solid-server 5.8.6 → 5.8.8-22f4cfec

package/test/unit/password-change-request-test.mjs

@@ -0,0 +1,259 @@
+import chai from 'chai'
+import sinon from 'sinon'
+import dirtyChai from 'dirty-chai'
+import sinonChai from 'sinon-chai'
+import HttpMocks from 'node-mocks-http'
+// const PasswordChangeRequest = require('../../lib/requests/password-change-request')
+// const SolidHost = require('../../lib/models/solid-host')
+import PasswordChangeRequest from '../../lib/requests/password-change-request.mjs'
+import SolidHost from '../../lib/models/solid-host.mjs'
+
+const { expect } = chai
+chai.use(dirtyChai)
+chai.use(sinonChai)
+chai.should()
+
+describe('PasswordChangeRequest', () => {
+  sinon.spy(PasswordChangeRequest.prototype, 'error')
+
+  describe('constructor()', () => {
+    it('should initialize a request instance from options', () => {
+      const res = HttpMocks.createResponse()
+
+      const accountManager = {}
+      const userStore = {}
+
+      const options = {
+        accountManager,
+        userStore,
+        returnToUrl: 'https://example.com/resource',
+        response: res,
+        token: '12345',
+        newPassword: 'swordfish'
+      }
+
+      const request = new PasswordChangeRequest(options)
+
+      expect(request.returnToUrl).to.equal(options.returnToUrl)
+      expect(request.response).to.equal(res)
+      expect(request.token).to.equal(options.token)
+      expect(request.newPassword).to.equal(options.newPassword)
+      expect(request.accountManager).to.equal(accountManager)
+      expect(request.userStore).to.equal(userStore)
+    })
+  })
+
+  describe('fromParams()', () => {
+    it('should return a request instance from options', () => {
+      const returnToUrl = 'https://example.com/resource'
+      const token = '12345'
+      const newPassword = 'swordfish'
+      const accountManager = {}
+      const userStore = {}
+
+      const req = {
+        app: { locals: { accountManager, oidc: { users: userStore } } },
+        query: { returnToUrl, token },
+        body: { newPassword }
+      }
+      const res = HttpMocks.createResponse()
+
+      const request = PasswordChangeRequest.fromParams(req, res)
+
+      expect(request.returnToUrl).to.equal(returnToUrl)
+      expect(request.response).to.equal(res)
+      expect(request.token).to.equal(token)
+      expect(request.newPassword).to.equal(newPassword)
+      expect(request.accountManager).to.equal(accountManager)
+      expect(request.userStore).to.equal(userStore)
+    })
+  })
+
+  describe('get()', () => {
+    const returnToUrl = 'https://example.com/resource'
+    const token = '12345'
+    const userStore = {}
+    const res = HttpMocks.createResponse()
+    sinon.spy(res, 'render')
+
+    it('should create an instance and render a change password form', () => {
+      const accountManager = {
+        validateResetToken: sinon.stub().resolves(true)
+      }
+      const req = {
+        app: { locals: { accountManager, oidc: { users: userStore } } },
+        query: { returnToUrl, token }
+      }
+
+      return PasswordChangeRequest.get(req, res)
+        .then(() => {
+          expect(accountManager.validateResetToken)
+            .to.have.been.called()
+          expect(res.render).to.have.been.calledWith('auth/change-password',
+            { returnToUrl, token, validToken: true })
+        })
+    })
+
+    it('should display an error message on an invalid token', () => {
+      const accountManager = {
+        validateResetToken: sinon.stub().throws()
+      }
+      const req = {
+        app: { locals: { accountManager, oidc: { users: userStore } } },
+        query: { returnToUrl, token }
+      }
+
+      return PasswordChangeRequest.get(req, res)
+        .then(() => {
+          expect(PasswordChangeRequest.prototype.error)
+            .to.have.been.called()
+        })
+    })
+  })
+
+  describe('post()', () => {
+    it('creates a request instance and invokes handlePost()', () => {
+      sinon.spy(PasswordChangeRequest, 'handlePost')
+
+      const returnToUrl = 'https://example.com/resource'
+      const token = '12345'
+      const newPassword = 'swordfish'
+      const host = SolidHost.from({ serverUri: 'https://example.com' })
+      const alice = {
+        webId: 'https://alice.example.com/#me'
+      }
+      const storedToken = { webId: alice.webId }
+      const store = {
+        findUser: sinon.stub().resolves(alice),
+        updatePassword: sinon.stub()
