diff --git a/src/server/lib/Server.ts b/src/server/lib/Server.ts index c9d888a7..1123bb05 100644 --- a/src/server/lib/Server.ts +++ b/src/server/lib/Server.ts @@ -27,16 +27,15 @@ export default class Server { const viewsDirectory = Path.resolve(__dirname, "../views"); const publicHtmlDirectory = Path.resolve(__dirname, "../public_html"); + const expressSessionOptions = SessionConfigurationBuilder.build(config, deps); + const app = Express(); app.use(Express.static(publicHtmlDirectory)); app.use(BodyParser.urlencoded({ extended: false })); app.use(BodyParser.json()); + app.use(deps.session(expressSessionOptions)); - app.set("trust proxy", 1); // trust first proxy - - const sessionOptions = SessionConfigurationBuilder.build(config, deps); - app.use(deps.session(sessionOptions)); - + app.set("trust proxy", 1); app.set("views", viewsDirectory); app.set("view engine", "pug"); @@ -46,7 +45,6 @@ export default class Server { deps.winston.debug("Authelia configuration is %s", JSON.stringify(config, undefined, 2)); ServerVariables.fill(app, config, deps); - RestApi.setup(app); return new BluebirdPromise((resolve, reject) => { diff --git a/test/server/SessionConfigurationBuilder.test.ts b/test/server/SessionConfigurationBuilder.test.ts index 53891300..e6f94b23 100644 --- a/test/server/SessionConfigurationBuilder.test.ts +++ b/test/server/SessionConfigurationBuilder.test.ts @@ -6,7 +6,7 @@ import ConnectRedis = require("connect-redis"); import sinon = require("sinon"); import Assert = require("assert"); -describe.only("test session configuration builder", function () { +describe("test session configuration builder", function () { it("should return session options without redis options", function () { const configuration: AppConfiguration = { access_control: { @@ -94,8 +94,10 @@ describe.only("test session configuration builder", function () { store_in_memory: true }; + const RedisStoreMock = sinon.spy(); + const deps: GlobalDependencies = { - ConnectRedis: sinon.stub().returns({ RedisStore: sinon.spy() }) as any, + ConnectRedis: sinon.stub().returns(RedisStoreMock) as any, ldapjs: sinon.spy() as any, nedb: sinon.spy() as any, nodemailer: sinon.spy() as any, @@ -115,9 +117,15 @@ describe.only("test session configuration builder", function () { secure: false, maxAge: 3600, domain: "example.com" - } + }, + store: sinon.match.object as any }; - Assert(expectedOptions.store != undefined); + Assert((deps.ConnectRedis as sinon.SinonStub).calledWith(deps.session)); + Assert.equal(options.secret, expectedOptions.secret); + Assert.equal(options.resave, expectedOptions.resave); + Assert.equal(options.saveUninitialized, expectedOptions.saveUninitialized); + Assert.deepEqual(options.cookie, expectedOptions.cookie); + Assert(options.store != undefined); }); }); \ No newline at end of file diff --git a/test/server/server/PrivatePages.ts b/test/server/server/PrivatePages.ts new file mode 100644 index 00000000..dcc690ab --- /dev/null +++ b/test/server/server/PrivatePages.ts @@ -0,0 +1,177 @@ + +import Server from "../../../src/server/lib/Server"; +import LdapClient = require("../../../src/server/lib/LdapClient"); + +import BluebirdPromise = require("bluebird"); +import speakeasy = require("speakeasy"); +import request = require("request"); +import nedb = require("nedb"); +import { GlobalDependencies } from "../../../src/types/Dependencies"; +import { TOTPSecret } from "../../../src/types/TOTPSecret"; +import U2FMock = require("./../mocks/u2f"); +import Endpoints = require("../../../src/server/endpoints"); +import Requests = require("../requests"); +import Assert = require("assert"); +import Sinon = require("sinon"); +import Winston = require("winston"); +import MockDate = require("mockdate"); +import ExpressSession = require("express-session"); +import ldapjs = require("ldapjs"); + +const requestp = BluebirdPromise.promisifyAll(request) as typeof request; + +const PORT = 8090; +const BASE_URL = "http://localhost:" + PORT; +const requests = Requests(PORT); + +describe("Private pages of