mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-20 22:42:53 -05:00
Added tests for sessions API with 2fa enabled
This commit is contained in:
parent
eef6c64131
commit
3ed1f6a8ca
3 changed files with 158 additions and 2 deletions
|
@ -1,5 +1,73 @@
|
|||
// Jest Snapshot v1, https://goo.gl/fbAQLP
|
||||
|
||||
exports[`Sessions API Staff 2FA can verify a session with 2FA code 1: [body] 1`] = `
|
||||
Object {
|
||||
"errors": Array [
|
||||
Object {
|
||||
"code": "2FA_TOKEN_REQUIRED",
|
||||
"context": null,
|
||||
"details": null,
|
||||
"ghostErrorCode": null,
|
||||
"help": null,
|
||||
"id": StringMatching /\\[a-f0-9\\]\\{8\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{12\\}/,
|
||||
"message": "User must verify session to login.",
|
||||
"property": null,
|
||||
"type": "Needs2FAError",
|
||||
},
|
||||
],
|
||||
}
|
||||
`;
|
||||
|
||||
exports[`Sessions API Staff 2FA can verify a session with 2FA code 2: [headers] 1`] = `
|
||||
Object {
|
||||
"access-control-allow-origin": "http://127.0.0.1:2369",
|
||||
"cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0",
|
||||
"content-length": "236",
|
||||
"content-type": "application/json; charset=utf-8",
|
||||
"content-version": StringMatching /v\\\\d\\+\\\\\\.\\\\d\\+/,
|
||||
"etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/,
|
||||
"set-cookie": Array [
|
||||
"ghost-admin-api-session=s%3AMgHbIHAiCElZ5ifcN6r2oqSZwQNZV9Px.AtWhxBoc2aXXmX8GdWikxDyflgYWJNdHqr1twJRN3oU; Path=/ghost; Expires=Thu, 17 Apr 2025 02:10:39 GMT; HttpOnly; SameSite=Lax",
|
||||
],
|
||||
"vary": "Accept-Version, Origin, Accept-Encoding",
|
||||
"x-powered-by": "Express",
|
||||
}
|
||||
`;
|
||||
|
||||
exports[`Sessions API Staff 2FA sends verification email if labs flag enabled 1: [body] 1`] = `
|
||||
Object {
|
||||
"errors": Array [
|
||||
Object {
|
||||
"code": "2FA_TOKEN_REQUIRED",
|
||||
"context": null,
|
||||
"details": null,
|
||||
"ghostErrorCode": null,
|
||||
"help": null,
|
||||
"id": StringMatching /\\[a-f0-9\\]\\{8\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{12\\}/,
|
||||
"message": "User must verify session to login.",
|
||||
"property": null,
|
||||
"type": "Needs2FAError",
|
||||
},
|
||||
],
|
||||
}
|
||||
`;
|
||||
|
||||
exports[`Sessions API Staff 2FA sends verification email if labs flag enabled 2: [headers] 1`] = `
|
||||
Object {
|
||||
"access-control-allow-origin": "http://127.0.0.1:2369",
|
||||
"cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0",
|
||||
"content-length": "236",
|
||||
"content-type": "application/json; charset=utf-8",
|
||||
"content-version": StringMatching /v\\\\d\\+\\\\\\.\\\\d\\+/,
|
||||
"etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/,
|
||||
"set-cookie": Array [
|
||||
StringMatching /\\^ghost-admin-api-session=/,
|
||||
],
|
||||
"vary": "Accept-Version, Origin, Accept-Encoding",
|
||||
"x-powered-by": "Express",
|
||||
}
|
||||
`;
|
||||
|
||||
exports[`Sessions API can create session (log in) 1: [headers] 1`] = `
|
||||
Object {
|
||||
"access-control-allow-origin": "http://127.0.0.1:2369",
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
const {agentProvider, fixtureManager, matchers} = require('../../utils/e2e-framework');