+      }
+      const accountManager = {
+        host,
+        store,
+        userAccountFrom: sinon.stub().resolves(alice),
+        validateResetToken: sinon.stub().resolves(storedToken)
+      }
+
+      accountManager.accountExists = sinon.stub().resolves(true)
+      accountManager.loadAccountRecoveryEmail = sinon.stub().resolves('alice@example.com')
+      accountManager.sendPasswordResetEmail = sinon.stub().resolves()
+
+      const req = {
+        app: { locals: { accountManager, oidc: { users: store } } },
+        query: { returnToUrl },
+        body: { token, newPassword }
+      }
+      const res = HttpMocks.createResponse()
+
+      return PasswordChangeRequest.post(req, res)
+        .then(() => {
+          expect(PasswordChangeRequest.handlePost).to.have.been.called()
+        })
+    })
+  })
+
+  describe('handlePost()', () => {
+    it('should display error message if validation error encountered', () => {
+      const returnToUrl = 'https://example.com/resource'
+      const token = '12345'
+      const userStore = {}
+      const res = HttpMocks.createResponse()
+      const accountManager = {
+        validateResetToken: sinon.stub().throws()
+      }
+      const req = {
+        app: { locals: { accountManager, oidc: { users: userStore } } },
+        query: { returnToUrl, token }
+      }
+
+      const request = PasswordChangeRequest.fromParams(req, res)
+
+      return PasswordChangeRequest.handlePost(request)
+        .then(() => {
+          expect(PasswordChangeRequest.prototype.error)
+            .to.have.been.called()
+        })
+    })
+  })
+
+  describe('validateToken()', () => {
+    it('should return false if no token is present', () => {
+      const accountManager = {
+        validateResetToken: sinon.stub()
+      }
+      const request = new PasswordChangeRequest({ accountManager, token: null })
+
+      return request.validateToken()
+        .then(result => {
+          expect(result).to.be.false()
+          expect(accountManager.validateResetToken).to.not.have.been.called()
+        })
+    })
+  })
+
+  describe('validatePost()', () => {
+    it('should throw an error if no new password was entered', () => {
+      const request = new PasswordChangeRequest({ newPassword: null })
+
+      expect(() => request.validatePost()).to.throw('Please enter a new password')
+    })
+  })
+
+  describe('error()', () => {
+    it('should invoke renderForm() with the error', () => {
+      const request = new PasswordChangeRequest({})
+      request.renderForm = sinon.stub()
+      const error = new Error('error message')
+
+      request.error(error)
+
+      expect(request.renderForm).to.have.been.calledWith(error)
+    })
+  })
+
+  describe('changePassword()', () => {
+    it('should create a new user store entry if none exists', () => {
+      // this would be the case for legacy pre-user-store accounts
+      const webId = 'https://alice.example.com/#me'
+      const user = { webId, id: webId }
+      const accountManager = {
+        userAccountFrom: sinon.stub().returns(user)
+      }
+      const userStore = {
+        findUser: sinon.stub().resolves(null), // no user found
+        createUser: sinon.stub().resolves(),
+        updatePassword: sinon.stub().resolves()
+      }
+
+      const options = {
+        accountManager, userStore, newPassword: 'swordfish'
+      }
+      const request = new PasswordChangeRequest(options)
+
+      return request.changePassword(user)
+        .then(() => {
+          expect(userStore.createUser).to.have.been.calledWith(user, options.newPassword)
+        })
+    })
+  })
+
+  describe('renderForm()', () => {
+    it('should set response status to error status, if error exists', () => {
+      const returnToUrl = 'https://example.com/resource'
+      const token = '12345'
+      const response = HttpMocks.createResponse()
+      sinon.spy(response, 'render')
+
+      const options = { returnToUrl, token, response }
+
+      const request = new PasswordChangeRequest(options)
+
+      const error = new Error('error message')
+
+      request.renderForm(error)
+
+      expect(response.render).to.have.been.calledWith('auth/change-password',
+        { validToken: false, token, returnToUrl, error: 'error message' })
+    })
+  })
+})

package/test/unit/password-reset-email-request-test.mjs

@@ -0,0 +1,234 @@
+import chai from 'chai'
+import sinon from 'sinon'
+import dirtyChai from 'dirty-chai'
