verdaccio/packages/web/test/api.user.test.ts

import path from 'path';
import supertest from 'supertest';

import { API_ERROR, HEADERS, HEADER_TYPE, HTTP_STATUS } from '@verdaccio/core';
import { setup } from '@verdaccio/logger';

import { initializeServer } from './helper';

setup([]);

const mockManifest = jest.fn();
jest.mock('@verdaccio/ui-theme', () => mockManifest());

describe('test web server', () => {
  beforeAll(() => {
    mockManifest.mockReturnValue(() => ({
      staticPath: path.join(__dirname, 'static'),
      manifestFiles: {
        js: ['runtime.js', 'vendors.js', 'main.js'],
      },
      manifest: require('./partials/manifest/manifest.json'),
    }));
  });

  afterEach(() => {
    jest.clearAllMocks();
    mockManifest.mockClear();
  });

  test('should get 401', async () => {
    return supertest(await initializeServer('default-test.yaml'))
      .post('/-/verdaccio/sec/login')
      .send(
        JSON.stringify({
          username: 'test',
          password: 'password1',
        })
      )
      .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
      .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
      .expect(HTTP_STATUS.UNAUTHORIZED)
      .then((response) => {
        expect(response.body.error).toEqual(API_ERROR.BAD_USERNAME_PASSWORD);
      });
  });

  test('should log in', async () => {
    return supertest(await initializeServer('default-test.yaml'))
      .post('/-/verdaccio/sec/login')
      .send(
        JSON.stringify({
          username: 'test',
          password: 'test',
        })
      )
      .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
      .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
      .expect(HEADERS.CACHE_CONTROL, 'no-cache, no-store')
      .expect(HTTP_STATUS.OK)
      .then((res) => {
        expect(res.body.error).toBeUndefined();
        expect(res.body.token).toBeDefined();
        expect(res.body.token).toBeTruthy();
        expect(res.body.username).toMatch('test');
      });
  });

  test('log in should be disabled', async () => {
    return supertest(await initializeServer('login-disabled.yaml'))
      .post('/-/verdaccio/sec/login')
      .send(
        JSON.stringify({
          username: 'test',
          password: 'test',
        })
      )
      .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
      .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
      .expect(HTTP_STATUS.CANNOT_HANDLE, JSON.stringify({ error: 'cannot handle this' }));
  });

  test('should change password', async () => {
    const oldPass = 'test';
    const newPass = 'new-pass';

    const api = supertest(await initializeServer('default-test.yaml'));

    // Login with the old password.
    const loginRes = await api
      .post('/-/verdaccio/sec/login')
      .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
      .send(
        JSON.stringify({
          username: 'test',
          password: oldPass,
        })
      )
      .expect(HTTP_STATUS.OK);

    // Change the password.
    await api
      .put('/-/verdaccio/sec/reset_password')
      .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
      .set(HEADER_TYPE.AUTHORIZATION, `Bearer ${loginRes.body.token}`)
      .send(
        JSON.stringify({
          password: {
            old: oldPass,
            new: newPass,
          },
        })
      )
      .expect(HTTP_STATUS.OK);

    // Verify that you cannot login with the old password.
    await api
      .post('/-/verdaccio/sec/login')
      .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
      .send(
        JSON.stringify({
          username: 'test',
          password: oldPass,
        })
      )
      .expect(HTTP_STATUS.UNAUTHORIZED);

    // Verify that you can login with the new password.
    await api
      .post('/-/verdaccio/sec/login')
      .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
      .send(
        JSON.stringify({
          username: 'test',
          password: newPass,
        })
      )
      .expect(HTTP_STATUS.OK);
  });

  test('should not change to invalid password', async () => {
    const oldPass = 'test';
    const newPass = '12'; // Invalid password: Too short.

    const api = supertest(await initializeServer('default-test.yaml'));

    // Login with the old password.
    const loginRes = await api
      .post('/-/verdaccio/sec/login')
      .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
      .send(
        JSON.stringify({
          username: 'test',
          password: oldPass,
        })
      )
      .expect(HTTP_STATUS.OK);

