mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-20 22:42:53 -05:00
Added tests for sessions API with 2fa enabled
This commit is contained in:
parent
eef6c64131
commit
3ed1f6a8ca
3 changed files with 158 additions and 2 deletions
|
@ -1,5 +1,73 @@
|
||||||
// Jest Snapshot v1, https://goo.gl/fbAQLP
|
// Jest Snapshot v1, https://goo.gl/fbAQLP
|
||||||
|
|
||||||
|
exports[`Sessions API Staff 2FA can verify a session with 2FA code 1: [body] 1`] = `
|
||||||
|
Object {
|
||||||
|
"errors": Array [
|
||||||
|
Object {
|
||||||
|
"code": "2FA_TOKEN_REQUIRED",
|
||||||
|
"context": null,
|
||||||
|
"details": null,
|
||||||
|
"ghostErrorCode": null,
|
||||||
|
"help": null,
|
||||||
|
"id": StringMatching /\\[a-f0-9\\]\\{8\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{12\\}/,
|
||||||
|
"message": "User must verify session to login.",
|
||||||
|
"property": null,
|
||||||
|
"type": "Needs2FAError",
|
||||||
|
},
|
||||||
|
],
|
||||||
|
}
|
||||||
|
`;
|
||||||
|
|
||||||
|
exports[`Sessions API Staff 2FA can verify a session with 2FA code 2: [headers] 1`] = `
|
||||||
|
Object {
|
||||||
|
"access-control-allow-origin": "http://127.0.0.1:2369",
|
||||||
|
"cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0",
|
||||||
|
"content-length": "236",
|
||||||
|
"content-type": "application/json; charset=utf-8",
|
||||||
|
"content-version": StringMatching /v\\\\d\\+\\\\\\.\\\\d\\+/,
|
||||||
|
"etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/,
|
||||||
|
"set-cookie": Array [
|
||||||
|
"ghost-admin-api-session=s%3AMgHbIHAiCElZ5ifcN6r2oqSZwQNZV9Px.AtWhxBoc2aXXmX8GdWikxDyflgYWJNdHqr1twJRN3oU; Path=/ghost; Expires=Thu, 17 Apr 2025 02:10:39 GMT; HttpOnly; SameSite=Lax",
|
||||||
|
],
|
||||||
|
"vary": "Accept-Version, Origin, Accept-Encoding",
|
||||||
|
"x-powered-by": "Express",
|
||||||
|
}
|
||||||
|
`;
|
||||||
|
|
||||||
|
exports[`Sessions API Staff 2FA sends verification email if labs flag enabled 1: [body] 1`] = `
|
||||||
|
Object {
|
||||||
|
"errors": Array [
|
||||||
|
Object {
|
||||||
|
"code": "2FA_TOKEN_REQUIRED",
|
||||||
|
"context": null,
|
||||||
|
"details": null,
|
||||||
|
"ghostErrorCode": null,
|
||||||
|
"help": null,
|
||||||
|
"id": StringMatching /\\[a-f0-9\\]\\{8\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{12\\}/,
|
||||||
|
"message": "User must verify session to login.",
|
||||||
|
"property": null,
|
||||||
|
"type": "Needs2FAError",
|
||||||
|
},
|
||||||
|
],
|
||||||
|
}
|
||||||
|
`;
|
||||||
|
|
||||||
|
exports[`Sessions API Staff 2FA sends verification email if labs flag enabled 2: [headers] 1`] = `
|
||||||
|
Object {
|
||||||
|
"access-control-allow-origin": "http://127.0.0.1:2369",
|
||||||
|
"cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0",
|
||||||
|
"content-length": "236",
|
||||||
|
"content-type": "application/json; charset=utf-8",
|
||||||
|
"content-version": StringMatching /v\\\\d\\+\\\\\\.\\\\d\\+/,
|
||||||
|
"etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/,
|
||||||
|
"set-cookie": Array [
|
||||||
|
StringMatching /\\^ghost-admin-api-session=/,
|
||||||
|
],
|
||||||
|
"vary": "Accept-Version, Origin, Accept-Encoding",
|
||||||
|
"x-powered-by": "Express",
|
||||||
|
}
|
||||||
|
`;
|
||||||
|
|
||||||
exports[`Sessions API can create session (log in) 1: [headers] 1`] = `
|
exports[`Sessions API can create session (log in) 1: [headers] 1`] = `
|
||||||
Object {
|
Object {
|
||||||
"access-control-allow-origin": "http://127.0.0.1:2369",
|
"access-control-allow-origin": "http://127.0.0.1:2369",
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
const {agentProvider, fixtureManager, matchers} = require('../../utils/e2e-framework');
|
const {agentProvider, fixtureManager, matchers} = require('../../utils/e2e-framework');
