1
0
mirror of https://github.com/Foltik/Shimapan synced 2024-11-27 21:19:09 -05:00

Change response code, add length test, verify user and invite are processed correctly

This commit is contained in:
Jack Foltz 2018-07-25 01:44:45 -04:00
parent 883ec62c7a
commit 1fdb121260
Signed by: foltik
GPG Key ID: 303F88F996E95541
2 changed files with 21 additions and 6 deletions

View File

@ -44,7 +44,7 @@ describe('Users', function() {
const create = invite ? util.createInvite : (invite, cb) => cb();
async.series([
(cb) => create(invite, cb),
(cb) => util.verifyFailedRegister(user, message, 401, cb)
(cb) => util.verifyFailedRegister(user, message, 422, cb)
], done);
};
@ -75,7 +75,7 @@ describe('Users', function() {
const user1 = {username: 'user', password: 'diff', invite: 'code1'};
async.series([
(cb) => util.verifySuccessfulRegister(user0, cb),
(cb) => util.verifyFailedRegister(user1, 'Username in use.', 401, cb)
(cb) => util.verifyFailedRegister(user1, 'Username in use.', 422, cb)
], done);
});
@ -84,7 +84,7 @@ describe('Users', function() {
const user1 = {username: 'ᴮᴵᴳᴮᴵᴿᴰ', password: 'diff', invite: 'code1'};
async.series([
(cb) => util.verifySuccessfulRegister(user0, cb),
(cb) => util.verifyFailedRegister(user1, 'Username in use.', 401, cb)
(cb) => util.verifyFailedRegister(user1, 'Username in use.', 422, cb)
], done);
});
@ -95,13 +95,18 @@ describe('Users', function() {
{username: 'user name', password: 'pass', invite: 'code2'}
];
const failMsg = 'Username contains invalid characters.';
async.each(users, (user, cb) => util.verifyFailedRegister(user, failMsg, 401, cb), done);
async.each(users, (user, cb) => util.verifyFailedRegister(user, failMsg, 422, cb), done);
});
it('MUST NOT register a username containing HTML', function(done) {
const user = {username: 'user<svg/onload=alert("XSS")>', password: 'pass', invite: 'code0'};
util.verifyFailedRegister(user, 'Username contains invalid characters.', 401, done);
util.verifyFailedRegister(user, 'Username contains invalid characters.', 422, done);
});
it('MUST NOT register a username with too many characters', function(done) {
const user = {username: '123456789_123456789_123456789_1234567', password: 'pass', invite: 'code0'};
util.verifyFailedRegister(user, 'Username too long.', 422, done);
})
});
});

View File

@ -18,6 +18,10 @@ var expect = chai.expect;
chai.use(http);
//TODO: BAD! Move to a util file!
// Normalizes, decomposes, and lowercases a utf-8 string
const canonicalizeUsername = username => username.normalize('NFKD').toLowerCase();
//---------------- DATABASE UTIL ----------------//
var resetDatabase = function(cb) {
@ -63,7 +67,13 @@ const verifySuccessfulRegister = function(user, done) {
res.should.have.status(200);
res.body.should.be.a('object');
res.body.should.have.property('message').eql('Registration successful.');
done();
User.countDocuments({username: user.username}, function(err, count) {
count.should.eql(1);
Invite.countDocuments({recipient: canonicalizeUsername(user.username)}, function(err, count) {
count.should.eql(1);
done();
});
});
});
};