the server must not be accessible without session", function () { + let server: Server; + let transporter: any; + let u2f: U2FMock.U2FMock; + + beforeEach(function () { + const config = { + port: PORT, + ldap: { + url: "ldap://127.0.0.1:389", + base_dn: "ou=users,dc=example,dc=com", + user_name_attribute: "cn", + user: "cn=admin,dc=example,dc=com", + password: "password", + }, + session: { + secret: "session_secret", + expiration: 50000, + }, + store_in_memory: true, + notifier: { + gmail: { + username: "user@example.com", + password: "password" + } + } + }; + + const ldap_client = { + bind: Sinon.stub(), + search: Sinon.stub(), + modify: Sinon.stub(), + on: Sinon.spy() + }; + const ldap = { + Change: Sinon.spy(), + createClient: Sinon.spy(function () { + return ldap_client; + }) + }; + + u2f = U2FMock.U2FMock(); + + transporter = { + sendMail: Sinon.stub().yields() + }; + + const nodemailer = { + createTransport: Sinon.spy(function () { + return transporter; + }) + }; + + const ldap_document = { + object: { + mail: "test_ok@example.com", + } + }; + + const search_res = { + on: Sinon.spy(function (event: string, fn: (s: any) => void) { + if (event != "error") fn(ldap_document); + }) + }; + + ldap_client.bind.withArgs("cn=test_ok,ou=users,dc=example,dc=com", + "password").yields(undefined); + ldap_client.bind.withArgs("cn=admin,dc=example,dc=com", + "password").yields(undefined); + + ldap_client.bind.withArgs("cn=test_nok,ou=users,dc=example,dc=com", + "password").yields("error"); + + ldap_client.modify.yields(undefined); + ldap_client.search.yields(undefined, search_res); + + const deps: GlobalDependencies = { + u2f: u2f, + nedb: nedb, + nodemailer: nodemailer, + ldapjs: ldap, + session: ExpressSession, + winston: Winston, + speakeasy: speakeasy, + ConnectRedis: Sinon.spy() + }; + + server = new Server(); + return server.start(config, deps); + }); + + afterEach(function () { + server.stop(); + }); + + describe("Second factor endpoints must be protected if first factor is not validated", function () { + function should_post_and_reply_with(url: string, status_code: number): BluebirdPromise { + return requestp.postAsync(url).then(function (response: request.RequestResponse) { + Assert.equal(response.statusCode, status_code); + return BluebirdPromise.resolve(); + }); + } + + function should_get_and_reply_with(url: string, status_code: number): BluebirdPromise { + return requestp.getAsync(url).then(function (response: request.RequestResponse) { + Assert.equal(response.statusCode, status_code); + return BluebirdPromise.resolve(); + }); + } + + function should_post_and_reply_with_401(url: string): BluebirdPromise { + return should_post_and_reply_with(url, 401); + } + function should_get_and_reply_with_401(url: string): BluebirdPromise { + return should_get_and_reply_with(url, 401); + } + + it("should block " + Endpoints.SECOND_FACTOR_GET, function () { + return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_GET); + }); + + it("should block " + Endpoints.SECOND_FACTOR_U2F_IDENTITY_START_GET, function () { + return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_IDENTITY_START_GET); + }); + + it("should block " + Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_GET, function () { + return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_GET + "?identity_token=dummy"); + }); + + it("should block " + Endpoints.SECOND_FACTOR_U2F_REGISTER_REQUEST_GET, function () { + return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_REGISTER_REQUEST_GET); + }); + + it("should block " + Endpoints.SECOND_FACTOR_U2F_REGISTER_POST, function () { + return should_post_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_REGISTER_POST); + }); + + it("should block " + Endpoints.SECOND_FACTOR_U2F_SIGN_REQUEST_GET, function () { + return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_SIGN_REQUEST_GET); + }); + + it("should block " + Endpoints.SECOND_FACTOR_U2F_SIGN_POST, function () { + return should_post_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_SIGN_POST); + }); + + it("should