core: add more login tests

2026-02-23 19:49:56 +01:00 · 2024-03-12 07:19:59 +05:00
parent d4f7e3ef07
commit a3b590bcb7
2 changed files with 53 additions and 4 deletions
--- a/packages/core/e2e/user-manager.test.js
+++ b/packages/core/e2e/user-manager.test.js
@@ -17,8 +17,9 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

+import { authenticator } from "otplib";
 import { databaseTest } from "../__tests__/utils";
-import { login, user } from "./utils";
+import { login, USER } from "./utils";
 import { test, expect } from "vitest";

 // test("signup user and check for token", async () => {
@@ -50,7 +51,55 @@ test(
      await login(db);

      const userData = await db.user.getUser();
-      expect(userData.email).toBe(user.email);
+      expect(userData.email).toBe(USER.email);
+    }),
+  30000
+);
+
+test(
+  "login user after entering invalid mfa once",
+  () =>
+    databaseTest().then(async (db) => {
+      await db.user.authenticateEmail(USER.email);
+
+      await expect(
+        db.user.authenticateMultiFactorCode(201022, "app")
+      ).rejects.toThrowError(
+        /Please provide a valid multi-factor authentication/
+      );
+
+      const token = authenticator.generate(USER.totpSecret);
+      await db.user.authenticateMultiFactorCode(token, "app");
+
+      await expect(
+        db.user.authenticatePassword(USER.email, USER.password, USER.hashed)
+      ).resolves.toBeFalsy();
+
+      await expect(db.user.tokenManager.getToken()).resolves.toBeDefined();
+    }),
+  30000
+);
+
+test(
+  "login user after entering incorrect password once",
+  () =>
+    databaseTest().then(async (db) => {
+      await db.user.authenticateEmail(USER.email);
+
+      const token = authenticator.generate(USER.totpSecret);
+      await db.user.authenticateMultiFactorCode(token, "app");
+
+      await expect(
+        db.user.authenticatePassword(USER.email, "wrong_password")
+      ).rejects.toThrowError(/Password is incorrect./);
+
+      await db.user.authenticatePassword(
+        USER.email,
+        USER.password,
+        USER.hashed
+      );
+
+      await expect(db.user.tokenManager.getToken()).resolves.toBeDefined();
    }),
  30000
 );
--- a/packages/core/e2e/utils.js
+++ b/packages/core/e2e/utils.js
@@ -19,14 +19,14 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.

 import { authenticator } from "otplib";

-export const user = {
+export const USER = {
  email: process.env.USER_EMAIL,
  password: process.env.USER_PASSWORD,
  hashed: process.env.USER_HASHED_PASSWORD,
  totpSecret: process.env.USER_TOTP_SECRET
 };

-export async function login(db) {
+export async function login(db, user = USER) {
  await db.user.authenticateEmail(user.email);

  const token = authenticator.generate(user.totpSecret);