Extended test coverage for tokens module

refs https://github.com/TryGhost/Ghost/issues/11878 - There are multiple reasons why the token can be invalid. This coverage is meant cover these reasons and pave the way for introduction of more rganular errors causing the invlid token
2024-11-24 14:43:08 +03:00 · 2020-09-22 13:17:07 +12:00 · 2020-09-22 13:17:07 +12:00 · 54f9ff24c2
commit 54f9ff24c2
parent 01f6345c08
1 changed files with 45 additions and 1 deletions
--- a/ghost/security/test/tokens.test.js
+++ b/ghost/security/test/tokens.test.js
@ -42,7 +42,7 @@ describe('Utils: tokens', function () {
        tokenIsCorrect.should.eql(true);
    });

-    it('compare: error', function () {
+    it('compare: error from invalid password', function () {
        const expires = Date.now() + 60 * 1000;
        const dbHash = uuid.v4();
        let token;
@ -64,6 +64,50 @@ describe('Utils: tokens', function () {
        tokenIsCorrect.should.eql(false);
    });

+    it('compare: error from invalid expires parameter', function () {
+        const invalidDate = 'not a date';
+        const dbHash = uuid.v4();
+        let token;
+        let tokenIsCorrect;
+
+        token = security.tokens.resetToken.generateHash({
+            email: 'test1@ghost.org',
+            expires: invalidDate,
+            password: '12345678',
+            dbHash: dbHash
+        });
+
+        tokenIsCorrect = security.tokens.resetToken.compare({
+            token: token,
+            dbHash: dbHash,
+            password: '123456'
+        });
+
+        tokenIsCorrect.should.eql(false);
+    });
+
+    it('compare: error from expired token', function () {
+        const dateInThePast = Date.now() - 60 * 1000;
+        const dbHash = uuid.v4();
+        let token;
+        let tokenIsCorrect;
+
+        token = security.tokens.resetToken.generateHash({
+            email: 'test1@ghost.org',
+            expires: dateInThePast,
+            password: '12345678',
+            dbHash: dbHash
+        });
+
+        tokenIsCorrect = security.tokens.resetToken.compare({
+            token: token,
+            dbHash: dbHash,
+            password: '123456'
+        });
+
+        tokenIsCorrect.should.eql(false);
+    });
+
    it('extract', function () {
        const expires = Date.now() + 60 * 1000;
        const dbHash = uuid.v4();