block " + Endpoints.SECOND_FACTOR_TOTP_POST, function () { + return should_post_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_TOTP_POST); + }); + }); +}); + diff --git a/test/server/server/PublicPages.ts b/test/server/server/PublicPages.ts new file mode 100644 index 00000000..5d8fcec3 --- /dev/null +++ b/test/server/server/PublicPages.ts @@ -0,0 +1,165 @@ + +import Server from "../../../src/server/lib/Server"; +import LdapClient = require("../../../src/server/lib/LdapClient"); + +import BluebirdPromise = require("bluebird"); +import speakeasy = require("speakeasy"); +import Request = require("request"); +import nedb = require("nedb"); +import { GlobalDependencies } from "../../../src/types/Dependencies"; +import { TOTPSecret } from "../../../src/types/TOTPSecret"; +import U2FMock = require("./../mocks/u2f"); +import Endpoints = require("../../../src/server/endpoints"); +import Requests = require("../requests"); +import Assert = require("assert"); +import Sinon = require("sinon"); +import Winston = require("winston"); +import MockDate = require("mockdate"); +import ExpressSession = require("express-session"); +import ldapjs = require("ldapjs"); + +const requestp = BluebirdPromise.promisifyAll(Request) as typeof Request; + +const PORT = 8090; +const BASE_URL = "http://localhost:" + PORT; +const requests = Requests(PORT); + +describe("Public pages of the server must be accessible without session", function () { + let server: Server; + let transporter: object; + let u2f: U2FMock.U2FMock; + + beforeEach(function () { + const config = { + port: PORT, + ldap: { + url: "ldap://127.0.0.1:389", + base_dn: "ou=users,dc=example,dc=com", + user_name_attribute: "cn", + user: "cn=admin,dc=example,dc=com", + password: "password", + }, + session: { + secret: "session_secret", + expiration: 50000, + }, + store_in_memory: true, + notifier: { + gmail: { + username: "user@example.com", + password: "password" + } + } + }; + + const ldap_client = { + bind: Sinon.stub(), + search: Sinon.stub(), + modify: Sinon.stub(), + on: Sinon.spy() + }; + const ldap = { + Change: Sinon.spy(), + createClient: Sinon.spy(function () { + return ldap_client; + }) + }; + + u2f = U2FMock.U2FMock(); + + transporter = { + sendMail: Sinon.stub().yields() + }; + + const nodemailer = { + createTransport: Sinon.spy(function () { + return transporter; + }) + }; + + const ldap_document = { + object: { + mail: "test_ok@example.com", + } + }; + + const search_res = { + on: Sinon.spy(function (event: string, fn: (s: any) => void) { + if (event != "error") fn(ldap_document); + }) + }; + + ldap_client.bind.withArgs("cn=test_ok,ou=users,dc=example,dc=com", + "password").yields(undefined); + ldap_client.bind.withArgs("cn=admin,dc=example,dc=com", + "password").yields(undefined); + + ldap_client.bind.withArgs("cn=test_nok,ou=users,dc=example,dc=com", + "password").yields("error"); + + ldap_client.modify.yields(undefined); + ldap_client.search.yields(undefined, search_res); + + const deps: GlobalDependencies = { + u2f: u2f, + nedb: nedb, + nodemailer: nodemailer, + ldapjs: ldap, + session: ExpressSession, + winston: Winston, + speakeasy: speakeasy, + ConnectRedis: Sinon.spy() + }; + + server = new Server(); + return server.start(config, deps); + }); + + afterEach(function () { + server.stop(); + }); + + describe("test GET " + Endpoints.FIRST_FACTOR_GET, function () { + test_login(); + }); + + describe("test GET " + Endpoints.LOGOUT_GET, function () { + test_logout(); + }); + + describe("test GET" + Endpoints.RESET_PASSWORD_REQUEST_GET, function () { + test_reset_password_form(); + }); + + + function test_reset_password_form() { + it("should serve the reset password form page", function (done) { + requestp.getAsync(BASE_URL + Endpoints.RESET_PASSWORD_REQUEST_GET) + .then(function (response: Request.RequestResponse) { + Assert.equal(response.statusCode, 200); + done(); + }); + }); + } + + function test_login() { + it("should serve the login page", function (done) { + requestp.getAsync(BASE_URL + Endpoints.FIRST_FACTOR_GET) + .then(function (response: Request.RequestResponse) { + Assert.equal(response.statusCode, 200); + done(); + }); + }); + } + + function test_logout() { + it("should logout and redirect to /", function (done) { + requestp.getAsync(BASE_URL + Endpoints.LOGOUT_GET) + .then(function (response: any) { + Assert.equal(response.req.path, "/"); + done(); + }); + }); + } +}); + diff --git a/test/server/Server.test.ts b/test/server/server/Server.test.ts similarity index 53% rename from test/server/Server.test.ts rename to test/server/server/Server.test.ts index 29266927..b7396aa0 100644 --- a/test/server/Server.test.ts +++ b/test/server/server/Server.test.ts @@ -1,33 +1,34 @@ -import Server from "../../src/server/lib/Server"; -import LdapClient = require("../../src/server/lib/LdapClient"); -import { LdapjsClientMock } from "./mocks/ldapjs"; + +import Server from "../../../src/server/lib/Server"; +import LdapClient = require("../../../src/server/lib/LdapClient"); +import { LdapjsClientMock } from "./../mocks/ldapjs"; import BluebirdPromise = require("bluebird"); import speakeasy = require("speakeasy"); import request = require("request"); import nedb = require("nedb"); -import { GlobalDependencies } from "../../src/types/Dependencies"; -import { TOTPSecret } from "../../src/types/TOTPSecret"; -import U2FMock = require("./mocks/u2f"); -import Endpoints = require("../../src/server/endpoints"); - +import { GlobalDependencies } from "../../../src/types/Dependencies"; +import { TOTPSecret } from "../../../src/types/TOTPSecret"; +import U2FMock = require("./../mocks/u2f"); +import Endpoints = require("../../../src/server/endpoints"); +import Requests = require("../requests"); +import Assert = require("assert"); +import Sinon = require("sinon"); +import Winston = require("winston"); +import MockDate = require("mockdate"); +import ExpressSession = require("express-session"); +import ldapjs = require("ldapjs"); const requestp = BluebirdPromise.promisifyAll(request) as typeof request; -const assert = require("assert"); -const sinon = require("sinon"); -const MockDate = require("mockdate"); -const session = require("express-session"); -const winston = require("winston"); -const ldapjs = require("ldapjs"); const PORT = 8090; const BASE_URL = "http://localhost:" + PORT; -const requests = require("./requests")(PORT); +const requests = Requests(PORT); describe("test the server", function () { let server: Server; - let transporter: object; + let transporter: any; let u2f: U2FMock.U2FMock; beforeEach(function () { @@ -55,8 +56,8 @@ describe("test the server", function () { const ldapClient = LdapjsClientMock(); const ldap = { - Change: sinon.spy(), - createClient: sinon.spy(function () { + Change: Sinon.spy(), + createClient: Sinon.spy(function () { return ldapClient; }) }; @@ -64,11 +65,11 @@ describe("test the server", function () { u2f = U2FMock.U2FMock(); transporter = { - sendMail: sinon.stub().yields() + sendMail: Sinon.stub().yields() }; const nodemailer = { - createTransport: sinon.spy(function () { + createTransport: Sinon.spy(function () { return transporter; }) }; @@ -80,7 +81,7 @@ describe("test the server", function () { }; const search_res = { - on: sinon.spy(function (event: string, fn: (s: any) => void) { + on: Sinon.spy(function (event: string, fn: (s: any) => void) { if (event != "error") fn(ldapDocument); }) }; @@ -102,10 +103,10 @@ describe("test the server", function () { nedb: nedb, nodemailer: nodemailer, ldapjs: ldap, - session: session, - winston: winston, + session: ExpressSession, + winston: Winston, speakeasy: speakeasy, - ConnectRedis: sinon.spy() + ConnectRedis: Sinon.spy() }; server = new Server(); @@ -116,114 +117,17 @@ describe("test the server", function () { server.stop(); }); - describe("test GET " + Endpoints.FIRST_FACTOR_GET, function () { - test_login(); - }); - - describe("test GET " + Endpoints.LOGOUT_GET, function () { - test_logout(); - }); - - describe("test GET" + Endpoints.RESET_PASSWORD_REQUEST_GET, function () { - test_reset_password_form(); - }); - - describe("Second factor endpoints must be protected if first factor is not validated", function () { - function should_post_and_reply_with(url: string, status_code: number): BluebirdPromise { - return requestp.postAsync(url).then(function (response: request.RequestResponse) { - assert.equal(response.statusCode, status_code); - return BluebirdPromise.resolve(); - }); - } - - function should_get_and_reply_with(url: string, status_code: number): BluebirdPromise { - return requestp.getAsync(url).then(function (response: request.RequestResponse) { - assert.equal(response.statusCode, status_code); - return BluebirdPromise.resolve(); - }); - } - - function should_post_and_reply_with_401(url: string): BluebirdPromise { - return should_post_and_reply_with(url, 401); - } - function should_get_and_reply_with_401(url: string): BluebirdPromise { - return should_get_and_reply_with(url, 401); - } - - it("should block " + Endpoints.SECOND_FACTOR_GET, function () { - return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_GET); - }); - - it("should block " + Endpoints.SECOND_FACTOR_U2F_IDENTITY_START_GET, function () { - return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_IDENTITY_START_GET); - }); - - it("should block " + Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_GET, function () { - return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_GET + "?identity_token=dummy"); - }); - - it("should block " + Endpoints.SECOND_FACTOR_U2F_REGISTER_REQUEST_GET, function () { - return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_REGISTER_REQUEST_GET); - }); - - it("should block " + Endpoints.SECOND_FACTOR_U2F_REGISTER_POST, function () { - return should_post_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_REGISTER_POST); - }); - - it("should block " + Endpoints.SECOND_FACTOR_U2F_SIGN_REQUEST_GET, function () { - return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_SIGN_REQUEST_GET); - }); - - it("should block " + Endpoints.SECOND_FACTOR_U2F_SIGN_POST, function () { - return should_post_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_SIGN_POST); - }); - - it("should block " + Endpoints.SECOND_FACTOR_TOTP_POST, function () { - return should_post_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_TOTP_POST); - }); - }); - describe("test authentication and verification", function () { test_authentication(); test_reset_password(); test_regulation(); }); - function test_reset_password_form() { - it("should serve the reset password form page", function (done) { - requestp.getAsync(BASE_URL + Endpoints.RESET_PASSWORD_REQUEST_GET) - .then(function (response: request.RequestResponse) { - assert.equal(response.statusCode, 200); - done(); - }); - }); - } - - function test_login() { - it("should serve the login page", function (done) { - requestp.getAsync(BASE_URL + Endpoints.FIRST_FACTOR_GET) - .then(function (response: request.RequestResponse) { - assert.equal(response.statusCode, 200); - done(); - }); - }); - } - - function test_logout() { - it("should logout and redirect to /", function (done) { - requestp.getAsync(BASE_URL + Endpoints.LOGOUT_GET) - .then(function (response: any) { - assert.equal(response.req.path, "/"); - done(); - }); - }); - } - function test_authentication() { it("should return status code 401 when user is not authenticated", function () { return requestp.getAsync({ url: BASE_URL + Endpoints.VERIFY_GET }) .then(function (response: request.RequestResponse) { - assert.equal(response.statusCode, 401); + Assert.equal(response.statusCode, 401); return BluebirdPromise.resolve(); }); }); @@ -232,11 +136,11 @@ describe("test the server", function () { const j = requestp.jar(); return requests.login(j) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 200, "get login page failed"); + Assert.equal(res.statusCode, 200, "get login page failed"); return requests.first_factor(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 302, "first factor failed"); + Assert.equal(res.statusCode, 