2020-06-09 11:48:49 +02:00
|
|
|
'use strict';
|
|
|
|
|
|
2020-05-12 20:46:48 +02:00
|
|
|
// Helpers.
|
|
|
|
|
const { createAuthRequest } = require('../../../test/helpers/request');
|
2020-11-10 14:15:31 +01:00
|
|
|
const { createStrapiInstance, superAdmin } = require('../../../test/helpers/strapi');
|
|
|
|
|
const { createUtils } = require('../../../test/helpers/utils');
|
2020-05-12 20:46:48 +02:00
|
|
|
|
2020-07-29 13:24:27 +02:00
|
|
|
const edition = process.env.STRAPI_DISABLE_EE === 'true' ? 'CE' : 'EE';
|
|
|
|
|
|
2020-07-22 15:17:23 +02:00
|
|
|
let internals = {
|
|
|
|
|
role: null,
|
|
|
|
|
};
|
2020-06-04 10:25:02 +02:00
|
|
|
|
2020-07-22 15:17:23 +02:00
|
|
|
describe('Admin Auth End to End', () => {
|
2020-11-10 14:15:31 +01:00
|
|
|
let rq;
|
|
|
|
|
let strapi;
|
|
|
|
|
let utils;
|
2020-06-04 10:25:02 +02:00
|
|
|
|
2020-05-12 20:46:48 +02:00
|
|
|
beforeAll(async () => {
|
2020-11-30 20:20:36 +01:00
|
|
|
strapi = await createStrapiInstance();
|
2020-11-10 14:15:31 +01:00
|
|
|
rq = await createAuthRequest({ strapi });
|
|
|
|
|
utils = createUtils(strapi);
|
2020-07-29 13:24:27 +02:00
|
|
|
|
|
|
|
|
if (edition === 'EE') {
|
2020-11-10 14:15:31 +01:00
|
|
|
internals.role = await utils.createRole({
|
|
|
|
|
name: 'auth_test_role',
|
|
|
|
|
description: 'Only used for auth crud test (e2e)',
|
|
|
|
|
});
|
2020-07-29 13:24:27 +02:00
|
|
|
} else {
|
2020-11-10 14:15:31 +01:00
|
|
|
internals.role = await utils.getSuperAdminRole();
|
2020-07-29 13:24:27 +02:00
|
|
|
}
|
2020-06-04 10:25:02 +02:00
|
|
|
}, 60000);
|
|
|
|
|
|
|
|
|
|
afterAll(async () => {
|
2020-11-10 14:15:31 +01:00
|
|
|
if (edition === 'EE') {
|
|
|
|
|
await utils.deleteRolesById([internals.role.id]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
await strapi.destroy();
|
2020-05-12 20:46:48 +02:00
|
|
|
}, 60000);
|
|
|
|
|
|
|
|
|
|
describe('Login', () => {
|
2020-06-04 10:25:02 +02:00
|
|
|
test('Can connect successfully', async () => {
|
2020-05-12 20:46:48 +02:00
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/login',
|
|
|
|
|
method: 'POST',
|
2020-11-10 14:15:31 +01:00
|
|
|
body: superAdmin.loginInfo,
|
2020-05-12 20:46:48 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(200);
|
|
|
|
|
expect(res.body.data).toMatchObject({
|
|
|
|
|
token: expect.any(String),
|
|
|
|
|
user: {
|
|
|
|
|
firstname: expect.stringOrNull(),
|
|
|
|
|
lastname: expect.stringOrNull(),
|
|
|
|
|
username: expect.stringOrNull(),
|
|
|
|
|
email: expect.any(String),
|
|
|
|
|
isActive: expect.any(Boolean),
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Fails on invalid password', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/login',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: {
|
2020-11-10 14:15:31 +01:00
|
|
|
...superAdmin.loginInfo,
|
2020-05-12 20:46:48 +02:00
|
|
|
password: 'wrongPassword',
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toEqual({
|
|
|
|
|
statusCode: 400,
|
|
|
|
|
error: 'Bad Request',
|
|
|
|
|
message: 'Invalid credentials',
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Fails on invalid email', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/login',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: {
|
|
|
|
|
email: 'non-existent-user@strapi.io',
|
|
|
|
|
password: 'pcw123',
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toEqual({
|
|
|
|
|
statusCode: 400,
|
|
|
|
|
error: 'Bad Request',
|
|
|
|
|
message: 'Invalid credentials',
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Fails on missing credentials', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/login',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: {
|
|
|
|
|
email: 'non-existent-user@strapi.io',
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toEqual({
|
|
|
|
|
statusCode: 400,
|
|
|
|
|
error: 'Bad Request',
|
|
|
|
|
message: 'Missing credentials',
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('Renew token', () => {
|
|
|
|
|
test('Renew token', async () => {
|
|
|
|
|
const authRes = await rq({
|
|
|
|
|
url: '/admin/login',
|
|
|
|
|
method: 'POST',
|
2020-11-10 14:15:31 +01:00
|
|
|
body: superAdmin.loginInfo,
|
2020-05-12 20:46:48 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(authRes.statusCode).toBe(200);
|
|
|
|
|
const { token } = authRes.body.data;
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/renew-token',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: {
|
|
|
|
|
token,
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(200);
|
|
