diff --git a/packages/core/src/routes/admin-user.test.ts b/packages/core/src/routes/admin-user.test.ts index b6eb7a460..c9a00005b 100644 --- a/packages/core/src/routes/admin-user.test.ts +++ b/packages/core/src/routes/admin-user.test.ts @@ -319,6 +319,14 @@ describe('adminUserRoutes', () => { expect(response.status).toEqual(204); }); + it('POST /users/:userId/password/verify should throw 400 if password is empty', async () => { + const password = ''; + await expect( + userRequest.post(`/users/foo/password/verify`).send({ password }) + ).resolves.toHaveProperty('status', 400); + expect(verifyUserPassword).not.toHaveBeenCalled(); + }); + it('POST /users/:userId/password/verify should throw if password is invalid', async () => { const password = 'invalidPassword'; verifyUserPassword.mockImplementationOnce(async () => { diff --git a/packages/core/src/routes/admin-user.ts b/packages/core/src/routes/admin-user.ts index 8d4150c69..a0d08bd3f 100644 --- a/packages/core/src/routes/admin-user.ts +++ b/packages/core/src/routes/admin-user.ts @@ -212,8 +212,8 @@ export default function adminUserRoutes( '/users/:userId/password/verify', koaGuard({ params: object({ userId: string() }), - body: object({ password: string() }), - status: [204], + body: object({ password: string().min(1) }), + status: [204, 404, 422], }), async (ctx, next) => { const { diff --git a/packages/integration-tests/src/api/admin-user.ts b/packages/integration-tests/src/api/admin-user.ts index 1748da9ec..30a542a60 100644 --- a/packages/integration-tests/src/api/admin-user.ts +++ b/packages/integration-tests/src/api/admin-user.ts @@ -65,3 +65,6 @@ export const postUserIdentity = async ( }, }) .json(); + +export const verifyUserPassword = async (userId: string, password: string) => + authedAdminApi.post(`users/${userId}/password/verify`, { json: { password } }); diff --git a/packages/integration-tests/src/tests/api/admin-user.test.ts b/packages/integration-tests/src/tests/api/admin-user.test.ts index a526e97e4..a9131bcdd 100644 --- a/packages/integration-tests/src/tests/api/admin-user.test.ts +++ b/packages/integration-tests/src/tests/api/admin-user.test.ts @@ -15,6 +15,7 @@ import { getConnectorAuthorizationUri, deleteConnectorById, postUserIdentity, + verifyUserPassword, } from '#src/api/index.js'; import { createResponseWithCode } from '#src/helpers/admin-tenant.js'; import { createUserByAdmin } from '#src/helpers/index.js'; @@ -161,4 +162,26 @@ describe('admin console user management', () => { await deleteConnectorById(connectorId); }); + + it('should return 204 if password is correct', async () => { + const user = await createUserByAdmin(undefined, 'new_password'); + expect(await verifyUserPassword(user.id, 'new_password')).toHaveProperty('statusCode', 204); + void deleteUser(user.id); + }); + + it('should return 422 if password is incorrect', async () => { + const user = await createUserByAdmin(undefined, 'new_password'); + await expect(verifyUserPassword(user.id, 'wrong_password')).rejects.toMatchObject( + createResponseWithCode(422) + ); + void deleteUser(user.id); + }); + + it('should return 400 if password is empty', async () => { + const user = await createUserByAdmin(); + await expect(verifyUserPassword(user.id, '')).rejects.toMatchObject( + createResponseWithCode(400) + ); + void deleteUser(user.id); + }); });