Skip to content

Commit

Permalink
Merge pull request #74 from gzp79/validate_captcha
Browse files Browse the repository at this point in the history 
Validate captcha
  • Loading branch information
@gzp79
gzp79 authored Jul 24, 2024
2 parents 6649290 + 2a8d7e0 commit a9a7033
Show file tree
Hide file tree
Showing 24 changed files with 749 additions and 398 deletions.
1 change: 1 addition & 0 deletions .vscode/settings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
"hmac",
"hset",
"httponly",
"idempotency",
"ipcity",
"ipcountry",
"jbang",
Expand Down
4 changes: 2 additions & 2 deletions integration-test/regression/auth_cookie_matrix.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ describe('Auth cookie consistency matrix', () => {
let tid, sid, eid: string;

{
const response = await api.request.loginWithToken(null, null, null, null, true);
const response = await api.request.loginWithToken(null, null, null, null, true, null);
expect(response).toHaveStatus(200);
const cookies = getCookies(response);
expect(cookies.tid).toBeValidTID();
Expand All @@ -64,7 +64,7 @@ describe('Auth cookie consistency matrix', () => {

//eid
{
const response = await api.request.linkWithOAuth2(sid);
const response = await api.request.linkWithOAuth2(sid, null);
expect(response).toHaveStatus(200);
const cookies = getCookies(response);
expect(cookies.eid).toBeValidEID();
Expand Down
68 changes: 63 additions & 5 deletions integration-test/regression/login_oauth2.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,10 +167,38 @@ describe('Login with OAuth2', () => {
mock = undefined!;
});

it('Login without captcha shall fail and redirect to the default error page', async () => {
const response = await api.request.loginWithOAuth2(null, null, null, undefined);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
'https://web.sandbox.com:8080/error?type=invalidInput&status=400'
);
expect(response.text).toContain('Failed to deserialize query string');

const cookies = getCookies(response);
expect(cookies.tid).toBeClearCookie();
expect(cookies.sid).toBeClearCookie();
expect(cookies.eid).toBeClearCookie();
});

it('Login with wrong captcha shall fail and redirect to the default error page', async () => {
const response = await api.request.loginWithOAuth2(null, null, null, 'invalid');
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
config.defaultRedirects.errorUrl + '?type=authError&status=400'
);
expect(response.text).toContain('"Captcha":"invalid-input-response"');

const cookies = getCookies(response);
expect(cookies.tid).toBeClearCookie();
expect(cookies.sid).toBeClearCookie();
expect(cookies.eid).toBeClearCookie();
});

it('Start login with (token: NULL, session: VALID) shall fail', async () => {
const { sid } = await api.auth.loginAsGuestUser();

const response = await api.request.loginWithOAuth2(null, sid, null);
const response = await api.request.loginWithOAuth2(null, sid, null, null);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
config.defaultRedirects.errorUrl + '?type=logoutRequired&status=400'
Expand All @@ -188,7 +216,7 @@ describe('Login with OAuth2', () => {
const { sid } = await api.auth.loginAsGuestUser();
await api.auth.logout(sid, false);

const response = await api.request.loginWithOAuth2(null, sid, null);
const response = await api.request.loginWithOAuth2(null, sid, null, null);
expect(response).toHaveStatus(200);
const redirectUrl = getPageRedirectUrl(response.text);
expect(redirectUrl).toStartWith(mock!.getUrlFor('authorize'));
Expand All @@ -202,7 +230,7 @@ describe('Login with OAuth2', () => {
it('Start login with (token: VALID, session: NULL) shall succeed', async () => {
const { tid } = await api.auth.loginAsGuestUser();

const response = await api.request.loginWithOAuth2(tid, null, null);
const response = await api.request.loginWithOAuth2(tid, null, null, null);
expect(response).toHaveStatus(200);
const redirectUrl = getPageRedirectUrl(response.text);
expect(redirectUrl).toStartWith(mock.getUrlFor('authorize'));
Expand All @@ -216,7 +244,7 @@ describe('Login with OAuth2', () => {
it('Start login with (token: VALID, session: VALID) shall succeed', async () => {
const { tid, sid } = await api.auth.loginAsGuestUser();

const response = await api.request.loginWithOAuth2(tid, sid, null);
const response = await api.request.loginWithOAuth2(tid, sid, null, null);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
config.defaultRedirects.errorUrl + '?type=logoutRequired&status=400'
Expand Down Expand Up @@ -297,8 +325,38 @@ describe('Link to OAuth2 account', () => {
mock = undefined!;
});

it('Link without captcha shall fail and redirect to the default error page', async () => {
const response = await api.request.linkWithOAuth2(null, undefined);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
'https://web.sandbox.com:8080/error?type=invalidInput&status=400'
);
expect(response.text).toContain('Failed to deserialize query string');

const cookies = getCookies(response);
expect(cookies.tid).toBeClearCookie();
expect(cookies.sid).toBeClearCookie();
expect(cookies.eid).toBeClearCookie();
});

it('Link with wrong captcha shall fail and redirect to the default error page', async () => {
const user = await TestUser.createGuest();