|
|
|
expect(res.body.data).toEqual({
|
|
|
|
|
token: expect.any(String),
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Fails on invalid token', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/renew-token',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: {
|
|
|
|
|
token: 'invalid-token',
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toEqual({
|
|
|
|
|
statusCode: 400,
|
|
|
|
|
error: 'Bad Request',
|
|
|
|
|
message: 'Invalid token',
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Fails on missing token', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/renew-token',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: {},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toEqual({
|
|
|
|
|
statusCode: 400,
|
|
|
|
|
error: 'Bad Request',
|
|
|
|
|
message: 'Missing token',
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
2020-05-18 16:07:37 +02:00
|
|
|
|
|
|
|
|
describe('GET /registration-info', () => {
|
2020-11-10 14:15:31 +01:00
|
|
|
const registrationToken = 'foobar';
|
|
|
|
|
let user;
|
|
|
|
|
|
|
|
|
|
beforeAll(async () => {
|
|
|
|
|
const userInfo = {
|
2020-05-18 16:07:37 +02:00
|
|
|
email: 'test@strapi.io',
|
|
|
|
|
firstname: 'test',
|
|
|
|
|
lastname: 'strapi',
|
2020-11-10 14:15:31 +01:00
|
|
|
roles: [internals.role.id],
|
|
|
|
|
registrationToken,
|
|
|
|
|
isActive: false,
|
2020-05-18 16:07:37 +02:00
|
|
|
};
|
|
|
|
|
|
2020-11-10 14:15:31 +01:00
|
|
|
user = await utils.createUser(userInfo);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
afterAll(async () => {
|
|
|
|
|
await utils.deleteUserById(user.id);
|
|
|
|
|
});
|
2020-05-18 16:07:37 +02:00
|
|
|
|
2020-11-10 14:15:31 +01:00
|
|
|
test('Returns registration info', async () => {
|
2020-05-18 16:07:37 +02:00
|
|
|
const res = await rq({
|
2020-11-10 14:15:31 +01:00
|
|
|
url: `/admin/registration-info?registrationToken=${registrationToken}`,
|
2020-05-18 16:07:37 +02:00
|
|
|
method: 'GET',
|
|
|
|
|
body: {},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(200);
|
|
|
|
|
expect(res.body).toEqual({
|
|
|
|
|
data: {
|
|
|
|
|
email: user.email,
|
|
|
|
|
firstname: user.firstname,
|
|
|
|
|
lastname: user.lastname,
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Fails on missing registration token', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/registration-info',
|
|
|
|
|
method: 'GET',
|
|
|
|
|
body: {},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toEqual({
|
|
|
|
|
statusCode: 400,
|
|
|
|
|
error: 'Bad Request',
|
2020-05-18 20:08:03 +02:00
|
|
|
message: 'QueryError',
|
|
|
|
|
data: {
|
|
|
|
|
registrationToken: ['registrationToken is a required field'],
|
|
|
|
|
},
|
2020-05-18 16:07:37 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Fails on invalid registration token. Without too much info', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/registration-info?registrationToken=ABCD',
|
|
|
|
|
method: 'GET',
|
|
|
|
|
body: {},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toEqual({
|
|
|
|
|
statusCode: 400,
|
|
|
|
|
error: 'Bad Request',
|
|
|
|
|
message: 'Invalid registrationToken',
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
2020-05-18 17:16:49 +02:00
|
|
|
|
|
|
|
|
describe('GET /register', () => {
|
2020-11-10 14:15:31 +01:00
|
|
|
let user;
|
|
|
|
|
|
|
|
|
|
beforeEach(async () => {
|
|
|
|
|
const userInfo = {
|
|
|
|
|
email: 'test@strapi.io',
|
|
|
|
|
firstname: 'test',
|
|
|
|
|
lastname: 'strapi',
|
|
|
|
|
registrationToken: 'foobar',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
user = await utils.createUser(userInfo);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
afterEach(async () => {
|
|
|
|
|
await utils.deleteUserById(user.id);
|
|
|
|
|
});
|
|
|
|
|
|
2020-05-18 17:16:49 +02:00
|
|
|
test('Fails on missing payload', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/register',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: {
|
|
|
|
|
userInfo: {},
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toEqual({
|
|
|
|
|
statusCode: 400,
|
|
|
|
|
error: 'Bad Request',
|
|
|
|
|
message: 'ValidationError',
|
|
|
|
|
data: {
|
|
|
|
|
registrationToken: ['registrationToken is a required field'],
|
|
|
|
|
|
|
|
|
|
'userInfo.firstname': ['userInfo.firstname is a required field'],
|
|
|
|
|
'userInfo.lastname': ['userInfo.lastname is a required field'],
|
|
|
|
|
'userInfo.password': ['userInfo.password is a required field'],
