Add tests

Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>

packages/strapi-admin/controllers/Auth.js

@@ -91,7 +91,10 @@ module.exports = {
     }
 
     try {
-      const admin = await strapi.query('user', 'admin').create(params);
+      const admin = await strapi.query('user', 'admin').create({
+        ...params,
+        isActive: true,
+      });
 
       admin.isAdmin = true;
 

packages/strapi-admin/controllers/authentication.js

@@ -35,13 +35,13 @@ module.exports = {
     const { token } = ctx.request.body;
 
     if (token === undefined) {
-      return ctx.badRequest('Token is required.');
+      return ctx.badRequest('Missing token');
     }
 
     const { isValid, payload } = strapi.admin.services.auth.decodeToken(token);
 
     if (!isValid) {
-      return ctx.badRequest('Invalid token.');
+      return ctx.badRequest('Invalid token');
     }
 
     ctx.body = {

packages/strapi-admin/middlewares/auth/index.js

@@ -36,11 +36,9 @@ module.exports = strapi => ({
 
         if (isValid) {
           // request is made by an admin
-          const admin = await strapi
+          const admin = await strapi.query('user', 'admin').findOne({ id: payload.id }, []);
-            .query('administrator', 'admin')
-            .findOne({ id: payload.id }, []);
 
-          if (!admin || admin.blocked === true) {
+          if (!admin || !(admin.isActive === true)) {
             return ctx.forbidden('Invalid credentials');
           }
 

packages/strapi-admin/services/auth.js

@@ -58,24 +58,24 @@ const validatePassword = (password, hash) => bcrypt.compare(password, hash);
  * @param {string} options.password
  */
 const checkCredentials = async ({ email, password }) => {
-  const user = await strapi.query('administrator', 'admin').findOne({ email });
+  const admin = await strapi.query('user', 'admin').findOne({ email });
 
-  if (!user) {
+  if (!admin) {
     return [null, false, { message: 'Invalid credentials' }];
   }
 
-  const isValid = await strapi.admin.services.auth.validatePassword(password, user.password);
+  const isValid = await strapi.admin.services.auth.validatePassword(password, admin.password);
 
   if (!isValid) {
     return [null, false, { message: 'Invalid credentials' }];
   }
 
   // TODO: change to isActive
-  if (user.blocked === true) {
+  if (!(admin.isActive === true)) {
     return [null, false, { message: 'User not active' }];
   }
 
-  return [null, user];
+  return [null, admin];
 };
 
 const decodeToken = token => {

packages/strapi-admin/test/admin-auth.test.e2e.js

@@ -0,0 +1,168 @@
+// Helpers.
+const { registerAndLogin } = require('../../../test/helpers/auth');
+const { createAuthRequest } = require('../../../test/helpers/request');
+
+let rq;
+
+expect.extend({
+  stringOrNull(received) {
+    const pass = typeof received === 'string' || received === null;
+    if (pass) {
+      return {
+        message: () => `expected ${received} not to be null or a string`,
+        pass: true,
+      };
+    } else {
+      return {
+        message: () => `expected ${received} to be null or a string`,
+        pass: false,
+      };
+    }
+  },
+});
+
+describe('Content Manager End to End', () => {
+  beforeAll(async () => {
+    const token = await registerAndLogin();
+    rq = createAuthRequest(token);
+  }, 60000);
+
+  describe('Login', () => {
+    test('Can connect successfuklly', async () => {
+      const res = await rq({
+        url: '/admin/login',
+        method: 'POST',
+        body: {
+          email: 'admin@strapi.io',
+          password: 'pcw123',
+        },
+      });
+
+      expect(res.statusCode).toBe(200);
+      expect(res.body.data).toMatchObject({
+        token: expect.any(String),
+        user: {
+          firstname: expect.stringOrNull(),
+          lastname: expect.stringOrNull(),
+          username: expect.stringOrNull(),
+          email: expect.any(String),
+          isActive: expect.any(Boolean),
+        },
+      });
+    });
+
+    test('Fails on invalid password', async () => {
+      const res = await rq({
+        url: '/admin/login',
+        method: 'POST',
+        body: {
+          email: 'admin@strapi.io',
+          password: 'wrongPassword',
+        },
+      });
+
+      expect(res.statusCode).toBe(400);
+      expect(res.body).toEqual({
+        statusCode: 400,
+        error: 'Bad Request',
+        message: 'Invalid credentials',
+      });
+    });
+
+    test('Fails on invalid email', async () => {
+      const res = await rq({
+        url: '/admin/login',
+        method: 'POST',
+        body: {
+          email: 'non-existent-user@strapi.io',
+          password: 'pcw123',
+        },
+      });
+
+      expect(res.statusCode).toBe(400);
+      expect(res.body).toEqual({
+        statusCode: 400,
+        error: 'Bad Request',
+        message: 'Invalid credentials',
+      });
+    });
+
+    test('Fails on missing credentials', async () => {
+      const res = await rq({
+        url: '/admin/login',
+        method: 'POST',
+        body: {
+          email: 'non-existent-user@strapi.io',
+        },
+      });
+
+      expect(res.statusCode).toBe(400);
+      expect(res.body).toEqual({
+        statusCode: 400,
+        error: 'Bad Request',
+        message: 'Missing credentials',
+      });
+    });
+  });
+
+  describe('Renew token', () => {
+    test('Renew token', async () => {
+      const authRes = await rq({
+        url: '/admin/login',
+        method: 'POST',
+        body: {
+          email: 'admin@strapi.io',
+          password: 'pcw123',
+        },
+      });
+
+      expect(authRes.statusCode).toBe(200);
+      const { token } = authRes.body.data;
+
+      const res = await rq({
+        url: '/admin/renew-token',
+        method: 'POST',
+        body: {
+          token,
+        },
+      });
+
+      expect(res.statusCode).toBe(200);
+      expect(res.body.data).toEqual({
+        token: expect.any(String),
+      });
+    });
+
+    test('Fails on invalid token', async () => {
+      const res = await rq({
+        url: '/admin/renew-token',
+        method: 'POST',
+        body: {
+          token: 'invalid-token',
+        },
+      });
+
+      expect(res.statusCode).toBe(400);
+      expect(res.body).toEqual({
+        statusCode: 400,
+        error: 'Bad Request',
+        message: 'Invalid token',
+      });
+    });
+
+    test('Fails on missing token', async () => {
+      const res = await rq({
+        url: '/admin/renew-token',
+        method: 'POST',
+        body: {},
+      });
+
+      expect(res.statusCode).toBe(400);
+      expect(res.body).toEqual({
+        statusCode: 400,
+        error: 'Bad Request',
+        message: 'Missing token',
+      });
+    });
+  });
+});

packages/strapi/lib/core/load-admin.js

@@ -8,7 +8,7 @@ module.exports = async () => {
   const adminPath = findPackagePath('strapi-admin');
 
   const [files, config] = await Promise.all([
-    loadFiles(adminPath, '!(config|node_modules|scripts)/*.*(js|json)'),
+    loadFiles(adminPath, '!(config|node_modules|test|scripts)/*.*(js|json)'),
     loadConfig(adminPath),
   ]);