forked from CMU-313/cmu-313-f24-nodebb-f24-NodeBB
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #24 from CMU-313/us-7
US7: Changes on the front-end & authentication
- Loading branch information
Showing
13 changed files
with
134 additions
and
2 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -106,6 +106,7 @@ describe('authentication', () => { | |
'password-confirm': 'adminpwd', | ||
userLang: 'it', | ||
gdpr_consent: true, | ||
fullname: 'adminfn', | ||
}, | ||
headers: { | ||
'x-csrf-token': csrf_token, | ||
|
@@ -384,6 +385,7 @@ describe('authentication', () => { | |
username: 'anotheruser', | ||
password: 'anotherpwd', | ||
gdpr_consent: 1, | ||
fullname: 'anotheruser', | ||
}); | ||
meta.config.registrationApprovalType = 'normal'; | ||
assert.equal(response.statusCode, 200); | ||
|
@@ -393,7 +395,7 @@ describe('authentication', () => { | |
|
||
it('should be able to login with email', async () => { | ||
const email = '[email protected]'; | ||
const uid = await user.create({ username: 'ginger', password: '123456', email }); | ||
const uid = await user.create({ username: 'ginger', password: '123456', email, fullname: 'ginger' }); | ||
await user.setUserField(uid, 'email', email); | ||
await user.email.confirmByUid(uid); | ||
const { response } = await helpers.loginUser('[email protected]', '123456'); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -244,6 +244,7 @@ describe('Controllers', () => { | |
password: '123456', | ||
'password-confirm': '123456', | ||
email: '[email protected]', | ||
fullname: 'interstitial', | ||
}, | ||
jar, | ||
headers: { | ||
|
@@ -279,6 +280,7 @@ describe('Controllers', () => { | |
jar = (await helpers.registerUser({ | ||
username: utils.generateUUID().slice(0, 10), | ||
password: utils.generateUUID(), | ||
fullname: utils.generateUUID().slice(0, 10), | ||
})).jar; | ||
token = await helpers.getCsrfToken(jar); | ||
|
||
|
@@ -497,6 +499,7 @@ describe('Controllers', () => { | |
jar = (await helpers.registerUser({ | ||
username, | ||
password: utils.generateUUID(), | ||
fullname: utils.generateUUID().slice(0, 10), | ||
})).jar; | ||
token = await helpers.getCsrfToken(jar); | ||
}); | ||
|
@@ -594,6 +597,7 @@ describe('Controllers', () => { | |
jar = (await helpers.registerUser({ | ||
username: utils.generateUUID().slice(0, 10), | ||
password: utils.generateUUID(), | ||
fullname: utils.generateUUID().slice(0, 10), | ||
})).jar; | ||
token = await helpers.getCsrfToken(jar); | ||
}); | ||
|
@@ -625,6 +629,7 @@ describe('Controllers', () => { | |
jar = (await helpers.registerUser({ | ||
username: utils.generateUUID().slice(0, 10), | ||
password: utils.generateUUID(), | ||
fullname: utils.generateUUID().slice(0, 10), | ||
})).jar; | ||
token = await helpers.getCsrfToken(jar); | ||
}); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -97,7 +97,7 @@ describe('User', () => { | |
}); | ||
|
||
it('should have a valid email, if using an email', (done) => { | ||
User.create({ username: userData.username, password: userData.password, email: 'fakeMail' }, (err) => { | ||
User.create({ username: userData.username, fullname: userData.fullname, password: userData.password, email: 'fakeMail' }, (err) => { | ||
assert(err); | ||
assert.equal(err.message, '[[error:invalid-email]]'); | ||
done(); | ||
|
@@ -767,6 +767,46 @@ describe('User', () => { | |
const confirmSent = await User.email.isValidationPending(uid, '[email protected]'); | ||
assert.strictEqual(confirmSent, true); | ||
}); | ||
|
||
// new check added | ||
it('should not allow updating fullname to an empty string', async () => { | ||
try { | ||
await apiUser.update({ uid: uid }, { uid: uid, fullname: '' }); | ||
assert(false); | ||
} catch (err) { | ||
assert.strictEqual(err.message, '[[error:fullname-required]]'); | ||
} | ||
}); | ||
|
||
// new check added | ||
it('should not allow updating fullname to a string with only whitespace', async () => { | ||
try { | ||
await apiUser.update({ uid: uid }, { uid: uid, fullname: ' ' }); | ||
assert(false); | ||
} catch (err) { | ||
assert.strictEqual(err.message, '[[error:fullname-required]]'); | ||
} | ||
}); | ||
|
||
// new check added | ||
it('should not allow fullname to be greater than 255 characters', async () => { | ||
try { | ||
await apiUser.update({ uid: uid }, { uid: uid, fullname: 'We want you to connect this projects experience with your previous experience with collaborative development. Your previous experience may be from an academic or non-academic setting, such as internships, hackathons, or personal projects. Adding characters so that the limit passes 255 characters so this as full name does not work' }); | ||
assert(false); | ||
} catch (err) { | ||
assert.strictEqual(err.message, '[[error:invalid-fullname]]'); | ||
} | ||
}); | ||
|
||
// new check added | ||
