2020-04-29 18:44:27 +03:00
|
|
|
const should = require('should');
|
|
|
|
const uuid = require('uuid');
|
|
|
|
const security = require('../../../../core/server/lib/security');
|
2020-03-30 18:26:47 +03:00
|
|
|
|
|
|
|
describe('Utils: tokens', function () {
|
|
|
|
it('generate', function () {
|
2020-04-29 18:44:27 +03:00
|
|
|
const expires = Date.now() + 60 * 1000;
|
|
|
|
const dbHash = uuid.v4();
|
|
|
|
let token;
|
2020-03-30 18:26:47 +03:00
|
|
|
|
|
|
|
token = security.tokens.resetToken.generateHash({
|
|
|
|
email: 'test1@ghost.org',
|
|
|
|
expires: expires,
|
|
|
|
password: 'password',
|
|
|
|
dbHash: dbHash
|
|
|
|
});
|
|
|
|
|
|
|
|
should.exist(token);
|
|
|
|
token.length.should.be.above(0);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('compare: success', function () {
|
2020-04-29 18:44:27 +03:00
|
|
|
const expires = Date.now() + 60 * 1000;
|
|
|
|
const dbHash = uuid.v4();
|
|
|
|
let token;
|
|
|
|
let tokenIsCorrect;
|
2020-03-30 18:26:47 +03:00
|
|
|
|
|
|
|
token = security.tokens.resetToken.generateHash({
|
|
|
|
email: 'test1@ghost.org',
|
|
|
|
expires: expires,
|
|
|
|
password: '12345678',
|
|
|
|
dbHash: dbHash
|
|
|
|
});
|
|
|
|
|
|
|
|
tokenIsCorrect = security.tokens.resetToken.compare({
|
|
|
|
token: token,
|
|
|
|
dbHash: dbHash,
|
|
|
|
password: '12345678'
|
|
|
|
});
|
|
|
|
|
|
|
|
tokenIsCorrect.should.eql(true);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('compare: error', function () {
|
2020-04-29 18:44:27 +03:00
|
|
|
const expires = Date.now() + 60 * 1000;
|
|
|
|
const dbHash = uuid.v4();
|
|
|
|
let token;
|
|
|
|
let tokenIsCorrect;
|
2020-03-30 18:26:47 +03:00
|
|
|
|
|
|
|
token = security.tokens.resetToken.generateHash({
|
|
|
|
email: 'test1@ghost.org',
|
|
|
|
expires: expires,
|
|
|
|
password: '12345678',
|
|
|
|
dbHash: dbHash
|
|
|
|
});
|
|
|
|
|
|
|
|
tokenIsCorrect = security.tokens.resetToken.compare({
|
|
|
|
token: token,
|
|
|
|
dbHash: dbHash,
|
|
|
|
password: '123456'
|
|
|
|
});
|
|
|
|
|
|
|
|
tokenIsCorrect.should.eql(false);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('extract', function () {
|
2020-04-29 18:44:27 +03:00
|
|
|
const expires = Date.now() + 60 * 1000;
|
|
|
|
const dbHash = uuid.v4();
|
|
|
|
let token;
|
|
|
|
let parts;
|
|
|
|
const email = 'test1@ghost.org';
|
2020-03-30 18:26:47 +03:00
|
|
|
|
|
|
|
token = security.tokens.resetToken.generateHash({
|
|
|
|
email: email,
|
|
|
|
expires: expires,
|
|
|
|
password: '12345678',
|
|
|
|
dbHash: dbHash
|
|
|
|
});
|
|
|
|
|
|
|
|
parts = security.tokens.resetToken.extract({
|
|
|
|
token: token
|
|
|
|
});
|
|
|
|
|
|
|
|
parts.email.should.eql(email);
|
|
|
|
parts.expires.should.eql(expires);
|
|
|
|
should.not.exist(parts.password);
|
|
|
|
should.not.exist(parts.dbHash);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('extract', function () {
|
2020-04-29 18:44:27 +03:00
|
|
|
const expires = Date.now() + 60 * 1000;
|
|
|
|
const dbHash = uuid.v4();
|
|
|
|
let token;
|
|
|
|
let parts;
|
|
|
|
const email = 'test3@ghost.org';
|
2020-03-30 18:26:47 +03:00
|
|
|
|
|
|
|
token = security.tokens.resetToken.generateHash({
|
|
|
|
email: email,
|
|
|
|
expires: expires,
|
|
|
|
password: '$2a$10$t5dY1uRRdjvqfNlXhae3uuc0nuhi.Rd7/K/9JaHHwSkLm6UUa3NsW',
|
|
|
|
dbHash: dbHash
|
|
|
|
});
|
|
|
|
|
|
|
|
parts = security.tokens.resetToken.extract({
|
|
|
|
token: token
|
|
|
|
});
|
|
|
|
|
|
|
|
parts.email.should.eql(email);
|
|
|
|
parts.expires.should.eql(expires);
|
|
|
|
should.not.exist(parts.password);
|
|
|
|
should.not.exist(parts.dbHash);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('can validate an URI encoded reset token', function () {
|
2020-04-29 18:44:27 +03:00
|
|
|
const expires = Date.now() + 60 * 1000;
|
|
|
|
const email = 'test1@ghost.org';
|
|
|
|
const dbHash = uuid.v4();
|
|
|
|
let token;
|
|
|
|
let tokenIsCorrect;
|
|
|
|
let parts;
|
2020-03-30 18:26:47 +03:00
|
|
|
|
|
|
|
token = security.tokens.resetToken.generateHash({
|
|
|
|
email: email,
|
|
|
|
expires: expires,
|
|
|
|
password: '12345678',
|
|
|
|
dbHash: dbHash
|
|
|
|
});
|
|
|
|
|
|
|
|
token = security.url.encodeBase64(token);
|
|
|
|
token = encodeURIComponent(token);
|
|
|
|
token = decodeURIComponent(token);
|
|
|
|
token = security.url.decodeBase64(token);
|
|
|
|
|
|
|
|
parts = security.tokens.resetToken.extract({
|
|
|
|
token: token
|
|
|
|
});
|
|
|
|
|
|
|
|
parts.email.should.eql(email);
|
|
|
|
parts.expires.should.eql(expires);
|
|
|
|
|
|
|
|
tokenIsCorrect = security.tokens.resetToken.compare({
|
|
|
|
token: token,
|
|
|
|
dbHash: dbHash,
|
|
|
|
password: '12345678'
|
|
|
|
});
|
|
|
|
|
|
|
|
tokenIsCorrect.should.eql(true);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|