
|
@RateLimiter.addCount.callsArgWith(1, null, true)
|
2014-08-08 06:41:54 -04:00
|
|
|
@PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1, null, true)
|
2015-07-08 11:56:38 -04:00
|
|
|
@res.sendStatus = (code)=>
|
2014-06-10 12:54:29 -04:00
|
|
|
code.should.equal 200
|
|
|
|
@PasswordResetHandler.generateAndEmailResetToken.calledWith(@email.toLowerCase()).should.equal true
|
|
|
|
done()
|
|
|
|
@PasswordResetController.requestReset @req, @res
|
|
|
|
|
2014-05-15 11:50:38 -04:00
|
|
|
describe "setNewUserPassword", ->
|
|
|
|
|
|
|
|
it "should tell the user handler to reset the password", (done)->
|
2014-10-08 12:18:24 -04:00
|
|
|
@PasswordResetHandler.setNewUserPassword.callsArgWith(2, null, true)
|
2015-07-08 11:56:38 -04:00
|
|
|
@res.sendStatus = (code)=>
|
2014-05-15 11:50:38 -04:00
|
|
|
code.should.equal 200
|
|
|
|
@PasswordResetHandler.setNewUserPassword.calledWith(@token, @password).should.equal true
|
|
|
|
done()
|
|
|
|
@PasswordResetController.setNewUserPassword @req, @res
|
|
|
|
|
2014-10-08 12:18:24 -04:00
|
|
|
it "should send 404 if the token didn't work", (done)->
|
|
|
|
@PasswordResetHandler.setNewUserPassword.callsArgWith(2, null, false)
|
2014-05-15 11:50:38 -04:00
|
|
|
@res.send = (code)=>
|
2014-10-08 12:18:24 -04:00
|
|
|
code.should.equal 404
|
2014-05-15 11:50:38 -04:00
|
|
|
done()
|
|
|
|
@PasswordResetController.setNewUserPassword @req, @res
|
|
|
|
|
2014-10-08 12:18:24 -04:00
|
|
|
it "should return 400 (Bad Request) if there is no password", (done)->
|
2014-05-15 11:50:38 -04:00
|
|
|
@req.body.password = ""
|
|
|
|
@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
|
2015-07-08 11:56:38 -04:00
|
|
|
@res.sendStatus = (code)=>
|
2014-10-08 12:18:24 -04:00
|
|
|
code.should.equal 400
|
2014-05-15 11:50:38 -04:00
|
|
|
@PasswordResetHandler.setNewUserPassword.called.should.equal false
|
|
|
|
done()
|
|
|
|
@PasswordResetController.setNewUserPassword @req, @res
|
|
|
|
|
2014-10-08 12:18:24 -04:00
|
|
|
it "should return 400 (Bad Request) if there is no passwordResetToken", (done)->
|
2014-05-15 12:16:20 -04:00
|
|
|
@req.body.passwordResetToken = ""
|
2014-05-15 11:50:38 -04:00
|
|
|
@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
|
2015-07-08 11:56:38 -04:00
|
|
|
@res.sendStatus = (code)=>
|
2014-10-08 12:18:24 -04:00
|
|
|
code.should.equal 400
|
2014-05-15 11:50:38 -04:00
|
|
|
@PasswordResetHandler.setNewUserPassword.called.should.equal false
|
|
|
|
done()
|
|
|
|
@PasswordResetController.setNewUserPassword @req, @res
|
|
|
|
|
2014-05-15 11:20:23 -04:00
|
|
|
|
|
|
|
|