it('should not allow updating fullname to a URL', async () => { | ||
try { | ||
await apiUser.update({ uid: uid }, { uid: uid, fullname: 'https://www.linkedin.com' }); | ||
assert(false); | ||
} catch (err) { | ||
assert.strictEqual(err.message, '[[error:invalid-fullname]]'); | ||
} | ||
}); | ||
}); | ||
|
||
it('should change a user\'s password', async () => { | ||
|
@@ -1771,6 +1811,7 @@ describe('User', () => { | |
'password-confirm': '123456', | ||
email: '<script>alert("ok")<script>[email protected]', | ||
gdpr_consent: true, | ||
fullname: 'rejectme', | ||
}); | ||
const { jar } = await helpers.loginUser('admin', '123456'); | ||
const { body: { users } } = await request.get(`${nconf.get('url')}/api/admin/manage/registration`, { jar }); | ||
|
@@ -1785,6 +1826,7 @@ describe('User', () => { | |
'password-confirm': '123456', | ||
email: '<script>alert("ok")<script>[email protected]', | ||
gdpr_consent: true, | ||
fullname: 'rejuctme', | ||
}); | ||
assert.equal(body, '[[error:username-taken]]'); | ||
}); | ||
|
@@ -1796,10 +1838,62 @@ describe('User', () => { | |
'password-confirm': '123456', | ||
email: '<script>alert("ok")<script>[email protected]', | ||
gdpr_consent: true, | ||
fullname: 'rejustmenew', | ||
}); | ||
assert.equal(body, '[[error:email-taken]]'); | ||
}); | ||
|
||
// new check added | ||
it('should fail to add user to queue if fullname is not entered', async () => { | ||
const { body } = await helpers.registerUser({ | ||
username: 'rejectmenew', | ||
password: '123456', | ||
'password-confirm': '123456', | ||
email: '<script>alert("ok")<script>[email protected]', | ||
gdpr_consent: true, | ||
}); | ||
assert.equal(body, '[[error:fullname-required]]'); | ||
}); | ||
|
||
// new check added | ||
it('should fail to add user to queue if fullname is blank spaces', async () => { | ||
const { body } = await helpers.registerUser({ | ||
username: 'rejectmenew', | ||
password: '123456', | ||
'password-confirm': '123456', | ||
email: '<script>alert("ok")<script>[email protected]', | ||
gdpr_consent: true, | ||
fullname: ' ', | ||
}); | ||
assert.equal(body, '[[error:invalid-fullname]]'); | ||
}); | ||
|
||
// new check added | ||
it('should fail to add user to queue if fullname is URL', async () => { | ||
const { body } = await helpers.registerUser({ | ||
username: 'rejectmenew', | ||
password: '123456', | ||
'password-confirm': '123456', | ||
email: '<script>alert("ok")<script>[email protected]', | ||
gdpr_consent: true, | ||
fullname: 'https://www.linkedin.com', | ||
}); | ||
assert.equal(body, '[[error:invalid-fullname]]'); | ||
}); | ||
|
||
// new check added | ||
it('should fail to add user to queue if the length of the fullname exceeds 255', async () => { | ||
const { body } = await helpers.registerUser({ | ||
username: 'rejectmenew', | ||
password: '123456', | ||
'password-confirm': '123456', | ||
email: '<script>alert("ok")<script>[email protected]', | ||
gdpr_consent: true, | ||
fullname: 'As with the first sprint, every member of your team must contribute to the implementation. One way we will evaluate this is that each team member must have at least one commit as a part of the solution. Failure to do so will result in a significant penalty to your grade.', | ||
}); | ||
assert.equal(body, '[[error:invalid-fullname]]'); | ||
}); | ||
|
||
it('should reject user registration', async () => { | ||
await socketUser.rejectRegistration({ uid: adminUid }, { username: 'rejectme' }); | ||
const users = await User.getRegistrationQueue(0, -1); | ||
|
@@ -1813,6 +1907,7 @@ describe('User', () => { | |
'password-confirm': '123456', | ||
email: '[email protected]', | ||
gdpr_consent: true, | ||
fullname: 'acceptme', | ||
}); | ||
|
||
const uid = await socketUser.acceptRegistration({ uid: adminUid }, { username: 'acceptme' }); | ||
|
@@ -1829,6 +1924,7 @@ describe('User', () => { | |
'password-confirm': '123456', | ||
email: '[email protected]', | ||
gdpr_consent: true, | ||
fullname: 'invalidname', | ||
}); | ||
|
||
const users = await db.getSortedSetRange('registration:queue', 0, -1); | ||
|
@@ -2102,6 +2198,7 @@ describe('User', () => { | |
email: email, | ||
gdpr_consent: true, | ||
token: token, | ||
fullname: 'invite5', | ||
}); | ||
|
||
const memberships = await groups.isMemberOfGroups(body.uid, groupsToJoin); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -148,13 +148,15 @@ describe('email confirmation (v3 api)', () => { | |
password: 'derpioansdosa', | ||
email: '[email protected]', | ||
gdpr_consent: true, | ||
fullname: 'fake-user', | ||
}); | ||
|
||
({ body: userObj, jar } = await helpers.registerUser({ | ||
username: 'email-test', | ||
password: 'abcdef', | ||
email: '[email protected]', | ||
gdpr_consent: true, | ||
fullname: 'email-test', | ||
})); | ||
}); | ||
|
||
|