mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-29 21:23:45 -05:00
1be43911b4
Set Prettier's "trailingComma" setting to "es5" GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5
74 lines
2 KiB
JavaScript
74 lines
2 KiB
JavaScript
const { expect } = require('chai')
|
|
const { ObjectId } = require('mongodb')
|
|
const User = require('./helpers/User').promises
|
|
|
|
describe('Authentication', function () {
|
|
let user
|
|
beforeEach('init vars', function () {
|
|
user = new User()
|
|
})
|
|
|
|
describe('CSRF regeneration on login', function () {
|
|
it('should prevent use of csrf token from before login', function (done) {
|
|
user.logout(err => {
|
|
if (err) {
|
|
return done(err)
|
|
}
|
|
user.getCsrfToken(err => {
|
|
if (err) {
|
|
return done(err)
|
|
}
|
|
const oldToken = user.csrfToken
|
|
user.login(err => {
|
|
if (err) {
|
|
return done(err)
|
|
}
|
|
expect(oldToken === user.csrfToken).to.equal(false)
|
|
user.request.post(
|
|
{
|
|
headers: {
|
|
'x-csrf-token': oldToken,
|
|
},
|
|
url: '/project/new',
|
|
json: { projectName: 'test' },
|
|
},
|
|
(err, response, body) => {
|
|
expect(err).to.not.exist
|
|
expect(response.statusCode).to.equal(403)
|
|
expect(body).to.equal('Forbidden')
|
|
done()
|
|
}
|
|
)
|
|
})
|
|
})
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('login', function () {
|
|
beforeEach('doLogin', async function () {
|
|
await user.login()
|
|
})
|
|
|
|
it('should log the user in', async function () {
|
|
const {
|
|
response: { statusCode },
|
|
} = await user.doRequest('GET', '/project')
|
|
expect(statusCode).to.equal(200)
|
|
})
|
|
|
|
it('should emit an user auditLog entry for the login', async function () {
|
|
const {
|
|
auditLog: [auditLogEntry],
|
|
} = await user.get()
|
|
expect(auditLogEntry).to.exist
|
|
expect(auditLogEntry.timestamp).to.exist
|
|
delete auditLogEntry.timestamp
|
|
expect(auditLogEntry).to.deep.equal({
|
|
operation: 'login',
|
|
ipAddress: '127.0.0.1',
|
|
initiatorId: ObjectId(user.id),
|
|
})
|
|
})
|
|
})
|
|
})
|