    // Try changing to an invalid password.
    await api
      .put('/-/verdaccio/sec/reset_password')
      .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
      .set(HEADER_TYPE.AUTHORIZATION, `Bearer ${loginRes.body.token}`)
      .send(
        JSON.stringify({
          password: {
            old: oldPass,
            new: newPass,
          },
        })
      )
      .expect(HTTP_STATUS.BAD_REQUEST);

    // Verify that you cannot login with the new (invalid) password.
    await api
      .post('/-/verdaccio/sec/login')
      .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
      .send(
        JSON.stringify({
          username: 'test',
          password: newPass,
        })
      )
      .expect(HTTP_STATUS.UNAUTHORIZED);

    // Verify that you can still login with the old password.
    await api
      .post('/-/verdaccio/sec/login')
      .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
      .send(
        JSON.stringify({
          username: 'test',
          password: oldPass,
        })
      )
      .expect(HTTP_STATUS.OK);
  });

  test('should not change password if flag is disabled', async () => {
    const oldPass = 'test';
    const newPass = 'new-pass';

    const api = supertest(await initializeServer('change-password-disabled.yaml'));

    // Login with the old password.
    const loginRes = await api
      .post('/-/verdaccio/sec/login')
      .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
      .send(
        JSON.stringify({
          username: 'test',
          password: oldPass,
        })
      )
      .expect(HTTP_STATUS.OK);

    // Try changing the password.
    await api
      .put('/-/verdaccio/sec/reset_password')
      .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
      .set(HEADER_TYPE.AUTHORIZATION, `Bearer ${loginRes.body.token}`)
      .send(
        JSON.stringify({
          password: {
            old: oldPass,
            new: newPass,
          },
        })
      )
      .expect(HTTP_STATUS.CANNOT_HANDLE);

    // Verify that you cannot login with the new (rejected) password.
    await api
      .post('/-/verdaccio/sec/login')
      .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
      .send(
        JSON.stringify({
          username: 'test',
          password: newPass,
        })
      )
      .expect(HTTP_STATUS.UNAUTHORIZED);

    // Verify that you can still login with the old password.
    await api
      .post('/-/verdaccio/sec/login')
      .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
      .send(
        JSON.stringify({
          username: 'test',
          password: oldPass,
        })
      )
      .expect(HTTP_STATUS.OK);
  });
});
feat: flexible user interface generator (#2070) * feat: flexible template generator and manifest * chore: add changeset * chore: restore dep * chore: add docs * chore: update snapshots * chore: update docker examples for v5 * chore: refactor web module * chore: format * chore: refactor web api endpoints * test: add test for user login web * chore: refactor endpoints * chore: fix merge * chore: fix merge * Update ci.yml * chore: test * chore: add static * chore: update script * chore: fix e2e * chore: fix method * docs: update v5 relative docker example * chore: update html render * chore: update style * Update .prettierignore * chore: update changeset * chore: use pnpm6 on run test temporary ci * chore: drop node 16 for pnpm 6 * chore: update ci * chore: update ci * chore: update ci * chore: update ci * chore: remove circle ci * chore: better url prefix handling * chore: format code * chore: remove test node 10 * docs: add docker v5 relative revers proxy example * chore: use base html tag * chore: update test 2021-03-06 12:56:45 -05:00			`import path from 'path';`
			`import supertest from 'supertest';`
#2606 add prettier plugin sort imports (#2607) * #2606 add prettier plugin sort imprts * #2606 update pnpm-lock.yaml * #2606 update eslint rules * #2606 fixes website directory formatting Co-authored-by: Ayush Sharma <ayush.sharma@trivago.com> 2021-10-29 10:33:05 -05:00
			`import { API_ERROR, HEADERS, HEADER_TYPE, HTTP_STATUS } from '@verdaccio/core';`
feat: flexible user interface generator (#2070) * feat: flexible template generator and manifest * chore: add changeset * chore: restore dep * chore: add docs * chore: update snapshots * chore: update docker examples for v5 * chore: refactor web module * chore: format * chore: refactor web api endpoints * test: add test for user login web * chore: refactor endpoints * chore: fix merge * chore: fix merge * Update ci.yml * chore: test * chore: add static * chore: update script * chore: fix e2e * chore: fix method * docs: update v5 relative docker example * chore: update html render * chore: update style * Update .prettierignore * chore: update changeset * chore: use pnpm6 on run test temporary ci * chore: drop node 16 for pnpm 6 * chore: update ci * chore: update ci * chore: update ci * chore: update ci * chore: remove circle ci * chore: better url prefix handling * chore: format code * chore: remove test node 10 * docs: add docker v5 relative revers proxy example * chore: use base html tag * chore: update test 2021-03-06 12:56:45 -05:00			`import { setup } from '@verdaccio/logger';`
#2606 add prettier plugin sort imports (#2607) * #2606 add prettier plugin sort imprts * #2606 update pnpm-lock.yaml * #2606 update eslint rules * #2606 fixes website directory formatting Co-authored-by: Ayush Sharma <ayush.sharma@trivago.com> 2021-10-29 10:33:05 -05:00
feat: flexible user interface generator (#2070) * feat: flexible template generator and manifest * chore: add changeset * chore: restore dep * chore: add docs * chore: update snapshots * chore: update docker examples for v5 * chore: refactor web module * chore: format * chore: refactor web api endpoints * test: add test for user login web * chore: refactor endpoints * chore: fix merge * chore: fix merge * Update ci.yml * chore: test * chore: add static * chore: update script * chore: fix e2e * chore: fix method * docs: update v5 relative docker example * chore: update html render * chore: update style * Update .prettierignore * chore: update changeset * chore: use pnpm6 on run test temporary ci * chore: drop node 16 for pnpm 6 * chore: update ci * chore: update ci * chore: update ci * chore: update ci * chore: remove circle ci * chore: better url prefix handling * chore: format code * chore: remove test node 10 * docs: add docker v5 relative revers proxy example * chore: use base html tag * chore: update test 2021-03-06 12:56:45 -05:00			`import { initializeServer } from './helper';`

