From ddfb306b44b29b5b3efab30a675fb9479d6d0463 Mon Sep 17 00:00:00 2001 From: Alexandre Bodin Date: Tue, 12 May 2020 20:46:48 +0200 Subject: [PATCH] Add tests Signed-off-by: Alexandre Bodin --- packages/strapi-admin/controllers/Auth.js | 5 +- .../controllers/authentication.js | 4 +- .../strapi-admin/middlewares/auth/index.js | 6 +- packages/strapi-admin/services/auth.js | 10 +- .../strapi-admin/test/admin-auth.test.e2e.js | 168 ++++++++++++++++++ packages/strapi/lib/core/load-admin.js | 2 +- 6 files changed, 182 insertions(+), 13 deletions(-) create mode 100644 packages/strapi-admin/test/admin-auth.test.e2e.js diff --git a/packages/strapi-admin/controllers/Auth.js b/packages/strapi-admin/controllers/Auth.js index f9334c7106..b61f633e49 100644 --- a/packages/strapi-admin/controllers/Auth.js +++ b/packages/strapi-admin/controllers/Auth.js @@ -91,7 +91,10 @@ module.exports = { } try { - const admin = await strapi.query('user', 'admin').create(params); + const admin = await strapi.query('user', 'admin').create({ + ...params, + isActive: true, + }); admin.isAdmin = true; diff --git a/packages/strapi-admin/controllers/authentication.js b/packages/strapi-admin/controllers/authentication.js index e6de19cff8..242fb63507 100644 --- a/packages/strapi-admin/controllers/authentication.js +++ b/packages/strapi-admin/controllers/authentication.js @@ -35,13 +35,13 @@ module.exports = { const { token } = ctx.request.body; if (token === undefined) { - return ctx.badRequest('Token is required.'); + return ctx.badRequest('Missing token'); } const { isValid, payload } = strapi.admin.services.auth.decodeToken(token); if (!isValid) { - return ctx.badRequest('Invalid token.'); + return ctx.badRequest('Invalid token'); } ctx.body = { diff --git a/packages/strapi-admin/middlewares/auth/index.js b/packages/strapi-admin/middlewares/auth/index.js index 242dda83f9..bcd33a7af2 100644 --- a/packages/strapi-admin/middlewares/auth/index.js +++ b/packages/strapi-admin/middlewares/auth/index.js @@ -36,11 +36,9 @@ module.exports = strapi => ({ if (isValid) { // request is made by an admin - const admin = await strapi - .query('administrator', 'admin') - .findOne({ id: payload.id }, []); + const admin = await strapi.query('user', 'admin').findOne({ id: payload.id }, []); - if (!admin || admin.blocked === true) { + if (!admin || !(admin.isActive === true)) { return ctx.forbidden('Invalid credentials'); } diff --git a/packages/strapi-admin/services/auth.js b/packages/strapi-admin/services/auth.js index e82ccfeba6..75cdde79ff 100644 --- a/packages/strapi-admin/services/auth.js +++ b/packages/strapi-admin/services/auth.js @@ -58,24 +58,24 @@ const validatePassword = (password, hash) => bcrypt.compare(password, hash); * @param {string} options.password */ const checkCredentials = async ({ email, password }) => { - const user = await strapi.query('administrator', 'admin').findOne({ email }); + const admin = await strapi.query('user', 'admin').findOne({ email }); - if (!user) { + if (!admin) { return [null, false, { message: 'Invalid credentials' }]; } - const isValid = await strapi.admin.services.auth.validatePassword(password, user.password); + const isValid = await strapi.admin.services.auth.validatePassword(password, admin.password); if (!isValid) { return [null, false, { message: 'Invalid credentials' }]; } // TODO: change to isActive - if (user.blocked === true) { + if (!