2021-03-06 18:56:45 +01:00
|
|
|
import path from 'path';
|
|
|
|
import supertest from 'supertest';
|
2024-10-20 19:26:36 +02:00
|
|
|
import { afterEach, beforeAll, describe, expect, test, vi } from 'vitest';
|
2021-10-29 17:33:05 +02:00
|
|
|
|
|
|
|
import { API_ERROR, HEADERS, HEADER_TYPE, HTTP_STATUS } from '@verdaccio/core';
|
2021-03-06 18:56:45 +01:00
|
|
|
import { setup } from '@verdaccio/logger';
|
2021-10-29 17:33:05 +02:00
|
|
|
|
2021-03-06 18:56:45 +01:00
|
|
|
import { initializeServer } from './helper';
|
|
|
|
|
2024-10-20 19:26:36 +02:00
|
|
|
setup({});
|
2021-03-06 18:56:45 +01:00
|
|
|
|
2024-10-20 19:26:36 +02:00
|
|
|
const mockManifest = vi.fn();
|
|
|
|
vi.mock('@verdaccio/ui-theme', () => mockManifest());
|
2021-03-06 18:56:45 +01:00
|
|
|
|
|
|
|
describe('test web server', () => {
|
|
|
|
beforeAll(() => {
|
2021-04-02 15:59:47 +02:00
|
|
|
mockManifest.mockReturnValue(() => ({
|
|
|
|
staticPath: path.join(__dirname, 'static'),
|
|
|
|
manifestFiles: {
|
|
|
|
js: ['runtime.js', 'vendors.js', 'main.js'],
|
|
|
|
},
|
2021-03-06 18:56:45 +01:00
|
|
|
manifest: require('./partials/manifest/manifest.json'),
|
2021-04-02 15:59:47 +02:00
|
|
|
}));
|
2021-03-06 18:56:45 +01:00
|
|
|
});
|
|
|
|
|
|
|
|
afterEach(() => {
|
2024-10-20 19:26:36 +02:00
|
|
|
vi.clearAllMocks();
|
2021-03-06 18:56:45 +01:00
|
|
|
mockManifest.mockClear();
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should get 401', async () => {
|
|
|
|
return supertest(await initializeServer('default-test.yaml'))
|
2022-01-15 20:12:28 +01:00
|
|
|
.post('/-/verdaccio/sec/login')
|
2021-03-06 18:56:45 +01:00
|
|
|
.send(
|
|
|
|
JSON.stringify({
|
|
|
|
username: 'test',
|
|
|
|
password: 'password1',
|
|
|
|
})
|
|
|
|
)
|
|
|
|
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.UNAUTHORIZED)
|
|
|
|
.then((response) => {
|
|
|
|
expect(response.body.error).toEqual(API_ERROR.BAD_USERNAME_PASSWORD);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should log in', async () => {
|
|
|
|
return supertest(await initializeServer('default-test.yaml'))
|
2022-01-15 20:12:28 +01:00
|
|
|
.post('/-/verdaccio/sec/login')
|
2021-03-06 18:56:45 +01:00
|
|
|
.send(
|
|
|
|
JSON.stringify({
|
|
|
|
username: 'test',
|
|
|
|
password: 'test',
|
|
|
|
})
|
|
|
|
)
|
|
|
|
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
2022-10-28 23:38:22 +02:00
|
|
|
.expect(HEADERS.CACHE_CONTROL, 'no-cache, no-store')
|
2021-03-06 18:56:45 +01:00
|
|
|
.expect(HTTP_STATUS.OK)
|
|
|
|
.then((res) => {
|
|
|
|
expect(res.body.error).toBeUndefined();
|
|
|
|
expect(res.body.token).toBeDefined();
|
|
|
|
expect(res.body.token).toBeTruthy();
|
|
|
|
expect(res.body.username).toMatch('test');
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2023-05-31 18:58:58 +03:00
|
|
|
test('log in should be disabled', async () => {
|
2021-05-05 23:23:03 +02:00
|
|
|
return supertest(await initializeServer('login-disabled.yaml'))
|
2022-01-15 20:12:28 +01:00
|
|
|
.post('/-/verdaccio/sec/login')
|
2021-05-05 23:23:03 +02:00
|
|
|
.send(
|
|
|
|
JSON.stringify({
|
|
|
|
username: 'test',
|
|
|
|
password: 'test',
|
|
|
|
})
|
|
|
|
)
|
|
|
|
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
|
2023-05-31 18:58:58 +03:00
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.CANNOT_HANDLE, JSON.stringify({ error: 'cannot handle this' }));
|
2021-05-05 23:23:03 +02:00
|
|
|
});
|
|
|
|
|
2023-06-11 11:33:37 +03:00
|
|
|
test('should change password', async () => {
|
|
|
|
const oldPass = 'test';
|
|
|
|
const newPass = 'new-pass';
|
|
|
|
|
|
|
|
const api = supertest(await initializeServer('default-test.yaml'));
|
|
|
|
|
|
|
|
// Login with the old password.
