mirror of
https://github.com/Foltik/Shimapan
synced 2024-11-30 14:31:42 -05:00
Change response code, add length test, verify user and invite are processed correctly
This commit is contained in:
parent
883ec62c7a
commit
1fdb121260
15
test/api.js
15
test/api.js
@ -44,7 +44,7 @@ describe('Users', function() {
|
||||
const create = invite ? util.createInvite : (invite, cb) => cb();
|
||||
async.series([
|
||||
(cb) => create(invite, cb),
|
||||
(cb) => util.verifyFailedRegister(user, message, 401, cb)
|
||||
(cb) => util.verifyFailedRegister(user, message, 422, cb)
|
||||
], done);
|
||||
};
|
||||
|
||||
@ -75,7 +75,7 @@ describe('Users', function() {
|
||||
const user1 = {username: 'user', password: 'diff', invite: 'code1'};
|
||||
async.series([
|
||||
(cb) => util.verifySuccessfulRegister(user0, cb),
|
||||
(cb) => util.verifyFailedRegister(user1, 'Username in use.', 401, cb)
|
||||
(cb) => util.verifyFailedRegister(user1, 'Username in use.', 422, cb)
|
||||
], done);
|
||||
});
|
||||
|
||||
@ -84,7 +84,7 @@ describe('Users', function() {
|
||||
const user1 = {username: 'ᴮᴵᴳᴮᴵᴿᴰ', password: 'diff', invite: 'code1'};
|
||||
async.series([
|
||||
(cb) => util.verifySuccessfulRegister(user0, cb),
|
||||
(cb) => util.verifyFailedRegister(user1, 'Username in use.', 401, cb)
|
||||
(cb) => util.verifyFailedRegister(user1, 'Username in use.', 422, cb)
|
||||
], done);
|
||||
});
|
||||
|
||||
@ -95,13 +95,18 @@ describe('Users', function() {
|
||||
{username: 'user name', password: 'pass', invite: 'code2'}
|
||||
];
|
||||
const failMsg = 'Username contains invalid characters.';
|
||||
async.each(users, (user, cb) => util.verifyFailedRegister(user, failMsg, 401, cb), done);
|
||||
async.each(users, (user, cb) => util.verifyFailedRegister(user, failMsg, 422, cb), done);
|
||||
});
|
||||
|
||||
it('MUST NOT register a username containing HTML', function(done) {
|
||||
const user = {username: 'user<svg/onload=alert("XSS")>', password: 'pass', invite: 'code0'};
|
||||
util.verifyFailedRegister(user, 'Username contains invalid characters.', 401, done);
|
||||
util.verifyFailedRegister(user, 'Username contains invalid characters.', 422, done);
|
||||
});
|
||||
|
||||
it('MUST NOT register a username with too many characters', function(done) {
|
||||
const user = {username: '123456789_123456789_123456789_1234567', password: 'pass', invite: 'code0'};
|
||||
util.verifyFailedRegister(user, 'Username too long.', 422, done);
|
||||
})
|
||||
});
|
||||
});
|
||||
|
||||
|
@ -18,6 +18,10 @@ var expect = chai.expect;
|
||||
|
||||
chai.use(http);
|
||||
|
||||
//TODO: BAD! Move to a util file!
|
||||
// Normalizes, decomposes, and lowercases a utf-8 string
|
||||
const canonicalizeUsername = username => username.normalize('NFKD').toLowerCase();
|
||||
|
||||
//---------------- DATABASE UTIL ----------------//
|
||||
|
||||
var resetDatabase = function(cb) {
|
||||
@ -63,7 +67,13 @@ const verifySuccessfulRegister = function(user, done) {
|
||||
res.should.have.status(200);
|
||||
res.body.should.be.a('object');
|
||||
res.body.should.have.property('message').eql('Registration successful.');
|
||||
done();
|
||||
User.countDocuments({username: user.username}, function(err, count) {
|
||||
count.should.eql(1);
|
||||
Invite.countDocuments({recipient: canonicalizeUsername(user.username)}, function(err, count) {
|
||||
count.should.eql(1);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user