mirror of
https://github.com/overleaf/overleaf.git
synced 2024-09-23 02:55:13 -04:00
7eee20f914
Update audit log when password updated GitOrigin-RevId: 3228e39e8a3682d6e77264cd6ee580f3fc40642a
133 lines
4.5 KiB
JavaScript
133 lines
4.5 KiB
JavaScript
const { expect } = require('chai')
|
|
const RateLimiter = require('../../../app/src/infrastructure/RateLimiter')
|
|
const UserHelper = require('./helpers/UserHelper')
|
|
|
|
describe('PasswordUpdate', function() {
|
|
let email, password, response, user, userHelper
|
|
afterEach(async function() {
|
|
await RateLimiter.promises.clearRateLimit(
|
|
'password_reset_rate_limit',
|
|
'127.0.0.1'
|
|
)
|
|
})
|
|
beforeEach(async function() {
|
|
userHelper = new UserHelper()
|
|
email = userHelper.getDefaultEmail()
|
|
password = 'old-password'
|
|
userHelper = await UserHelper.createUser({ email, password })
|
|
userHelper = await UserHelper.loginUser({
|
|
email,
|
|
password
|
|
})
|
|
await userHelper.getCsrfToken()
|
|
})
|
|
describe('success', function() {
|
|
beforeEach(async function() {
|
|
response = await userHelper.request.post('/user/password/update', {
|
|
form: {
|
|
currentPassword: password,
|
|
newPassword1: 'new-password',
|
|
newPassword2: 'new-password'
|
|
},
|
|
simple: false
|
|
})
|
|
user = (await UserHelper.getUser({ email })).user
|
|
})
|
|
it('should return 200', async function() {
|
|
expect(response.statusCode).to.equal(200)
|
|
})
|
|
it('should update the audit log', function() {
|
|
expect(user.auditLog[0]).to.exist
|
|
expect(typeof user.auditLog[0].initiatorId).to.equal('object')
|
|
expect(user.auditLog[0].initiatorId).to.deep.equal(user._id)
|
|
expect(user.auditLog[0].operation).to.equal('update-password')
|
|
expect(user.auditLog[0].ipAddress).to.equal('127.0.0.1')
|
|
expect(user.auditLog[0].timestamp).to.exist
|
|
})
|
|
})
|
|
describe('errors', function() {
|
|
describe('missing current password', function() {
|
|
beforeEach(async function() {
|
|
response = await userHelper.request.post('/user/password/update', {
|
|
form: {
|
|
newPassword1: 'new-password',
|
|
newPassword2: 'new-password'
|
|
},
|
|
simple: false
|
|
})
|
|
user = (await UserHelper.getUser({ email })).user
|
|
})
|
|
it('should return 500', async function() {
|
|
expect(response.statusCode).to.equal(500)
|
|
})
|
|
it('should not update audit log', async function() {
|
|
expect(user.auditLog[0]).to.not.exist
|
|
})
|
|
})
|
|
describe('wrong current password', function() {
|
|
beforeEach(async function() {
|
|
response = await userHelper.request.post('/user/password/update', {
|
|
form: {
|
|
currentPassword: 'wrong-password',
|
|
newPassword1: 'new-password',
|
|
newPassword2: 'new-password'
|
|
},
|
|
simple: false
|
|
})
|
|
user = (await UserHelper.getUser({ email })).user
|
|
})
|
|
it('should return 400', async function() {
|
|
expect(response.statusCode).to.equal(400)
|
|
})
|
|
it('should not update audit log', async function() {
|
|
expect(user.auditLog[0]).to.not.exist
|
|
})
|
|
})
|
|
describe('newPassword1 does not match newPassword2', function() {
|
|
beforeEach(async function() {
|
|
response = await userHelper.request.post('/user/password/update', {
|
|
form: {
|
|
currentPassword: password,
|
|
newPassword1: 'new-password',
|
|
newPassword2: 'oops-password'
|
|
},
|
|
json: true,
|
|
simple: false
|
|
})
|
|
user = (await UserHelper.getUser({ email })).user
|
|
})
|
|
it('should return 400', async function() {
|
|
expect(response.statusCode).to.equal(400)
|
|
})
|
|
it('should return error message', async function() {
|
|
expect(response.body.message).to.equal('Passwords do not match')
|
|
})
|
|
it('should not update audit log', async function() {
|
|
expect(user.auditLog[0]).to.not.exist
|
|
})
|
|
})
|
|
describe('new password is not valid', function() {
|
|
beforeEach(async function() {
|
|
response = await userHelper.request.post('/user/password/update', {
|
|
form: {
|
|
currentPassword: password,
|
|
newPassword1: 'short',
|
|
newPassword2: 'short'
|
|
},
|
|
json: true,
|
|
simple: false
|
|
})
|
|
user = (await UserHelper.getUser({ email })).user
|
|
})
|
|
it('should return 400', async function() {
|
|
expect(response.statusCode).to.equal(400)
|
|
})
|
|
it('should return error message', async function() {
|
|
expect(response.body.message).to.equal('password is too short')
|
|
})
|
|
it('should not update audit log', async function() {
|
|
expect(user.auditLog[0]).to.not.exist
|
|
})
|
|
})
|
|
})
|
|
})
|