overleaf/services/web/test/acceptance/src/PasswordUpdateTests.js
Alf Eaton 1be43911b4 Merge pull request #3942 from overleaf/prettier-trailing-comma
Set Prettier's "trailingComma" setting to "es5"

GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5
2021-04-28 02:10:01 +00:00

139 lines
4.8 KiB
JavaScript

const { expect } = require('chai')
const RateLimiter = require('../../../app/src/infrastructure/RateLimiter')
const UserHelper = require('./helpers/UserHelper')
describe('PasswordUpdate', function () {
let email, password, response, user, userHelper
afterEach(async function () {
await RateLimiter.promises.clearRateLimit(
'password_reset_rate_limit',
'127.0.0.1'
)
})
beforeEach(async function () {
userHelper = new UserHelper()
email = userHelper.getDefaultEmail()
password = 'old-password'
userHelper = await UserHelper.createUser({ email, password })
userHelper = await UserHelper.loginUser({
email,
password,
})
await userHelper.getCsrfToken()
})
describe('success', function () {
beforeEach(async function () {
response = await userHelper.request.post('/user/password/update', {
form: {
currentPassword: password,
newPassword1: 'new-password',
newPassword2: 'new-password',
},
simple: false,
})
userHelper = await UserHelper.getUser({ email })
user = userHelper.user
})
it('should return 200', async function () {
expect(response.statusCode).to.equal(200)
})
it('should update the audit log', function () {
const auditLog = userHelper.getAuditLogWithoutNoise()
expect(auditLog[0]).to.exist
expect(typeof auditLog[0].initiatorId).to.equal('object')
expect(auditLog[0].initiatorId).to.deep.equal(user._id)
expect(auditLog[0].operation).to.equal('update-password')
expect(auditLog[0].ipAddress).to.equal('127.0.0.1')
expect(auditLog[0].timestamp).to.exist
})
})
describe('errors', function () {
describe('missing current password', function () {
beforeEach(async function () {
response = await userHelper.request.post('/user/password/update', {
form: {
newPassword1: 'new-password',
newPassword2: 'new-password',
},
simple: false,
})
userHelper = await UserHelper.getUser({ email })
})
it('should return 500', async function () {
expect(response.statusCode).to.equal(500)
})
it('should not update audit log', async function () {
const auditLog = userHelper.getAuditLogWithoutNoise()
expect(auditLog).to.deep.equal([])
})
})
describe('wrong current password', function () {
beforeEach(async function () {
response = await userHelper.request.post('/user/password/update', {
form: {
currentPassword: 'wrong-password',
newPassword1: 'new-password',
newPassword2: 'new-password',
},
simple: false,
})
userHelper = await UserHelper.getUser({ email })
})
it('should return 400', async function () {
expect(response.statusCode).to.equal(400)
})
it('should not update audit log', async function () {
const auditLog = userHelper.getAuditLogWithoutNoise()
expect(auditLog).to.deep.equal([])
})
})
describe('newPassword1 does not match newPassword2', function () {
beforeEach(async function () {
response = await userHelper.request.post('/user/password/update', {
form: {
currentPassword: password,
newPassword1: 'new-password',
newPassword2: 'oops-password',
},
json: true,
simple: false,
})
userHelper = await UserHelper.getUser({ email })
})
it('should return 400', async function () {
expect(response.statusCode).to.equal(400)
})
it('should return error message', async function () {
expect(response.body.message).to.equal('Passwords do not match')
})
it('should not update audit log', async function () {
const auditLog = userHelper.getAuditLogWithoutNoise()
expect(auditLog).to.deep.equal([])
})
})
describe('new password is not valid', function () {
beforeEach(async function () {
response = await userHelper.request.post('/user/password/update', {
form: {
currentPassword: password,
newPassword1: 'short',
newPassword2: 'short',
},
json: true,
simple: false,
})
userHelper = await UserHelper.getUser({ email })
})
it('should return 400', async function () {
expect(response.statusCode).to.equal(400)
})
it('should return error message', async function () {
expect(response.body.message).to.equal('password is too short')
})
it('should not update audit log', async function () {
const auditLog = userHelper.getAuditLogWithoutNoise()
expect(auditLog).to.deep.equal([])
})
})
})
})