0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00

Added tests for sessions API with 2fa enabled

This commit is contained in:
Sam Lord 2024-10-16 15:12:10 +01:00 committed by Kevin Ansfield
parent eef6c64131
commit 3ed1f6a8ca
3 changed files with 158 additions and 2 deletions

View file

@ -1,5 +1,73 @@
// Jest Snapshot v1, https://goo.gl/fbAQLP // Jest Snapshot v1, https://goo.gl/fbAQLP
exports[`Sessions API Staff 2FA can verify a session with 2FA code 1: [body] 1`] = `
Object {
"errors": Array [
Object {
"code": "2FA_TOKEN_REQUIRED",
"context": null,
"details": null,
"ghostErrorCode": null,
"help": null,
"id": StringMatching /\\[a-f0-9\\]\\{8\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{12\\}/,
"message": "User must verify session to login.",
"property": null,
"type": "Needs2FAError",
},
],
}
`;
exports[`Sessions API Staff 2FA can verify a session with 2FA code 2: [headers] 1`] = `
Object {
"access-control-allow-origin": "http://127.0.0.1:2369",
"cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0",
"content-length": "236",
"content-type": "application/json; charset=utf-8",
"content-version": StringMatching /v\\\\d\\+\\\\\\.\\\\d\\+/,
"etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/,
"set-cookie": Array [
"ghost-admin-api-session=s%3AMgHbIHAiCElZ5ifcN6r2oqSZwQNZV9Px.AtWhxBoc2aXXmX8GdWikxDyflgYWJNdHqr1twJRN3oU; Path=/ghost; Expires=Thu, 17 Apr 2025 02:10:39 GMT; HttpOnly; SameSite=Lax",
],
"vary": "Accept-Version, Origin, Accept-Encoding",
"x-powered-by": "Express",
}
`;
exports[`Sessions API Staff 2FA sends verification email if labs flag enabled 1: [body] 1`] = `
Object {
"errors": Array [
Object {
"code": "2FA_TOKEN_REQUIRED",
"context": null,
"details": null,
"ghostErrorCode": null,
"help": null,
"id": StringMatching /\\[a-f0-9\\]\\{8\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{12\\}/,
"message": "User must verify session to login.",
"property": null,
"type": "Needs2FAError",
},
],
}
`;
exports[`Sessions API Staff 2FA sends verification email if labs flag enabled 2: [headers] 1`] = `
Object {
"access-control-allow-origin": "http://127.0.0.1:2369",
"cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0",
"content-length": "236",
"content-type": "application/json; charset=utf-8",
"content-version": StringMatching /v\\\\d\\+\\\\\\.\\\\d\\+/,
"etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/,
"set-cookie": Array [
StringMatching /\\^ghost-admin-api-session=/,
],
"vary": "Accept-Version, Origin, Accept-Encoding",
"x-powered-by": "Express",
}
`;
exports[`Sessions API can create session (log in) 1: [headers] 1`] = ` exports[`Sessions API can create session (log in) 1: [headers] 1`] = `
Object { Object {
"access-control-allow-origin": "http://127.0.0.1:2369", "access-control-allow-origin": "http://127.0.0.1:2369",

View file

@ -1,5 +1,6 @@
const {agentProvider, fixtureManager, matchers} = require('../../utils/e2e-framework'); const {agentProvider, fixtureManager, matchers} = require('../../utils/e2e-framework');
const {anyContentVersion, anyEtag, anyErrorId, stringMatching, anyISODateTime} = matchers; const {mockLabsEnabled, mockLabsDisabled, mockMail, assert, restore} = require('../../utils/e2e-framework-mock-manager');
const {anyContentVersion, anyEtag, anyErrorId, stringMatching, anyISODateTime, anyUuid} = matchers;
describe('Sessions API', function () { describe('Sessions API', function () {
let agent; let agent;
@ -73,4 +74,91 @@ describe('Sessions API', function () {
etag: anyEtag etag: anyEtag
}); });
}); });
describe('Staff 2FA', function () {
let mail;
beforeEach(async function () {
mockLabsEnabled('staff2fa');
mail = mockMail();
// Setup the agent & fixtures again, to ensure no cookies are set
agent = await agentProvider.getAdminAPIAgent();
await fixtureManager.init();
});
afterEach(async function () {
mockLabsDisabled('staff2fa');
restore();
});
it('sends verification email if labs flag enabled', async function () {
const owner = await fixtureManager.get('users', 0);
await agent
.post('session/')
.body({
grant_type: 'password',
username: owner.email,
password: owner.password
})
.expectStatus(403)
.matchBodySnapshot({
errors: [{
code: '2FA_TOKEN_REQUIRED',
id: anyUuid,
message: 'User must verify session to login.',
type: 'Needs2FAError'
}]
})
.matchHeaderSnapshot({
'content-version': anyContentVersion,
etag: anyEtag,
'set-cookie': [
stringMatching(/^ghost-admin-api-session=/)
]
});
mail.assertSentEmailCount(1);
});
it('can verify a session with 2FA code', async function () {
const owner = await fixtureManager.get('users', 0);
await agent
.post('session/')
.body({
grant_type: 'password',
username: owner.email,
password: owner.password
})
.expectStatus(403)
.matchBodySnapshot({
errors: [{
code: '2FA_TOKEN_REQUIRED',
id: anyUuid,
message: 'User must verify session to login.',
type: 'Needs2FAError'
}]
})
.matchHeaderSnapshot({
'content-version': anyContentVersion,
etag: anyEtag,
'set-cookie': [
stringMatching(/^ghost-admin-api-session=/)
]
});
const email = assert.sentEmail({
subject: /[0-9]{6} is your Ghost sign in verification code/
});
const token = email.subject.match(/[0-9]{6}/)[0];
await agent
.post('session/verify')
.body({
token
})
.expectStatus(200)
.expectEmptyBody();
});
});
}); });

View file

@ -253,7 +253,7 @@ module.exports = function createSessionService({
await mailer.send({ await mailer.send({
to: recipient, to: recipient,
subject: `${token} is your Ghost signin verification code`, subject: `${token} is your Ghost sign in verification code`,
html: email html: email
}); });
} }