-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
Expand file tree
/
Copy pathauth.spec.ts
More file actions
124 lines (109 loc) · 4.13 KB
/
auth.spec.ts
File metadata and controls
124 lines (109 loc) · 4.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
import { Application } from "express";
import supertest from "supertest";
import { beforeAll, describe, expect, it } from "vitest";
import { refreshAuth } from "./auth";
import cls from "./cls";
import config from "./config";
import options from "./options";
let app: Application;
function encodeCred(password: string): string {
return Buffer.from(`dummy:${password}`).toString("base64");
}
describe("Auth", () => {
beforeAll(async () => {
const buildApp = (await (import("../../src/app.js"))).default;
app = await buildApp();
});
describe("Auth", () => {
beforeAll(() => {
config.General.noAuthentication = false;
refreshAuth();
});
it("goes to login and asks for TOTP if enabled", async () => {
cls.init(() => {
options.setOption("mfaEnabled", "true");
options.setOption("mfaMethod", "totp");
options.setOption("totpVerificationHash", "hi");
});
const response = await supertest(app)
.get("/")
.redirects(1)
.expect(200);
expect(response.text).toContain(`id="totpToken"`);
});
it("goes to login and doesn't ask for TOTP is disabled", async () => {
cls.init(() => {
options.setOption("mfaEnabled", "false");
});
const response = await supertest(app)
.get("/")
.redirects(1)
.expect(200);
expect(response.text).not.toContain(`id="totpToken"`);
});
});
describe("No auth", () => {
beforeAll(() => {
config.General.noAuthentication = true;
refreshAuth();
});
it("doesn't ask for authentication when disabled, even if TOTP is enabled", async () => {
cls.init(() => {
options.setOption("mfaEnabled", "true");
options.setOption("mfaMethod", "totp");
options.setOption("totpVerificationHash", "hi");
});
await supertest(app)
.get("/")
.expect(200);
});
it("doesn't ask for authentication when disabled, with TOTP disabled", async () => {
cls.init(() => {
options.setOption("mfaEnabled", "false");
});
await supertest(app)
.get("/")
.expect(200);
});
});
describe("Setup status endpoint", () => {
it("returns totpEnabled: true when TOTP is enabled", async () => {
cls.init(() => {
options.setOption("mfaEnabled", "true");
options.setOption("mfaMethod", "totp");
options.setOption("totpVerificationHash", "hi");
});
const response = await supertest(app)
.get("/api/setup/status")
.expect(200);
expect(response.body.totpEnabled).toBe(true);
});
it("returns totpEnabled: false when TOTP is disabled", async () => {
cls.init(() => {
options.setOption("mfaEnabled", "false");
});
const response = await supertest(app)
.get("/api/setup/status")
.expect(200);
expect(response.body.totpEnabled).toBe(false);
});
});
describe("checkCredentials TOTP enforcement", () => {
beforeAll(() => {
config.General.noAuthentication = false;
refreshAuth();
});
it("does not require TOTP token when TOTP is disabled", async () => {
cls.init(() => {
options.setOption("mfaEnabled", "false");
});
// Will still fail with 401 due to wrong password, but NOT because of missing TOTP
const response = await supertest(app)
.get("/api/setup/sync-seed")
.set("trilium-cred", encodeCred("wrongpassword"))
.expect(401);
// The error should be about password, not TOTP
expect(response.text).toContain("Incorrect password");
});
});
}, 60_000);