(admin.isActive === true)) { return [null, false, { message: 'User not active' }]; } - return [null, user]; + return [null, admin]; }; const decodeToken = token => { diff --git a/packages/strapi-admin/test/admin-auth.test.e2e.js b/packages/strapi-admin/test/admin-auth.test.e2e.js new file mode 100644 index 0000000000..5c6f62b3d1 --- /dev/null +++ b/packages/strapi-admin/test/admin-auth.test.e2e.js @@ -0,0 +1,168 @@ +// Helpers. +const { registerAndLogin } = require('../../../test/helpers/auth'); +const { createAuthRequest } = require('../../../test/helpers/request'); + +let rq; + +expect.extend({ + stringOrNull(received) { + const pass = typeof received === 'string' || received === null; + if (pass) { + return { + message: () => `expected ${received} not to be null or a string`, + pass: true, + }; + } else { + return { + message: () => `expected ${received} to be null or a string`, + pass: false, + }; + } + }, +}); + +describe('Content Manager End to End', () => { + beforeAll(async () => { + const token = await registerAndLogin(); + rq = createAuthRequest(token); + }, 60000); + + describe('Login', () => { + test('Can connect successfuklly', async () => { + const res = await rq({ + url: '/admin/login', + method: 'POST', + body: { + email: 'admin@strapi.io', + password: 'pcw123', + }, + }); + + expect(res.statusCode).toBe(200); + expect(res.body.data).toMatchObject({ + token: expect.any(String), + user: { + firstname: expect.stringOrNull(), + lastname: expect.stringOrNull(), + username: expect.stringOrNull(), + email: expect.any(String), + isActive: expect.any(Boolean), + }, + }); + }); + + test('Fails on invalid password', async () => { + const res = await rq({ + url: '/admin/login', + method: 'POST', + body: { + email: 'admin@strapi.io', + password: 'wrongPassword', + }, + }); + + expect(res.statusCode).toBe(400); + expect(res.body).toEqual({ + statusCode: 400, + error: 'Bad Request', + message: 'Invalid credentials', + }); + }); + + test('Fails on invalid email', async () => { + const res = await rq({ + url: '/admin/login', + method: 'POST', + body: { + email: 'non-existent-user@strapi.io', + password: 'pcw123', + }, + }); + + expect(res.statusCode).toBe(400); + expect(res.body).toEqual({ + statusCode: 400, + error: 'Bad Request', + message: 'Invalid credentials', + }); + }); + + test('Fails on missing credentials', async () => { + const res = await rq({ + url: '/admin/login', + method: 'POST', + body: { + email: 'non-existent-user@strapi.io', + }, + }); + + expect(res.statusCode).toBe(400); + expect(res.body).toEqual({ + statusCode: 400, + error: 'Bad Request', + message: 'Missing credentials', + }); + }); + }); + + describe('Renew token', () => { + test('Renew token', async () => { + const authRes = await rq({ + url: '/admin/login', + method: 'POST', + body: { + email: 'admin@strapi.io', + password: 'pcw123', + }, + }); + + expect(authRes.statusCode).toBe(200); + const { token } = authRes.body.data; + + const res = await rq({ + url: '/admin/renew-token', + method: 'POST', + body: { + token, + }, + }); + + expect(res.statusCode).toBe(200); + expect(res.body.data).toEqual({ + token: expect.any(String), + }); + }); + + test('Fails on invalid token', async () => { + const res = await rq({ + url: '/admin/renew-token', + method: 'POST', + body: { + token: 'invalid-token', + }, + }); + + expect(res.statusCode).toBe(400); + expect(res.body).toEqual({ + statusCode: 400, + error: 'Bad Request', + message: 'Invalid token', + }); + }); + + test('Fails on missing token', async () => { + const res = await rq({ + url: '/admin/renew-token', + method: 'POST', + body: {}, + }); + + expect(res.statusCode).toBe(400); + expect(res.body).toEqual({ + statusCode: 400, + error: 'Bad Request', + message: 'Missing token', + }); + }); + }); +}); diff --git a/packages/strapi/lib/core/load-admin.js b/packages/strapi/lib/core/load-admin.js index 65bc17cfed..053e959095 100644 --- a/packages/strapi/lib/core/load-admin.js +++ b/packages/strapi/lib/core/load-admin.js @@ -8,7 +8,7 @@ module.exports = async () => { const adminPath = findPackagePath('strapi-admin'); const [files, config] = await Promise.all([ - loadFiles(adminPath, '!(config|node_modules|scripts)/*.*(js|json)'), + loadFiles(adminPath, '!(config|node_modules|test|scripts)/*.*(js|json)'), loadConfig(adminPath), ]);