			`setup([]);`

			`const mockManifest = jest.fn();`
			`jest.mock('@verdaccio/ui-theme', () => mockManifest());`

			`describe('test web server', () => {`
			`beforeAll(() => {`
chore: update with master (#2158) 2021-04-02 08:59:47 -05:00			`mockManifest.mockReturnValue(() => ({`
			`staticPath: path.join(__dirname, 'static'),`
			`manifestFiles: {`
			`js: ['runtime.js', 'vendors.js', 'main.js'],`
			`},`
feat: flexible user interface generator (#2070) * feat: flexible template generator and manifest * chore: add changeset * chore: restore dep * chore: add docs * chore: update snapshots * chore: update docker examples for v5 * chore: refactor web module * chore: format * chore: refactor web api endpoints * test: add test for user login web * chore: refactor endpoints * chore: fix merge * chore: fix merge * Update ci.yml * chore: test * chore: add static * chore: update script * chore: fix e2e * chore: fix method * docs: update v5 relative docker example * chore: update html render * chore: update style * Update .prettierignore * chore: update changeset * chore: use pnpm6 on run test temporary ci * chore: drop node 16 for pnpm 6 * chore: update ci * chore: update ci * chore: update ci * chore: update ci * chore: remove circle ci * chore: better url prefix handling * chore: format code * chore: remove test node 10 * docs: add docker v5 relative revers proxy example * chore: use base html tag * chore: update test 2021-03-06 12:56:45 -05:00			`manifest: require('./partials/manifest/manifest.json'),`
chore: update with master (#2158) 2021-04-02 08:59:47 -05:00			`}));`
feat: flexible user interface generator (#2070) * feat: flexible template generator and manifest * chore: add changeset * chore: restore dep * chore: add docs * chore: update snapshots * chore: update docker examples for v5 * chore: refactor web module * chore: format * chore: refactor web api endpoints * test: add test for user login web * chore: refactor endpoints * chore: fix merge * chore: fix merge * Update ci.yml * chore: test * chore: add static * chore: update script * chore: fix e2e * chore: fix method * docs: update v5 relative docker example * chore: update html render * chore: update style * Update .prettierignore * chore: update changeset * chore: use pnpm6 on run test temporary ci * chore: drop node 16 for pnpm 6 * chore: update ci * chore: update ci * chore: update ci * chore: update ci * chore: remove circle ci * chore: better url prefix handling * chore: format code * chore: remove test node 10 * docs: add docker v5 relative revers proxy example * chore: use base html tag * chore: update test 2021-03-06 12:56:45 -05:00			`});`

