Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
Avatar for KuCalc : devops.
 Download
50660 views
Tweet
Share
Share
1
###

2
Testing password reset, change, email_address change, etc. related functionality

3
###

4


5
api   = require('./apitest')

6
{setup, teardown} = api

7


8
misc  = require('smc-util/misc')

9


10
expect = require('expect')

11


12
auth = require('../../auth')

13


14


15
describe 'test changing password -- ', ->

16
    before(setup)

17
    after(teardown)

18


19
    it 'changes the password', (done) ->

20
        api.call

21
            event : 'change_password'

22
            body :

23
                email_address     : "[email protected]"

24
                old_password      : 'blah'

25
                new_password      : 'new-blah'

26
            cb    : (err, resp) ->

27
                expect(resp?.event).toBe('changed_password')

28
                done(err)

29


30
    it "tries with invalid old password and fails (this also confirms that password was changed)", (done) ->

31
        api.call

32
            event : 'change_password'

33
            body :

34
                email_address     : "[email protected]"

35
                old_password      : 'blah'

36
                new_password      : 'new2-blah'

37
            cb    : (err, resp) ->

38
                expect(resp?.error).toBe('invalid old password')

39
                done(err)

40


41
    it 'change it back, which confirms it was changed to what we think', (done) ->

42
        api.call

43
            event : 'change_password'

44
            body :

45
                email_address     : "[email protected]"

46
                old_password      : 'new-blah'

47
                new_password      : 'blah'

48
            cb    : (err, resp) ->

49
                expect(resp?.event).toBe('changed_password')

50
                done(err)

51


52
    account_id2 = undefined

53
    it "create another account with no password set", (done) ->

54
        api.db.create_account

55
            first_name    : "Sage2"

56
            last_name     : "CoCalc2"

57
            created_by    : "1.2.3.5"

58
            email_address : "[email protected]"

59
            cb            : (err, account_id) ->

60
                account_id2 = account_id

61
                done(err)

62


63
    it "tries -- AND FAILS -- to change that other user's password", (done) ->

64
        api.call

65
            event : 'change_password'

66
            body :

67
                email_address     : "[email protected]"

68
                new_password      : 'blah'

69
            cb    : (err, resp) ->

70
                expect(resp?.error).toEqual(other: 'invalid account_id')

71
                done(err)

72


73
    api_key2 = undefined

74
    it "get api key of user with no password", (done) ->

75
        api.db.regenerate_api_key

76
            account_id : account_id2

77
            cb         : (err, api_key) ->

78
                api_key2 = api_key

79
                done(err)

80


81
    it "tries and fails for a good reason", (done) ->

82
        api.call

83
            event : 'change_password'

84
            api_key : api_key2

85
            body :

86
                email_address     : "[email protected]"

87
                new_password      : 'blah'

88
            cb    : (err, resp) ->

89
                expect(resp?.error).toEqual(new_password: 'Password must be between 6 and 64 characters in length.')

90
                done(err)

91


92
    it "tries and fails for a good reason", (done) ->

93
        api.call

94
            event : 'change_password'

95
            api_key : api_key2

96
            body :

97
                email_address     : "[email protected]"

98
                new_password      : 'blahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblah'

99
            cb    : (err, resp) ->

100
                expect(resp?.error).toEqual(new_password: 'Password must be between 6 and 64 characters in length.')

101
                done(err)

102


103
    it "tries -- AND SUCCEEDS -- to change that other user's password", (done) ->

104
        api.call

105
            event : 'change_password'

106
            api_key : api_key2

107
            body :

108
                email_address     : "[email protected]"

109
                new_password      : 'blahblah'

110
            cb    : (err, resp) ->

111
                expect(resp?.error).toBe(undefined)

112
                done(err)

113


114
describe 'test changing email address -- ', ->

115
    before(setup)

116
    after(teardown)

117


118
    it "changes it", (done) ->

119
        api.call

120
            event : 'change_email_address'

121
            body :

122
                new_email_address : "[email protected]"

123
                password          : 'blah'

124
                account_id        : api.account_id

125
            cb    : (err, resp) ->

126
                expect(resp?.event).toBe('changed_email_address')

127
                done(err)

128


129
    it 'confirms it really changed', (done) ->

130
        api.call

131
            event : 'query'

132
            body :

133
                query : {accounts:{email_address:null}}

134
            cb : (err, resp) ->

135
                expect(resp?.query?.accounts?.email_address).toBe('[email protected]')

136
                done(err)

137


138
    it 'tries to change with wrong password', (done) ->

139
        api.call

140
            event : 'change_email_address'

141
            body :

142
                new_email_address : "[email protected]"

143
                password          : 'blahblah'

144
                account_id        : api.account_id

145
            cb    : (err, resp) ->

146
                expect(resp?.error).toBe('invalid_password')

147
                done(err)

148


149
    it 'confirms it did NOT change', (done) ->

150
        api.call

151
            event : 'query'

152
            body :

153
                query : {accounts:{email_address:null}}

154
            cb : (err, resp) ->

155
                expect(resp?.query?.accounts?.email_address).toBe('[email protected]')

156
                done(err)

157


158
    account_id2 = undefined

159
    it "create another account", (done) ->

160
        api.db.create_account

161
            first_name    : "Sage2"

162
            last_name     : "CoCalc2"

163
            created_by    : "1.2.3.5"

164
            email_address : "[email protected]"

165
            cb            : (err, account_id) ->

166
                account_id2 = account_id

167
                done(err)

168


169
    it 'tries to change to that email address', (done) ->

170
        api.call

171
            event : 'change_email_address'

172
            body :

173
                new_email_address : "[email protected]"

174
                password          : 'blah'

175
                account_id        : api.account_id

176
            cb    : (err, resp) ->

177
                expect(resp?.error).toBe('email_already_taken')

178
                done(err)

179


180


181
describe 'tests sending a forgot password email --', ->

182
    before(setup)

183
    after(teardown)

184


185
    it 'sends a forgot password email for an address that does not exist', (done) ->

186
        api.call

187
            event : 'forgot_password'

188
            body :

189
                email_address : '[email protected]'

190
            cb : (err, resp) ->

191
                expect(resp?.error).toBe('No account with e-mail address [email protected]')

192
                done(err)

193


194


195
    reset_code = undefined

196
    it 'sends a forgot password email', (done) ->

197
        api.call

198
            event : 'forgot_password'

199
            body :

200
                email_address : '[email protected]'

201
            cb : (err, resp) ->

202
                expect(resp.error).toBe(false)

203
                expect(api.last_email?.subject).toBe('CoCalc Password Reset')

204
                i = api.last_email?.body.indexOf('#forgot-')

205
                reset_code = api.last_email?.body.slice(i+'#forgot-'.length, i+'#forgot-'.length+36)

206
                expect(misc.is_valid_uuid_string(reset_code)).toBe(true)

207
                done(err)

208


209
    it 'uses the forgot password token', (done) ->

210
        api.call

211
            event : 'reset_forgot_password'

212
            body  :

213
                reset_code   : reset_code

214
                new_password : 'foobar'

215
            cb : (err, resp) ->

216
                expect(!!resp?.error).toBe(false)

217
                done(err)

218


219
    it 'verifies that password was properly reset', (done) ->

220
        auth.is_password_correct

221
            database             : api.db

222
            account_id           : api.account_id

223
            password             : 'foobar'

224
            cb                   : (err, is_correct) ->

225
                expect(is_correct).toBe(true)

226
                done(err)

227


228


229