2019-09-03 10:03:31 +03:00
|
|
|
const should = require('should');
|
|
|
|
const sinon = require('sinon');
|
2020-05-26 21:10:29 +03:00
|
|
|
const {UnauthorizedError} = require('@tryghost/errors');
|
2019-09-03 10:03:31 +03:00
|
|
|
|
2020-03-30 18:26:47 +03:00
|
|
|
const models = require('../../../../core/server/models');
|
2019-09-03 10:03:31 +03:00
|
|
|
|
2021-01-21 12:00:25 +03:00
|
|
|
const sessionController = require('../../../../core/server/api/v3/session');
|
2020-04-06 12:49:14 +03:00
|
|
|
const sessionServiceMiddleware = require('../../../../core/server/services/auth/session');
|
2019-09-03 10:03:31 +03:00
|
|
|
|
2019-10-08 15:58:08 +03:00
|
|
|
describe('v3 Session controller', function () {
|
2019-09-03 10:03:31 +03:00
|
|
|
before(function () {
|
|
|
|
models.init();
|
|
|
|
});
|
|
|
|
|
|
|
|
afterEach(function () {
|
|
|
|
sinon.restore();
|
|
|
|
});
|
|
|
|
|
|
|
|
it('exports an add method', function () {
|
|
|
|
should.equal(typeof sessionController.add, 'function');
|
|
|
|
});
|
|
|
|
it('exports an delete method', function () {
|
|
|
|
should.equal(typeof sessionController.delete, 'function');
|
|
|
|
});
|
|
|
|
|
|
|
|
describe('#add', function () {
|
|
|
|
it('throws an UnauthorizedError if the object is missing a username and password', function () {
|
|
|
|
return sessionController.add({}).then(() => {
|
|
|
|
should.fail('session.add did not throw');
|
|
|
|
},(err) => {
|
|
|
|
should.equal(err instanceof UnauthorizedError, true);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('it checks the username and password and throws UnauthorizedError if it fails', function () {
|
|
|
|
const userCheckStub = sinon.stub(models.User, 'check')
|
|
|
|
.rejects(new Error());
|
|
|
|
|
2019-09-11 12:28:55 +03:00
|
|
|
return sessionController.add({data: {
|
2019-09-03 10:03:31 +03:00
|
|
|
username: 'freddy@vodafone.com',
|
|
|
|
password: 'qu33nRul35'
|
2019-09-11 12:28:55 +03:00
|
|
|
}}).then(() => {
|
2019-09-03 10:03:31 +03:00
|
|
|
should.fail('session.add did not throw');
|
|
|
|
},(err) => {
|
|
|
|
should.equal(err instanceof UnauthorizedError, true);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('it returns a function that calls req.brute.reset, sets req.user and calls createSession if the check works', function () {
|
|
|
|
const fakeReq = {
|
|
|
|
brute: {
|
|
|
|
reset: sinon.stub().callsArg(0)
|
|
|
|
}
|
|
|
|
};
|
|
|
|
const fakeRes = {};
|
|
|
|
const fakeNext = () => {};
|
|
|
|
const fakeUser = models.User.forge({});
|
|
|
|
sinon.stub(models.User, 'check')
|
|
|
|
.resolves(fakeUser);
|
|
|
|
|
|
|
|
const createSessionStub = sinon.stub(sessionServiceMiddleware, 'createSession');
|
|
|
|
|
2019-09-11 12:28:55 +03:00
|
|
|
return sessionController.add({data: {
|
2019-09-03 10:03:31 +03:00
|
|
|
username: 'freddy@vodafone.com',
|
|
|
|
password: 'qu33nRul35'
|
2019-09-11 12:28:55 +03:00
|
|
|
}}).then((fn) => {
|
2019-09-03 10:03:31 +03:00
|
|
|
fn(fakeReq, fakeRes, fakeNext);
|
|
|
|
}).then(function () {
|
|
|
|
should.equal(fakeReq.brute.reset.callCount, 1);
|
|
|
|
|
|
|
|
const createSessionStubCall = createSessionStub.getCall(0);
|
|
|
|
should.equal(fakeReq.user, fakeUser);
|
|
|
|
should.equal(createSessionStubCall.args[0], fakeReq);
|
|
|
|
should.equal(createSessionStubCall.args[1], fakeRes);
|
|
|
|
should.equal(createSessionStubCall.args[2], fakeNext);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('it returns a function that calls req.brute.reset and calls next if reset errors', function () {
|
|
|
|
const resetError = new Error();
|
|
|
|
const fakeReq = {
|
|
|
|
brute: {
|
|
|
|
reset: sinon.stub().callsArgWith(0, resetError)
|
|
|
|
}
|
|
|
|
};
|
|
|
|
const fakeRes = {};
|
|
|
|
const fakeNext = sinon.stub();
|
|
|
|
const fakeUser = models.User.forge({});
|
|
|
|
sinon.stub(models.User, 'check')
|
|
|
|
.resolves(fakeUser);
|
|
|
|
|
|
|
|
const createSessionStub = sinon.stub(sessionServiceMiddleware, 'createSession');
|
|
|
|
|
2019-09-11 12:28:55 +03:00
|
|
|
return sessionController.add({data: {
|
2019-09-03 10:03:31 +03:00
|
|
|
username: 'freddy@vodafone.com',
|
|
|
|
password: 'qu33nRul35'
|
2019-09-11 12:28:55 +03:00
|
|
|
}}).then((fn) => {
|
2019-09-03 10:03:31 +03:00
|
|
|
fn(fakeReq, fakeRes, fakeNext);
|
|
|
|
}).then(function () {
|
|
|
|
should.equal(fakeReq.brute.reset.callCount, 1);
|
|
|
|
should.equal(fakeNext.callCount, 1);
|
|
|
|
should.equal(fakeNext.args[0][0], resetError);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
describe('#delete', function () {
|
|
|
|
it('returns a function that calls destroySession', function () {
|
|
|
|
const fakeReq = {};
|
|
|
|
const fakeRes = {};
|
|
|
|
const fakeNext = () => {};
|
|
|
|
const destroySessionStub = sinon.stub(sessionServiceMiddleware, 'destroySession');
|
|
|
|
|
|
|
|
return sessionController.delete().then((fn) => {
|
|
|
|
fn(fakeReq, fakeRes, fakeNext);
|
|
|
|
}).then(function () {
|
|
|
|
const destroySessionStubCall = destroySessionStub.getCall(0);
|
|
|
|
should.equal(destroySessionStubCall.args[0], fakeReq);
|
|
|
|
should.equal(destroySessionStubCall.args[1], fakeRes);
|
|
|
|
should.equal(destroySessionStubCall.args[2], fakeNext);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
describe('#get', function () {
|
|
|
|
it('returns the result of User.findOne', function () {
|
|
|
|
const findOneReturnVal = new Promise(() => {});
|
|
|
|
const findOneStub = sinon.stub(models.User, 'findOne')
|
|
|
|
.returns(findOneReturnVal);
|
|
|
|
|
|
|
|
const result = sessionController.read({
|
2019-09-11 12:28:55 +03:00
|
|
|
options: {
|
|
|
|
context: {
|
|
|
|
user: 108
|
|
|
|
}
|
2019-09-03 10:03:31 +03:00
|
|
|
}
|
|
|
|
});
|
|
|
|
should.equal(result, findOneReturnVal);
|
|
|
|
should.deepEqual(findOneStub.args[0][0], {
|
|
|
|
id: 108
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|