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Fails on invalid password', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/register',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: {
|
2020-11-10 14:15:31 +01:00
|
|
|
registrationToken: user.registrationToken,
|
2020-05-18 17:16:49 +02:00
|
|
|
userInfo: {
|
|
|
|
|
firstname: 'test',
|
|
|
|
|
lastname: 'Strapi',
|
|
|
|
|
password: '123',
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toEqual({
|
|
|
|
|
statusCode: 400,
|
|
|
|
|
error: 'Bad Request',
|
|
|
|
|
message: 'ValidationError',
|
|
|
|
|
data: {
|
|
|
|
|
'userInfo.password': ['userInfo.password must contain at least one uppercase character'],
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Registers user correctly', async () => {
|
2020-11-10 14:15:31 +01:00
|
|
|
const userRegistrationInfo = {
|
2020-05-18 17:16:49 +02:00
|
|
|
firstname: 'test',
|
|
|
|
|
lastname: 'Strapi',
|
|
|
|
|
password: '1Test2azda3',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/register',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: {
|
2020-11-10 14:15:31 +01:00
|
|
|
registrationToken: user.registrationToken,
|
|
|
|
|
userInfo: userRegistrationInfo,
|
2020-05-18 17:16:49 +02:00
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(200);
|
2020-05-18 20:08:03 +02:00
|
|
|
expect(res.body.data).toMatchObject({
|
2020-05-18 17:16:49 +02:00
|
|
|
token: expect.any(String),
|
|
|
|
|
user: {
|
|
|
|
|
email: user.email,
|
2020-05-18 20:08:03 +02:00
|
|
|
firstname: 'test',
|
|
|
|
|
lastname: 'Strapi',
|
2020-05-18 17:16:49 +02:00
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
2020-11-10 14:15:31 +01:00
|
|
|
expect(res.body.data.user.password === userRegistrationInfo.password).toBe(false);
|
2020-05-18 17:16:49 +02:00
|
|
|
});
|
|
|
|
|
});
|
2020-05-22 11:15:06 +02:00
|
|
|
|
|
|
|
|
describe('GET /register-admin', () => {
|
|
|
|
|
test('Fails on missing payload', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/register-admin',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: {},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toEqual({
|
|
|
|
|
statusCode: 400,
|
|
|
|
|
error: 'Bad Request',
|
|
|
|
|
message: 'ValidationError',
|
|
|
|
|
data: {
|
|
|
|
|
email: ['email is a required field'],
|
|
|
|
|
firstname: ['firstname is a required field'],
|
|
|
|
|
lastname: ['lastname is a required field'],
|
|
|
|
|
password: ['password is a required field'],
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Fails on invalid password', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/register-admin',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: {
|
|
|
|
|
email: 'test@strapi.io',
|
|
|
|
|
firstname: 'test',
|
|
|
|
|
lastname: 'Strapi',
|
|
|
|
|
password: '123',
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toEqual({
|
|
|
|
|
statusCode: 400,
|
|
|
|
|
error: 'Bad Request',
|
|
|
|
|
message: 'ValidationError',
|
|
|
|
|
data: {
|
|
|
|
|
password: ['password must contain at least one uppercase character'],
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Fails if already a user', async () => {
|
|
|
|
|
const userInfo = {
|
|
|
|
|
email: 'test-admin@strapi.io',
|
|
|
|
|
firstname: 'test',
|
|
|
|
|
lastname: 'Strapi',
|
|
|
|
|
password: '1Test2azda3',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/register-admin',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: userInfo,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toEqual({
|
|
|
|
|
statusCode: 400,
|
|
|
|
|
error: 'Bad Request',
|
|
|
|
|
message: 'You cannot register a new super admin',
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
2020-05-22 16:01:34 +02:00
|
|
|
|
|
|
|
|
describe('POST /forgot-password', () => {
|
|
|
|
|
test('Always returns en empty response', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/forgot-password',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: {
|
|
|
|
|
email: 'admin@strapi.io',
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(204);
|
2020-11-10 14:15:31 +01:00
|
|
|
expect(res.body).toStrictEqual({});
|
2020-05-22 16:01:34 +02:00
|
|
|
|
|
|
|
|
const nonExistentRes = await rq({
|
|
|
|
|
url: '/admin/forgot-password',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: {
|
|
|
|
|
email: 'email-do-not-exist@strapi.io',
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(nonExistentRes.statusCode).toBe(204);
|
2020-11-10 14:15:31 +01:00
|
|
|
expect(nonExistentRes.body).toStrictEqual({});
|
2020-05-22 16:01:34 +02:00
|
|
|
});
|
|
|
|
|
});
|
2020-05-12 20:46:48 +02:00
|
|
|
});
|