const response = await api.request.linkWithOAuth2(user.sid, 'invalid');
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
config.defaultRedirects.errorUrl + '?type=authError&status=400'
);
expect(response.text).toContain('"Captcha":"invalid-input-response"');

const cookies = getCookies(response);
expect(cookies.tid).toBeClearCookie();
expect(cookies.sid.value).toEqual(user.sid);
expect(cookies.eid).toBeClearCookie();
});

it('Linking without a session shall fail', async () => {
const response = await api.request.linkWithOAuth2(null);
const response = await api.request.linkWithOAuth2(null, null);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
config.defaultRedirects.errorUrl + '?type=loginRequired&status=401'
Expand Down
68 changes: 63 additions & 5 deletions integration-test/regression/login_openid.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,10 +200,38 @@ describe('Login with OpenId', () => {
mock = undefined!;
});

it('Login without captcha shall fail and redirect to the default error page', async () => {
const response = await api.request.loginWithOpenId(null, null, null, undefined);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
'https://web.sandbox.com:8080/error?type=invalidInput&status=400'
);
expect(response.text).toContain('Failed to deserialize query string');

const cookies = getCookies(response);
expect(cookies.tid).toBeClearCookie();
expect(cookies.sid).toBeClearCookie();
expect(cookies.eid).toBeClearCookie();
});

it('Login with wrong captcha shall fail and redirect to the default error page', async () => {
const response = await api.request.loginWithOpenId(null, null, null, 'invalid');
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
config.defaultRedirects.errorUrl + '?type=authError&status=400'
);
expect(response.text).toContain('"Captcha":"invalid-input-response"');

const cookies = getCookies(response);
expect(cookies.tid).toBeClearCookie();
expect(cookies.sid).toBeClearCookie();
expect(cookies.eid).toBeClearCookie();
});

it('Start login with (token: NULL, session: VALID) shall fail', async () => {
const { sid } = await api.auth.loginAsGuestUser();

const response = await api.request.loginWithOpenId(null, sid, null);
const response = await api.request.loginWithOpenId(null, sid, null, null);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
config.defaultRedirects.errorUrl + '?type=logoutRequired&status=400'
Expand All @@ -221,7 +249,7 @@ describe('Login with OpenId', () => {
const { sid } = await api.auth.loginAsGuestUser();
await api.auth.logout(sid, false);

const response = await api.request.loginWithOpenId(null, sid, null);
const response = await api.request.loginWithOpenId(null, sid, null, null);
expect(response).toHaveStatus(200);
const redirectUrl = getPageRedirectUrl(response.text);
expect(redirectUrl).toStartWith(mock!.getUrlFor('authorize'));
Expand All @@ -235,7 +263,7 @@ describe('Login with OpenId', () => {
it('Start login with (token: VALID, session: NULL) shall succeed', async () => {
const { tid } = await api.auth.loginAsGuestUser();

const response = await api.request.loginWithOpenId(tid, null, null);
const response = await api.request.loginWithOpenId(tid, null, null, null);
expect(response).toHaveStatus(200);
const redirectUrl = getPageRedirectUrl(response.text);
expect(redirectUrl).toStartWith(mock.getUrlFor('authorize'));
Expand All @@ -249,7 +277,7 @@ describe('Login with OpenId', () => {
it('Start login with (token: VALID, session: VALID) shall succeed', async () => {
const { tid, sid } = await api.auth.loginAsGuestUser();

const response = await api.request.loginWithOpenId(tid, sid, null);
const response = await api.request.loginWithOpenId(tid, sid, null, null);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
config.defaultRedirects.errorUrl + '?type=logoutRequired&status=400'
Expand Down Expand Up @@ -334,8 +362,38 @@ describe('Link to OpenId account', () => {
mock = undefined!;
});

it('Link without captcha shall fail and redirect to the default error page', async () => {
const response = await api.request.linkWithOpenId(null, undefined);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
'https://web.sandbox.com:8080/error?type=invalidInput&status=400'
);
expect(response.text).toContain('Failed to deserialize query string');

const cookies = getCookies(response);
expect(cookies.tid).toBeClearCookie();
expect(cookies.sid).toBeClearCookie();
expect(cookies.eid).toBeClearCookie();
});

it('Link with wrong captcha shall fail and redirect to the default error page', async () => {
const user = await TestUser.createGuest();

const response = await api.request.linkWithOpenId(user.sid, 'invalid');
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
config.defaultRedirects.errorUrl + '?type=authError&status=400'
);
expect(response.text).toContain('"Captcha":"invalid-input-response"');

const cookies = getCookies(response);
expect(cookies.tid).toBeClearCookie();
expect(cookies.sid.value).toEqual(user.sid);
expect(cookies.eid).toBeClearCookie();
});

it('Linking without a session shall fail', async () => {
const response = await api.request.linkWithOpenId(null);
const response = await api.request.linkWithOpenId(null, null);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
config.defaultRedirects.errorUrl + '?type=loginRequired&status=401'
Expand Down
55 changes: 45 additions & 10 deletions integration-test/regression/login_token.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,37 @@ import { TestUser } from '$lib/test_user';
import config from '../test.config';

