mirror of
https://github.com/logto-io/logto.git
synced 2025-03-17 22:31:28 -05:00
fix(core): verify an empty string password should return 400 instead of 500 (#3939)
* fix(core): verify an empty string password should return 400 instead of 500 * test(core,test): add unit and integration tests for verify password api
This commit is contained in:
parent
b1e048772c
commit
1d7330835c
4 changed files with 36 additions and 2 deletions
|
@ -319,6 +319,14 @@ describe('adminUserRoutes', () => {
|
|||
expect(response.status).toEqual(204);
|
||||
});
|
||||
|
||||
it('POST /users/:userId/password/verify should throw 400 if password is empty', async () => {
|
||||
const password = '';
|
||||
await expect(
|
||||
userRequest.post(`/users/foo/password/verify`).send({ password })
|
||||
).resolves.toHaveProperty('status', 400);
|
||||
expect(verifyUserPassword).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('POST /users/:userId/password/verify should throw if password is invalid', async () => {
|
||||
const password = 'invalidPassword';
|
||||
verifyUserPassword.mockImplementationOnce(async () => {
|
||||
|
|
|
@ -212,8 +212,8 @@ export default function adminUserRoutes<T extends AuthedRouter>(
|
|||
'/users/:userId/password/verify',
|
||||
koaGuard({
|
||||
params: object({ userId: string() }),
|
||||
body: object({ password: string() }),
|
||||
status: [204],
|
||||
body: object({ password: string().min(1) }),
|
||||
status: [204, 404, 422],
|
||||
}),
|
||||
async (ctx, next) => {
|
||||
const {
|
||||
|
|
|
@ -65,3 +65,6 @@ export const postUserIdentity = async (
|
|||
},
|
||||
})
|
||||
.json<Identities>();
|
||||
|
||||
export const verifyUserPassword = async (userId: string, password: string) =>
|
||||
authedAdminApi.post(`users/${userId}/password/verify`, { json: { password } });
|
||||
|
|
|
@ -15,6 +15,7 @@ import {
|
|||
getConnectorAuthorizationUri,
|
||||
deleteConnectorById,
|
||||
postUserIdentity,
|
||||
verifyUserPassword,
|
||||
} from '#src/api/index.js';
|
||||
import { createResponseWithCode } from '#src/helpers/admin-tenant.js';
|
||||
import { createUserByAdmin } from '#src/helpers/index.js';
|
||||
|
@ -161,4 +162,26 @@ describe('admin console user management', () => {
|
|||
|
||||
await deleteConnectorById(connectorId);
|
||||
});
|
||||
|
||||
it('should return 204 if password is correct', async () => {
|
||||
const user = await createUserByAdmin(undefined, 'new_password');
|
||||
expect(await verifyUserPassword(user.id, 'new_password')).toHaveProperty('statusCode', 204);
|
||||
void deleteUser(user.id);
|
||||
});
|
||||
|
||||
it('should return 422 if password is incorrect', async () => {
|
||||
const user = await createUserByAdmin(undefined, 'new_password');
|
||||
await expect(verifyUserPassword(user.id, 'wrong_password')).rejects.toMatchObject(
|
||||
createResponseWithCode(422)
|
||||
);
|
||||
void deleteUser(user.id);
|
||||
});
|
||||
|
||||
it('should return 400 if password is empty', async () => {
|
||||
const user = await createUserByAdmin();
|
||||
await expect(verifyUserPassword(user.id, '')).rejects.toMatchObject(
|
||||
createResponseWithCode(400)
|
||||
);
|
||||
void deleteUser(user.id);
|
||||
});
|
||||
});
|
||||
|
|
Loading…
Add table
Reference in a new issue