0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-03-17 22:31:28 -05:00

fix(core): verify an empty string password should return 400 instead of 500 (#3939)

* fix(core): verify an empty string password should return 400 instead of 500

* test(core,test): add unit and integration tests for verify password api
This commit is contained in:
Charles Zhao 2023-06-01 15:10:21 +08:00 committed by GitHub
parent b1e048772c
commit 1d7330835c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 36 additions and 2 deletions

View file

@ -319,6 +319,14 @@ describe('adminUserRoutes', () => {
expect(response.status).toEqual(204);
});
it('POST /users/:userId/password/verify should throw 400 if password is empty', async () => {
const password = '';
await expect(
userRequest.post(`/users/foo/password/verify`).send({ password })
).resolves.toHaveProperty('status', 400);
expect(verifyUserPassword).not.toHaveBeenCalled();
});
it('POST /users/:userId/password/verify should throw if password is invalid', async () => {
const password = 'invalidPassword';
verifyUserPassword.mockImplementationOnce(async () => {

View file

@ -212,8 +212,8 @@ export default function adminUserRoutes<T extends AuthedRouter>(
'/users/:userId/password/verify',
koaGuard({
params: object({ userId: string() }),
body: object({ password: string() }),
status: [204],
body: object({ password: string().min(1) }),
status: [204, 404, 422],
}),
async (ctx, next) => {
const {

View file

@ -65,3 +65,6 @@ export const postUserIdentity = async (
},
})
.json<Identities>();
export const verifyUserPassword = async (userId: string, password: string) =>
authedAdminApi.post(`users/${userId}/password/verify`, { json: { password } });

View file

@ -15,6 +15,7 @@ import {
getConnectorAuthorizationUri,
deleteConnectorById,
postUserIdentity,
verifyUserPassword,
} from '#src/api/index.js';
import { createResponseWithCode } from '#src/helpers/admin-tenant.js';
import { createUserByAdmin } from '#src/helpers/index.js';
@ -161,4 +162,26 @@ describe('admin console user management', () => {
await deleteConnectorById(connectorId);
});
it('should return 204 if password is correct', async () => {
const user = await createUserByAdmin(undefined, 'new_password');
expect(await verifyUserPassword(user.id, 'new_password')).toHaveProperty('statusCode', 204);
void deleteUser(user.id);
});
it('should return 422 if password is incorrect', async () => {
const user = await createUserByAdmin(undefined, 'new_password');
await expect(verifyUserPassword(user.id, 'wrong_password')).rejects.toMatchObject(
createResponseWithCode(422)
);
void deleteUser(user.id);
});
it('should return 400 if password is empty', async () => {
const user = await createUserByAdmin();
await expect(verifyUserPassword(user.id, '')).rejects.toMatchObject(
createResponseWithCode(400)
);
void deleteUser(user.id);
});
});