			`afterEach(() => {`
			`jest.clearAllMocks();`
			`mockManifest.mockClear();`
			`});`

			`test('should get 401', async () => {`
			`return supertest(await initializeServer('default-test.yaml'))`
feat: align with v5 ui endpoints and ui small bugfix (#2913) * fix: language switch position issue * align with v5 endpoints for web * fix: endpoints * add changeset * fix test * fix test 2022-01-15 14:12:28 -05:00			`.post('/-/verdaccio/sec/login')`
feat: flexible user interface generator (#2070) * feat: flexible template generator and manifest * chore: add changeset * chore: restore dep * chore: add docs * chore: update snapshots * chore: update docker examples for v5 * chore: refactor web module * chore: format * chore: refactor web api endpoints * test: add test for user login web * chore: refactor endpoints * chore: fix merge * chore: fix merge * Update ci.yml * chore: test * chore: add static * chore: update script * chore: fix e2e * chore: fix method * docs: update v5 relative docker example * chore: update html render * chore: update style * Update .prettierignore * chore: update changeset * chore: use pnpm6 on run test temporary ci * chore: drop node 16 for pnpm 6 * chore: update ci * chore: update ci * chore: update ci * chore: update ci * chore: remove circle ci * chore: better url prefix handling * chore: format code * chore: remove test node 10 * docs: add docker v5 relative revers proxy example * chore: use base html tag * chore: update test 2021-03-06 12:56:45 -05:00			`.send(`
			`JSON.stringify({`
			`username: 'test',`
			`password: 'password1',`
			`})`
			`)`
			`.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)`
			`.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)`
			`.expect(HTTP_STATUS.UNAUTHORIZED)`
			`.then((response) => {`
			`expect(response.body.error).toEqual(API_ERROR.BAD_USERNAME_PASSWORD);`
			`});`
			`});`

			`test('should log in', async () => {`
			`return supertest(await initializeServer('default-test.yaml'))`
feat: align with v5 ui endpoints and ui small bugfix (#2913) * fix: language switch position issue * align with v5 endpoints for web * fix: endpoints * add changeset * fix test * fix test 2022-01-15 14:12:28 -05:00			`.post('/-/verdaccio/sec/login')`
feat: flexible user interface generator (#2070) * feat: flexible template generator and manifest * chore: add changeset * chore: restore dep * chore: add docs * chore: update snapshots * chore: update docker examples for v5 * chore: refactor web module * chore: format * chore: refactor web api endpoints * test: add test for user login web * chore: refactor endpoints * chore: fix merge * chore: fix merge * Update ci.yml * chore: test * chore: add static * chore: update script * chore: fix e2e * chore: fix method * docs: update v5 relative docker example * chore: update html render * chore: update style * Update .prettierignore * chore: update changeset * chore: use pnpm6 on run test temporary ci * chore: drop node 16 for pnpm 6 * chore: update ci * chore: update ci * chore: update ci * chore: update ci * chore: remove circle ci * chore: better url prefix handling * chore: format code * chore: remove test node 10 * docs: add docker v5 relative revers proxy example * chore: use base html tag * chore: update test 2021-03-06 12:56:45 -05:00			`.send(`
			`JSON.stringify({`
			`username: 'test',`
			`password: 'test',`
			`})`
			`)`
			`.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)`
			`.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)`
chore: move improvements from v5 to v6 (#3461) * chore: migrate #3158 to v6 * chore: migrate #3151 to v6k * chore: migrate #2787 to v6 * chore: migrate #2791 #2205 to v6 * chore: add changeset 2022-10-28 16:38:22 -05:00			`.expect(HEADERS.CACHE_CONTROL, 'no-cache, no-store')`
feat: flexible user interface generator (#2070) * feat: flexible template generator and manifest * chore: add changeset * chore: restore dep * chore: add docs * chore: update snapshots * chore: update docker examples for v5 * chore: refactor web module * chore: format * chore: refactor web api endpoints * test: add test for user login web * chore: refactor endpoints * chore: fix merge * chore: fix merge * Update ci.yml * chore: test * chore: add static * chore: update script * chore: fix e2e * chore: fix method * docs: update v5 relative docker example * chore: update html render * chore: update style * Update .prettierignore * chore: update changeset * chore: use pnpm6 on run test temporary ci * chore: drop node 16 for pnpm 6 * chore: update ci * chore: update ci * chore: update ci * chore: update ci * chore: remove circle ci * chore: better url prefix handling * chore: format code * chore: remove test node 10 * docs: add docker v5 relative revers proxy example * chore: use base html tag * chore: update test 2021-03-06 12:56:45 -05:00			`.expect(HTTP_STATUS.OK)`
			`.then((res) => {`
			`expect(res.body.error).toBeUndefined();`
			`expect(res.body.token).toBeDefined();`
			`expect(res.body.token).toBeTruthy();`
			`expect(res.body.username).toMatch('test');`
			`});`
			`});`