describe('Login with token for new user', () => {
it('Login without captcha shall fail and redirect to the default error page', async () => {
const response = await api.request.loginWithToken(null, null, null, null, null, undefined);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
'https://web.sandbox.com:8080/error?type=invalidInput&status=400'
);
expect(response.text).toContain('Failed to deserialize query string');

const cookies = getCookies(response);
expect(cookies.tid).toBeClearCookie();
expect(cookies.sid).toBeClearCookie();
expect(cookies.eid).toBeClearCookie();
});

it('Login with wrong captcha shall fail and redirect to the default error page', async () => {
const response = await api.request.loginWithToken(null, null, null, null, null, 'invalid');
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
config.defaultRedirects.errorUrl + '?type=authError&status=400'
);
expect(response.text).toContain('"Captcha":"invalid-input-response"');

const cookies = getCookies(response);
expect(cookies.tid).toBeClearCookie();
expect(cookies.sid).toBeClearCookie();
expect(cookies.eid).toBeClearCookie();
});

it('Login with (token: NO, rememberMe: INVALID) shall fail and redirect to the default error page', async () => {
const response = await api.request
.loginWithToken(null, null, null, null, null)
.loginWithToken(null, null, null, null, null, null)
.query({ rememberMe: 'invalid' });
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
Expand All @@ -22,7 +50,7 @@ describe('Login with token for new user', () => {
});

it('Login with (token: NO, redirectMe: NO) shall fail and redirect to the login page', async () => {
const response = await api.request.loginWithToken(null, null, null, null, null);
const response = await api.request.loginWithToken(null, null, null, null, null, null);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(config.defaultRedirects.loginUrl);

Expand All @@ -33,7 +61,7 @@ describe('Login with token for new user', () => {
});

it('Login with (token: NO, rememberMe: false) shall fail and redirect to the login page', async () => {
const response = await api.request.loginWithToken(null, null, null, null, false);
const response = await api.request.loginWithToken(null, null, null, null, false, null);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(config.defaultRedirects.loginUrl);

Expand All @@ -44,7 +72,7 @@ describe('Login with token for new user', () => {
});

it('Login with (token: NONE, rememberMe: true) shall succeed and register a new user', async () => {
const response = await api.request.loginWithToken(null, null, null, null, true);
const response = await api.request.loginWithToken(null, null, null, null, true, null);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(config.defaultRedirects.redirectUrl);

Expand Down Expand Up @@ -89,7 +117,7 @@ describe('Login with token for returning user', () => {

beforeEach(async () => {
console.log('Register a new user...');
const response = await api.request.loginWithToken(null, null, null, null, true);
const response = await api.request.loginWithToken(null, null, null, null, true, null);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(config.defaultRedirects.redirectUrl);

Expand All @@ -110,7 +138,7 @@ describe('Login with token for returning user', () => {
});

it('Login with (token: NULL, session: VALID, rememberMe: true) shall fail with logout required', async () => {
const response = await api.request.loginWithToken(null, userCookies.sid, null, null, true);
const response = await api.request.loginWithToken(null, userCookies.sid, null, null, true, null);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
config.defaultRedirects.errorUrl + '?type=logoutRequired&status=400'
Expand All @@ -126,7 +154,14 @@ describe('Login with token for returning user', () => {
});

it('Login with (token: VALID, session: VALID, rememberMe: true) shall fail with logout required', async () => {
const response = await api.request.loginWithToken(userCookies.tid, userCookies.sid, null, null, true);
const response = await api.request.loginWithToken(
userCookies.tid,
userCookies.sid,
null,
null,
true,
null
);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(
config.defaultRedirects.errorUrl + '?type=logoutRequired&status=400'
Expand All @@ -143,7 +178,7 @@ describe('Login with token for returning user', () => {
});

it('Login with (token: VALID, session: NULL, rememberMe: NULL) shall succeed and login the user', async () => {
const response = await api.request.loginWithToken(userCookies.tid, null, null, null, null);
const response = await api.request.loginWithToken(userCookies.tid, null, null, null, null, null);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(config.defaultRedirects.redirectUrl);

Expand All @@ -157,7 +192,7 @@ describe('Login with token for returning user', () => {
});

it('Login with (token: VALID, session: NULL, rememberMe: false) shall succeed and login the user', async () => {
const response = await api.request.loginWithToken(userCookies.tid, null, null, null, false);
const response = await api.request.loginWithToken(userCookies.tid, null, null, null, false, null);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(config.defaultRedirects.redirectUrl);

Expand All @@ -171,7 +206,7 @@ describe('Login with token for returning user', () => {
});

it('Login with (token: VALID, session: NULL, rememberMe: true) shall succeed and login the user', async () => {
const response = await api.request.loginWithToken(userCookies.tid, null, null, null, true);
const response = await api.request.loginWithToken(userCookies.tid, null, null, null, true, null);
expect(response).toHaveStatus(200);
expect(getPageRedirectUrl(response.text)).toEqual(config.defaultRedirects.redirectUrl);

Expand Down
Loading

0 comments on commit a9a7033

Please sign in to comment.