|
|
|
|
const loginRes = await api
|
|
|
|
.post('/-/verdaccio/sec/login')
|
|
|
|
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
|
|
|
|
.send(
|
|
|
|
JSON.stringify({
|
|
|
|
username: 'test',
|
|
|
|
password: oldPass,
|
|
|
|
})
|
|
|
|
)
|
|
|
|
.expect(HTTP_STATUS.OK);
|
|
|
|
|
|
|
|
// Change the password.
|
|
|
|
await api
|
|
|
|
.put('/-/verdaccio/sec/reset_password')
|
|
|
|
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
|
|
|
|
.set(HEADER_TYPE.AUTHORIZATION, `Bearer ${loginRes.body.token}`)
|
|
|
|
.send(
|
|
|
|
JSON.stringify({
|
|
|
|
password: {
|
|
|
|
old: oldPass,
|
|
|
|
new: newPass,
|
|
|
|
},
|
|
|
|
})
|
|
|
|
)
|
|
|
|
.expect(HTTP_STATUS.OK);
|
|
|
|
|
|
|
|
// Verify that you cannot login with the old password.
|
|
|
|
await api
|
|
|
|
.post('/-/verdaccio/sec/login')
|
|
|
|
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
|
|
|
|
.send(
|
|
|
|
JSON.stringify({
|
|
|
|
username: 'test',
|
|
|
|
password: oldPass,
|
|
|
|
})
|
|
|
|
)
|
|
|
|
.expect(HTTP_STATUS.UNAUTHORIZED);
|
|
|
|
|
|
|
|
// Verify that you can login with the new password.
|
|
|
|
await api
|
|
|
|
.post('/-/verdaccio/sec/login')
|
|
|
|
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
|
|
|
|
.send(
|
|
|
|
JSON.stringify({
|
|
|
|
username: 'test',
|
|
|
|
password: newPass,
|
|
|
|
})
|
|
|
|
)
|
|
|
|
.expect(HTTP_STATUS.OK);
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should not change to invalid password', async () => {
|
|
|
|
const oldPass = 'test';
|
|
|
|
const newPass = '12'; // Invalid password: Too short.
|
|
|
|
|
|
|
|
const api = supertest(await initializeServer('default-test.yaml'));
|
|
|
|
|
|
|
|
// Login with the old password.
|
|
|
|
const loginRes = await api
|
|
|
|
.post('/-/verdaccio/sec/login')
|
|
|
|
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
|
|
|
|
.send(
|
|
|
|
JSON.stringify({
|
|
|
|
username: 'test',
|
|
|
|
password: oldPass,
|
|
|
|
})
|
|
|
|
)
|
|
|
|
.expect(HTTP_STATUS.OK);
|
|
|
|
|
|
|
|
// Try changing to an invalid password.