test(unit): fix test for disabling web login (#3848) 2023-05-31 10:58:58 -05:00			`test('log in should be disabled', async () => {`
feat: allow disable login on ui (#2228) 2021-05-05 16:23:03 -05:00			`return supertest(await initializeServer('login-disabled.yaml'))`
feat: align with v5 ui endpoints and ui small bugfix (#2913) * fix: language switch position issue * align with v5 endpoints for web * fix: endpoints * add changeset * fix test * fix test 2022-01-15 14:12:28 -05:00			`.post('/-/verdaccio/sec/login')`
feat: allow disable login on ui (#2228) 2021-05-05 16:23:03 -05:00			`.send(`
			`JSON.stringify({`
			`username: 'test',`
			`password: 'test',`
			`})`
			`)`
			`.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)`
test(unit): fix test for disabling web login (#3848) 2023-05-31 10:58:58 -05:00			`.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)`
			`.expect(HTTP_STATUS.CANNOT_HANDLE, JSON.stringify({ error: 'cannot handle this' }));`
feat: allow disable login on ui (#2228) 2021-05-05 16:23:03 -05:00			`});`

fix(api): fix password validation for `/reset_password` route (#3858) Previously, the password validation logic for the `/reset_password` route was reversed: An error was returned when the password was valid and the operation would succeed when the password was invalid. This commit fixes the logic to return an error when the validation fails and proceed with resetting the password when the password is valid. 2023-06-11 03:33:37 -05:00			`test('should change password', async () => {`
			`const oldPass = 'test';`
			`const newPass = 'new-pass';`

			`const api = supertest(await initializeServer('default-test.yaml'));`

			`// Login with the old password.`
			`const loginRes = await api`
			`.post('/-/verdaccio/sec/login')`
			`.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)`
			`.send(`
			`JSON.stringify({`
			`username: 'test',`
			`password: oldPass,`
			`})`
			`)`
			`.expect(HTTP_STATUS.OK);`

			`// Change the password.`
			`await api`
			`.put('/-/verdaccio/sec/reset_password')`
			`.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)`
			.set(HEADER_TYPE.AUTHORIZATION, `Bearer ${loginRes.body.token}`)
			`.send(`
			`JSON.stringify({`
			`password: {`
			`old: oldPass,`
			`new: newPass,`
			`},`
			`})`
			`)`
			`.expect(HTTP_STATUS.OK);`

			`// Verify that you cannot login with the old password.`
			`await api`
			`.post('/-/verdaccio/sec/login')`
			`.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)`
			`.send(`
			`JSON.stringify({`
			`username: 'test',`
			`password: oldPass,`
			`})`
			`)`
			`.expect(HTTP_STATUS.UNAUTHORIZED);`

			`// Verify that you can login with the new password.`
			`await api`
			`.post('/-/verdaccio/sec/login')`
			`.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)`
			`.send(`
			`JSON.stringify({`
			`username: 'test',`
			`password: newPass,`
			`})`
			`)`
			`.expect(HTTP_STATUS.OK);`
			`});`

			`test('should not change to invalid password', async () => {`
			`const oldPass = 'test';`
			`const newPass = '12'; // Invalid password: Too short.`