+import sinonChai from 'sinon-chai'
+import HttpMocks from 'node-mocks-http'
+
+import PasswordResetEmailRequest from '../../lib/requests/password-reset-email-request.mjs'
+import AccountManager from '../../lib/models/account-manager.mjs'
+import SolidHost from '../../lib/models/solid-host.mjs'
+import EmailService from '../../lib/services/email-service.mjs'
+
+const { expect } = chai
+chai.use(dirtyChai)
+chai.use(sinonChai)
+chai.should()
+
+describe('PasswordResetEmailRequest', () => {
+  describe('constructor()', () => {
+    it('should initialize a request instance from options', () => {
+      const res = HttpMocks.createResponse()
+
+      const options = {
+        returnToUrl: 'https://example.com/resource',
+        response: res,
+        username: 'alice'
+      }
+
+      const request = new PasswordResetEmailRequest(options)
+
+      expect(request.returnToUrl).to.equal(options.returnToUrl)
+      expect(request.response).to.equal(res)
+      expect(request.username).to.equal(options.username)
+    })
+  })
+
+  describe('fromParams()', () => {
+    it('should return a request instance from options', () => {
+      const returnToUrl = 'https://example.com/resource'
+      const username = 'alice'
+      const accountManager = {}
+
+      const req = {
+        app: { locals: { accountManager } },
+        query: { returnToUrl },
+        body: { username }
+      }
+      const res = HttpMocks.createResponse()
+
+      const request = PasswordResetEmailRequest.fromParams(req, res)
+
+      expect(request.accountManager).to.equal(accountManager)
+      expect(request.returnToUrl).to.equal(returnToUrl)
+      expect(request.username).to.equal(username)
+      expect(request.response).to.equal(res)
+    })
+  })
+
+  describe('get()', () => {
+    it('should create an instance and render a reset password form', () => {
+      const returnToUrl = 'https://example.com/resource'
+      const username = 'alice'
+      const accountManager = { multiuser: true }
+
+      const req = {
+        app: { locals: { accountManager } },
+        query: { returnToUrl },
+        body: { username }
+      }
+      const res = HttpMocks.createResponse()
+      res.render = sinon.stub()
+
+      PasswordResetEmailRequest.get(req, res)
+
+      expect(res.render).to.have.been.calledWith('auth/reset-password',
+        { returnToUrl, multiuser: true })
+    })
+  })
+
+  describe('post()', () => {
+    it('creates a request instance and invokes handlePost()', () => {
+      sinon.spy(PasswordResetEmailRequest, 'handlePost')
+
+      const returnToUrl = 'https://example.com/resource'
+      const username = 'alice'
+      const host = SolidHost.from({ serverUri: 'https://example.com' })
+      const store = {
+        suffixAcl: '.acl'
+      }
+      const accountManager = AccountManager.from({ host, multiuser: true, store })
+      accountManager.accountExists = sinon.stub().resolves(true)
+      accountManager.loadAccountRecoveryEmail = sinon.stub().resolves('alice@example.com')
+      accountManager.sendPasswordResetEmail = sinon.stub().resolves()
+
+      const req = {
+        app: { locals: { accountManager } },
+        query: { returnToUrl },
+        body: { username }
+      }
+      const res = HttpMocks.createResponse()
+
+      PasswordResetEmailRequest.post(req, res)
+        .then(() => {
+          expect(PasswordResetEmailRequest.handlePost).to.have.been.called()
+        })
+    })
+  })
+
+  describe('validate()', () => {
+    it('should throw an error if username is missing in multi-user mode', () => {
+      const host = SolidHost.from({ serverUri: 'https://example.com' })
+      const accountManager = AccountManager.from({ host, multiuser: true })
+
+      const request = new PasswordResetEmailRequest({ accountManager })
+
+      expect(() => request.validate()).to.throw(/Username required/)
+    })
+
+    it('should not throw an error if username is missing in single user mode', () => {
+      const host = SolidHost.from({ serverUri: 'https://example.com' })
+      const accountManager = AccountManager.from({ host, multiuser: false })
+
+      const request = new PasswordResetEmailRequest({ accountManager })
+
+      expect(() => request.validate()).to.not.throw()
+    })
+  })
+
+  describe('handlePost()', () => {
+    it('should handle the post request', () => {
+      const host = SolidHost.from({ serverUri: 'https://example.com' })
+      const store = { suffixAcl: '.acl' }