|
|
|
|
await api
|
|
|
|
.put('/-/verdaccio/sec/reset_password')
|
|
|
|
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
|
|
|
|
.set(HEADER_TYPE.AUTHORIZATION, `Bearer ${loginRes.body.token}`)
|
|
|
|
.send(
|
|
|
|
JSON.stringify({
|
|
|
|
password: {
|
|
|
|
old: oldPass,
|
|
|
|
new: newPass,
|
|
|
|
},
|
|
|
|
})
|
|
|
|
)
|
|
|
|
.expect(HTTP_STATUS.BAD_REQUEST);
|
|
|
|
|
|
|
|
// Verify that you cannot login with the new (invalid) password.
|
|
|
|
await api
|
|
|
|
.post('/-/verdaccio/sec/login')
|
|
|
|
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
|
|
|
|
.send(
|
|
|
|
JSON.stringify({
|
|
|
|
username: 'test',
|
|
|
|
password: newPass,
|
|
|
|
})
|
|
|
|
)
|
|
|
|
.expect(HTTP_STATUS.UNAUTHORIZED);
|
|
|
|
|
|
|
|
// Verify that you can still login with the old password.
|
|
|
|
await api
|
|
|
|
.post('/-/verdaccio/sec/login')
|
|
|
|
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
|
|
|
|
.send(
|
|
|
|
JSON.stringify({
|
|
|
|
username: 'test',
|
|
|
|
password: oldPass,
|
|
|
|
})
|
|
|
|
)
|
|
|
|
.expect(HTTP_STATUS.OK);
|
|
|
|
});
|
|
|
|
|
2023-06-02 19:52:41 +03:00
|
|
|
test('should not change password if flag is disabled', async () => {
|
|
|
|
const oldPass = 'test';
|
|
|
|
const newPass = 'new-pass';
|
|
|
|
|
|
|
|
const api = supertest(await initializeServer('change-password-disabled.yaml'));
|
|
|
|
|
|
|
|
// Login with the old password.
|
|
|
|
const loginRes = await api
|
|
|
|
.post('/-/verdaccio/sec/login')
|
|
|
|
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
|
|
|
|
.send(
|
|
|
|
JSON.stringify({
|
|
|
|
username: 'test',
|
|
|
|
password: oldPass,
|
|
|
|
})
|
|
|
|
)
|
|
|
|
.expect(HTTP_STATUS.OK);
|
|
|
|
|
|
|
|
// Try changing the password.
|
|
|
|
await api
|
|
|
|
.put('/-/verdaccio/sec/reset_password')
|
|
|
|
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
|
|
|
|
.set(HEADER_TYPE.AUTHORIZATION, `Bearer ${loginRes.body.token}`)
|
|
|
|
.send(
|
|
|
|
JSON.stringify({
|
|
|
|
password: {
|
|
|
|
old: oldPass,
|
|
|
|
new: newPass,
|
|
|
|
},
|
|
|
|
})
|
|
|
|
)
|
|
|
|
.expect(HTTP_STATUS.CANNOT_HANDLE);
|
|
|
|
|
|
|
|
// Verify that you cannot login with the new (rejected) password.
|
|
|
|
await api
|
|
|
|
.post('/-/verdaccio/sec/login')
|
|
|
|
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
|
|
|
|
.send(
|
|
|
|
JSON.stringify({
|
|
|
|
username: 'test',
|
|
|
|
password: newPass,
|
|
|
|
})
|
|
|
|
)
|
|
|
|
.expect(HTTP_STATUS.UNAUTHORIZED);
|
|
|
|
|
|
|
|
// Verify that you can still login with the old password.
|
|
|
|
await api
|
|
|
|
.post('/-/verdaccio/sec/login')
|
|
|
|
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON)
|
|
|
|
.send(
|
|
|
|
JSON.stringify({
|
|
|
|
username: 'test',
|
|
|
|
password: oldPass,
|
|
|
|
})
|
|
|
|
)
|
|
|
|
.expect(HTTP_STATUS.OK);
|
|
|
|
});
|
2021-03-06 18:56:45 +01:00
|
|
|
});
|