diff options
| author | Marius Halden <marius.h@lden.org> | 2018-05-29 19:37:34 +0200 |
|---|---|---|
| committer | Marius Halden <marius.h@lden.org> | 2018-05-29 19:37:34 +0200 |
| commit | 782457d016084c8de04989dbc824a71899f8b41b (patch) | |
| tree | 56d14e1a988396e43c8693ff3486e40d16962add /t/app/controller/auth.t | |
| parent | 140d40e3eab4cb1e7aa9f95cbc24a0f13180b606 (diff) | |
| parent | 6e2da95bc6a758c0cf070b9ddd51acc769f7acf1 (diff) | |
Merge tag 'v2.3.1' into fiksgatami-dev
Diffstat (limited to 't/app/controller/auth.t')
| -rw-r--r-- | t/app/controller/auth.t | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t index 8d60137a2..8cc7e4154 100644 --- a/t/app/controller/auth.t +++ b/t/app/controller/auth.t @@ -5,7 +5,7 @@ my $mech = FixMyStreet::TestMech->new; my $test_email = 'test@example.com'; my $test_email3 = 'newuser@example.org'; -my $test_password = 'foobar'; +my $test_password = 'foobar123'; END { done_testing(); @@ -276,3 +276,49 @@ subtest "check logging in with token" => sub { $mech->delete_header('Authorization'); }; + +subtest 'check password length/common' => sub { + $mech->get_ok('/auth'); + $mech->submit_form_ok({ + form_name => 'general_auth', + fields => { username => $test_email, password_register => 'short' }, + button => 'sign_in_by_code', + }); + $mech->content_contains("Please make sure your password is at least"); + $mech->submit_form_ok({ + form_name => 'general_auth', + fields => { username => $test_email, password_register => 'common' }, + button => 'sign_in_by_code', + }); + $mech->content_contains("Please choose a less commonly-used password"); +}; + +subtest 'check common password AJAX call' => sub { + $mech->post_ok('/auth/common_password', { password_register => 'password' }); + $mech->content_contains("Please choose a less commonly-used password"); + $mech->post_ok('/auth/common_password', { password_register => 'squirblewirble' }); + $mech->content_contains("true"); +}; + +subtest "Test two-factor authentication login" => sub { + use Auth::GoogleAuth; + my $auth = Auth::GoogleAuth->new; + my $code = $auth->code; + my $wrong_code = $auth->code(undef, time() - 120); + + my $user = FixMyStreet::App->model('DB::User')->find( { email => $test_email } ); + $user->is_superuser(1); + $user->password('password'); + $user->set_extra_metadata('2fa_secret', $auth->secret32); + $user->update; + + $mech->get_ok('/auth'); + $mech->submit_form_ok( + { with_fields => { username => $test_email, password_sign_in => 'password' } }, + "sign in using form" ); + $mech->content_contains('Please generate a two-factor code'); + $mech->submit_form_ok({ with_fields => { '2fa_code' => $wrong_code } }, "provide wrong 2FA code" ); + $mech->content_contains('Try again'); + $mech->submit_form_ok({ with_fields => { '2fa_code' => $code } }, "provide correct 2FA code" ); + $mech->logged_in_ok; +}; |