|
||||
const {anyContentVersion, anyEtag, anyErrorId, stringMatching, anyISODateTime} = matchers;
|
||||
const {mockLabsEnabled, mockLabsDisabled, mockMail, assert, restore} = require('../../utils/e2e-framework-mock-manager');
|
||||
const {anyContentVersion, anyEtag, anyErrorId, stringMatching, anyISODateTime, anyUuid} = matchers;
|
||||
|
||||
describe('Sessions API', function () {
|
||||
let agent;
|
||||
|
@ -73,4 +74,91 @@ describe('Sessions API', function () {
|
|||
etag: anyEtag
|
||||
});
|
||||
});
|
||||
|
||||
describe('Staff 2FA', function () {
|
||||
let mail;
|
||||
|
||||
beforeEach(async function () {
|
||||
mockLabsEnabled('staff2fa');
|
||||
mail = mockMail();
|
||||
|
||||
// Setup the agent & fixtures again, to ensure no cookies are set
|
||||
agent = await agentProvider.getAdminAPIAgent();
|
||||
await fixtureManager.init();
|
||||
});
|
||||
|
||||
afterEach(async function () {
|
||||
mockLabsDisabled('staff2fa');
|
||||
restore();
|
||||
});
|
||||
|
||||
it('sends verification email if labs flag enabled', async function () {
|
||||
const owner = await fixtureManager.get('users', 0);
|
||||
await agent
|
||||
.post('session/')
|
||||
.body({
|
||||
grant_type: 'password',
|
||||
username: owner.email,
|
||||
password: owner.password
|
||||
})
|
||||
.expectStatus(403)
|
||||
.matchBodySnapshot({
|
||||
errors: [{
|
||||
code: '2FA_TOKEN_REQUIRED',
|
||||
id: anyUuid,
|
||||
message: 'User must verify session to login.',
|
||||
type: 'Needs2FAError'
|
||||
}]
|
||||
})
|
||||
.matchHeaderSnapshot({
|
||||
'content-version': anyContentVersion,
|
||||
etag: anyEtag,
|
||||
'set-cookie': [
|
||||
stringMatching(/^ghost-admin-api-session=/)
|
||||
]
|
||||
});
|
||||
|
||||
mail.assertSentEmailCount(1);
|
||||
});
|
||||
|
||||
it('can verify a session with 2FA code', async function () {
|
||||
const owner = await fixtureManager.get('users', 0);
|
||||
await agent
|
||||
.post('session/')
|
||||
.body({
|
||||
grant_type: 'password',
|
||||
username: owner.email,
|
||||
password: owner.password
|
||||
})
|
||||
.expectStatus(403)
|
||||
.matchBodySnapshot({
|
||||
errors: [{
|
||||
code: '2FA_TOKEN_REQUIRED',
|
||||
id: anyUuid,
|
||||
message: 'User must verify session to login.',
|
||||
type: 'Needs2FAError'
|
||||
}]
|
||||
})
|
||||
.matchHeaderSnapshot({
|
||||
'content-version': anyContentVersion,
|
||||
etag: anyEtag,
|
||||
'set-cookie': [
|
||||
stringMatching(/^ghost-admin-api-session=/)
|
||||
]
|
||||
});
|
||||
|
||||
const email = assert.sentEmail({
|
||||
subject: /[0-9]{6} is your Ghost sign in verification code/
|
||||
});
|
||||
|
||||
const token = email.subject.match(/[0-9]{6}/)[0];
|
||||
await agent
|
||||
.post('session/verify')
|
||||
.body({
|
||||
token
|
||||
})
|
||||
.expectStatus(200)
|
||||
.expectEmptyBody();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
|
@ -253,7 +253,7 @@ module.exports = function createSessionService({
|
|||
|
||||
await mailer.send({
|
||||
to: recipient,
|
||||
subject: `${token} is your Ghost signin verification code`,
|
||||
subject: `${token} is your Ghost sign in verification code`,
|
||||
html: email
|
||||
});
|
||||
}
|
||||
|
|
Loading…
Add table
Reference in a new issue