+      const accountManager = AccountManager.from({ host, multiuser: true, store })
+      accountManager.loadAccountRecoveryEmail = sinon.stub().resolves('alice@example.com')
+      accountManager.sendPasswordResetEmail = sinon.stub().resolves()
+      accountManager.accountExists = sinon.stub().resolves(true)
+
+      const returnToUrl = 'https://example.com/resource'
+      const username = 'alice'
+      const response = HttpMocks.createResponse()
+      response.render = sinon.stub()
+
+      const options = { accountManager, username, returnToUrl, response }
+      const request = new PasswordResetEmailRequest(options)
+
+      sinon.spy(request, 'error')
+
+      return PasswordResetEmailRequest.handlePost(request)
+        .then(() => {
+          expect(accountManager.loadAccountRecoveryEmail).to.have.been.called()
+          expect(accountManager.sendPasswordResetEmail).to.have.been.called()
+          expect(response.render).to.have.been.calledWith('auth/reset-link-sent')
+          expect(request.error).to.not.have.been.called()
+        })
+    })
+
+    it('should hande a reset request with no username without privacy leakage', () => {
+      const host = SolidHost.from({ serverUri: 'https://example.com' })
+      const store = { suffixAcl: '.acl' }
+      const accountManager = AccountManager.from({ host, multiuser: true, store })
+      accountManager.loadAccountRecoveryEmail = sinon.stub().resolves('alice@example.com')
+      accountManager.sendPasswordResetEmail = sinon.stub().resolves()
+      accountManager.accountExists = sinon.stub().resolves(false)
+
+      const returnToUrl = 'https://example.com/resource'
+      const username = 'alice'
+      const response = HttpMocks.createResponse()
+      response.render = sinon.stub()
+
+      const options = { accountManager, username, returnToUrl, response }
+      const request = new PasswordResetEmailRequest(options)
+
+      sinon.spy(request, 'error')
+      sinon.spy(request, 'validate')
+      sinon.spy(request, 'loadUser')
+
+      return PasswordResetEmailRequest.handlePost(request)
+        .then(() => {
+          expect(request.validate).to.have.been.called()
+          expect(request.loadUser).to.have.been.called()
+          expect(request.loadUser).to.throw()
+        }).catch(() => {
+          expect(request.error).to.have.been.called()
+          expect(response.render).to.have.been.calledWith('auth/reset-link-sent')
+          expect(accountManager.loadAccountRecoveryEmail).to.not.have.been.called()
+          expect(accountManager.sendPasswordResetEmail).to.not.have.been.called()
+        })
+    })
+  })
+
+  describe('loadUser()', () => {
+    it('should return a UserAccount instance based on username', () => {
+      const host = SolidHost.from({ serverUri: 'https://example.com' })
+      const store = { suffixAcl: '.acl' }
+      const accountManager = AccountManager.from({ host, multiuser: true, store })
+      accountManager.accountExists = sinon.stub().resolves(true)
+      const username = 'alice'
+
+      const options = { accountManager, username }
+      const request = new PasswordResetEmailRequest(options)
+
+      return request.loadUser()
+        .then(account => {
+          expect(account.webId).to.equal('https://alice.example.com/profile/card#me')
+        })
+    })
+
+    it('should throw an error if the user does not exist', done => {
+      const host = SolidHost.from({ serverUri: 'https://example.com' })
+      const store = { suffixAcl: '.acl' }
+      const emailService = sinon.stub().returns(EmailService)
+      const accountManager = AccountManager.from({ host, multiuser: true, store, emailService })
+      accountManager.accountExists = sinon.stub().resolves(false)
+      const username = 'alice'
+      const options = { accountManager, username }
+      const request = new PasswordResetEmailRequest(options)
+
+      sinon.spy(request, 'resetLinkMessage')
+      sinon.spy(accountManager, 'userAccountFrom')
+      sinon.spy(accountManager, 'verifyEmailDependencies')
+
+      request.loadUser()
+        .then(() => {
+          expect(accountManager.userAccountFrom).to.have.been.called()
+          expect(accountManager.verifyEmailDependencies).to.have.been.called()
+          expect(accountManager.verifyEmailDependencies).to.throw()
+          done()
+        })
+        .catch(() => {
+          expect(request.resetLinkMessage).to.have.been.called()
+          done()
+        })
+    })
+  })
+})