|
||||||
const {anyContentVersion, anyEtag, anyErrorId, stringMatching, anyISODateTime} = matchers;
|
const {mockLabsEnabled, mockLabsDisabled, mockMail, assert, restore} = require('../../utils/e2e-framework-mock-manager');
|
||||||
|
const {anyContentVersion, anyEtag, anyErrorId, stringMatching, anyISODateTime, anyUuid} = matchers;
|
||||||
|
|
||||||
describe('Sessions API', function () {
|
describe('Sessions API', function () {
|
||||||
let agent;
|
let agent;
|
||||||
|
@ -73,4 +74,91 @@ describe('Sessions API', function () {
|
||||||
etag: anyEtag
|
etag: anyEtag
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
describe('Staff 2FA', function () {
|
||||||
|
let mail;
|
||||||
|
|
||||||
|
beforeEach(async function () {
|
||||||
|
mockLabsEnabled('staff2fa');
|
||||||
|
mail = mockMail();
|
||||||
|
|
||||||
|
// Setup the agent & fixtures again, to ensure no cookies are set
|
||||||
|
agent = await agentProvider.getAdminAPIAgent();
|
||||||
|
await fixtureManager.init();
|
||||||
|
});
|
||||||
|
|
||||||
|
afterEach(async function () {
|
||||||
|
mockLabsDisabled('staff2fa');
|
||||||
|
restore();
|
||||||
|
});
|
||||||
|
|
||||||
|
it('sends verification email if labs flag enabled', async function () {
|
||||||
|
const owner = await fixtureManager.get('users', 0);
|
||||||
|
await agent
|
||||||
|
.post('session/')
|
||||||
|
.body({
|
||||||
|
grant_type: 'password',
|
||||||
|
username: owner.email,
|
||||||
|
password: owner.password
|
||||||
|
})
|
||||||
|
.expectStatus(403)
|
||||||
|
.matchBodySnapshot({
|
||||||
|
errors: [{
|
||||||
|
code: '2FA_TOKEN_REQUIRED',
|
||||||
|
id: anyUuid,
|
||||||
|
message: 'User must verify session to login.',
|
||||||
|
type: 'Needs2FAError'
|
||||||
|
}]
|
||||||
|
})
|
||||||
|
.matchHeaderSnapshot({
|
||||||
|
'content-version': anyContentVersion,
|
||||||
|
etag: anyEtag,
|
||||||
|
'set-cookie': [
|
||||||
|
stringMatching(/^ghost-admin-api-session=/)
|
||||||
|
]
|
||||||
|
});
|
||||||
|
|
||||||
|
mail.assertSentEmailCount(1);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('can verify a session with 2FA code', async function () {
|
||||||
|
const owner = await fixtureManager.get('users', 0);
|
||||||
|
await agent
|
||||||
|
.post('session/')
|
||||||
|
.body({
|
||||||
|
grant_type: 'password',
|
||||||
|
username: owner.email,
|
||||||
|
password: owner.password
|
||||||
|
})
|
||||||
|
.expectStatus(403)
|
||||||
|
.matchBodySnapshot({
|
||||||
|
errors: [{
|
||||||
|
code: '2FA_TOKEN_REQUIRED',
|
||||||
|
id: anyUuid,
|
||||||
|
message: 'User must verify session to login.',
|
||||||
|
type: 'Needs2FAError'
|
||||||
|
}]
|
||||||
|
})
|
||||||
|
.matchHeaderSnapshot({
|
||||||
|
'content-version': anyContentVersion,
|
||||||
|
etag: anyEtag,
|
||||||
|
'set-cookie': [
|
||||||
|
stringMatching(/^ghost-admin-api-session=/)
|
||||||
|
]
|
||||||
|
});
|
||||||
|
|
||||||
|
const email = assert.sentEmail({
|
||||||
|
subject: /[0-9]{6} is your Ghost sign in verification code/
|
||||||
|
});
|
||||||
|
|
||||||
|
const token = email.subject.match(/[0-9]{6}/)[0];
|
||||||
|
await agent
|
||||||
|
.post('session/verify')
|
||||||
|
.body({
|
||||||
|
token
|
||||||
|
})
|
||||||
|
.expectStatus(200)
|
||||||
|
.expectEmptyBody();
|
||||||
|
});
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
|
@ -253,7 +253,7 @@ module.exports = function createSessionService({
|
||||||
|
|
||||||
await mailer.send({
|
await mailer.send({
|
||||||
to: recipient,
|
to: recipient,
|
||||||
subject: `${token} is your Ghost signin verification code`,
|
subject: `${token} is your Ghost sign in verification code`,
|
||||||
html: email
|
html: email
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Reference in a new issue