			`const api = supertest(await initializeServer('default-test.yaml'));`

			`// Login with the old password.`
			`const loginRes = await api`
			`.post('/-/verdaccio/sec/login')`
			`.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)`
			`.send(`
			`JSON.stringify({`
			`username: 'test',`
			`password: oldPass,`
			`})`
			`)`
			`.expect(HTTP_STATUS.OK);`

			`// Try changing to an invalid password.`
			`await api`
			`.put('/-/verdaccio/sec/reset_password')`
			`.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)`
			.set(HEADER_TYPE.AUTHORIZATION, `Bearer ${loginRes.body.token}`)
			`.send(`
			`JSON.stringify({`
			`password: {`
			`old: oldPass,`
			`new: newPass,`
			`},`
			`})`
			`)`
			`.expect(HTTP_STATUS.BAD_REQUEST);`

			`// Verify that you cannot login with the new (invalid) password.`
			`await api`
			`.post('/-/verdaccio/sec/login')`
			`.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)`
			`.send(`
			`JSON.stringify({`
			`username: 'test',`
			`password: newPass,`
			`})`
			`)`
			`.expect(HTTP_STATUS.UNAUTHORIZED);`

			`// Verify that you can still login with the old password.`
			`await api`
			`.post('/-/verdaccio/sec/login')`
			`.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)`
			`.send(`
			`JSON.stringify({`
			`username: 'test',`
			`password: oldPass,`
			`})`
			`)`
			`.expect(HTTP_STATUS.OK);`
			`});`

fix(config): respect the `changePassword` configuration flag (#3849) 2023-06-02 11:52:41 -05:00			`test('should not change password if flag is disabled', async () => {`
			`const oldPass = 'test';`
			`const newPass = 'new-pass';`

			`const api = supertest(await initializeServer('change-password-disabled.yaml'));`

			`// Login with the old password.`
			`const loginRes = await api`
			`.post('/-/verdaccio/sec/login')`
			`.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)`
			`.send(`
			`JSON.stringify({`
			`username: 'test',`
			`password: oldPass,`
			`})`
			`)`
			`.expect(HTTP_STATUS.OK);`

			`// Try changing the password.`
			`await api`
			`.put('/-/verdaccio/sec/reset_password')`
			`.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)`
			.set(HEADER_TYPE.AUTHORIZATION, `Bearer ${loginRes.body.token}`)
			`.send(`
			`JSON.stringify({`
			`password: {`
			`old: oldPass,`
			`new: newPass,`
			`},`
			`})`
			`)`
			`.expect(HTTP_STATUS.CANNOT_HANDLE);`

			`// Verify that you cannot login with the new (rejected) password.`
			`await api`
			`.post('/-/verdaccio/sec/login')`
			`.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)`
			`.send(`
			`JSON.stringify({`
			`username: 'test',`
			`password: newPass,`
			`})`
			`)`
			`.expect(HTTP_STATUS.UNAUTHORIZED);`

			`// Verify that you can still login with the old password.`
			`await api`
			`.post('/-/verdaccio/sec/login')`
			`.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)`
			`.send(`
			`JSON.stringify({`
			`username: 'test',`
			`password: oldPass,`
			`})`
			`)`
			`.expect(HTTP_STATUS.OK);`
			`});`
feat: flexible user interface generator (#2070) * feat: flexible template generator and manifest * chore: add changeset * chore: restore dep * chore: add docs * chore: update snapshots * chore: update docker examples for v5 * chore: refactor web module * chore: format * chore: refactor web api endpoints * test: add test for user login web * chore: refactor endpoints * chore: fix merge * chore: fix merge * Update ci.yml * chore: test * chore: add static * chore: update script * chore: fix e2e * chore: fix method * docs: update v5 relative docker example * chore: update html render * chore: update style * Update .prettierignore * chore: update changeset * chore: use pnpm6 on run test temporary ci * chore: drop node 16 for pnpm 6 * chore: update ci * chore: update ci * chore: update ci * chore: update ci * chore: remove circle ci * chore: better url prefix handling * chore: format code * chore: remove test node 10 * docs: add docker v5 relative revers proxy example * chore: use base html tag * chore: update test 2021-03-06 12:56:45 -05:00			`});`