302, "first factor failed"); return requests.register_totp(j, transporter); }) .then(function (base32_secret: string) { @@ -247,11 +151,11 @@ describe("test the server", function () { return requests.totp(j, realToken); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 200, "second factor failed"); + Assert.equal(res.statusCode, 200, "second factor failed"); return requests.verify(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 204, "verify failed"); + Assert.equal(res.statusCode, 204, "verify failed"); return BluebirdPromise.resolve(); }) .catch(function (err: Error) { return BluebirdPromise.reject(err); }); @@ -261,11 +165,11 @@ describe("test the server", function () { const j = requestp.jar(); return requests.login(j) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 200, "get login page failed"); + Assert.equal(res.statusCode, 200, "get login page failed"); return requests.first_factor(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 302, "first factor failed"); + Assert.equal(res.statusCode, 302, "first factor failed"); return requests.register_totp(j, transporter); }) .then(function (base32_secret: string) { @@ -276,15 +180,15 @@ describe("test the server", function () { return requests.totp(j, realToken); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 200, "second factor failed"); + Assert.equal(res.statusCode, 200, "second factor failed"); return requests.login(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 200, "login page loading failed"); + Assert.equal(res.statusCode, 200, "login page loading failed"); return requests.verify(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 204, "verify failed"); + Assert.equal(res.statusCode, 204, "verify failed"); return BluebirdPromise.resolve(); }) .catch(function (err: Error) { return BluebirdPromise.reject(err); }); @@ -302,25 +206,25 @@ describe("test the server", function () { const j = requestp.jar(); return requests.login(j) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 200, "get login page failed"); + Assert.equal(res.statusCode, 200, "get login page failed"); return requests.first_factor(j); }) .then(function (res: request.RequestResponse) { // console.log(res); - assert.equal(res.headers.location, Endpoints.SECOND_FACTOR_GET); - assert.equal(res.statusCode, 302, "first factor failed"); + Assert.equal(res.headers.location, Endpoints.SECOND_FACTOR_GET); + Assert.equal(res.statusCode, 302, "first factor failed"); return requests.u2f_registration(j, transporter); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 200, "second factor, finish register failed"); + Assert.equal(res.statusCode, 200, "second factor, finish register failed"); return requests.u2f_authentication(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 200, "second factor, finish sign failed"); + Assert.equal(res.statusCode, 200, "second factor, finish sign failed"); return requests.verify(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 204, "verify failed"); + Assert.equal(res.statusCode, 204, "verify failed"); return BluebirdPromise.resolve(); }); }); @@ -331,16 +235,16 @@ describe("test the server", function () { const j = requestp.jar(); return requests.login(j) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 200, "get login page failed"); + Assert.equal(res.statusCode, 200, "get login page failed"); return requests.first_factor(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.headers.location, Endpoints.SECOND_FACTOR_GET); - assert.equal(res.statusCode, 302, "first factor failed"); + Assert.equal(res.headers.location, Endpoints.SECOND_FACTOR_GET); + Assert.equal(res.statusCode, 302, "first factor failed"); return requests.reset_password(j, transporter, "user", "new-password"); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 204, "second factor, finish register failed"); + Assert.equal(res.statusCode, 204, "second factor, finish register failed"); return BluebirdPromise.resolve(); }); }); @@ -352,28 +256,28 @@ describe("test the server", function () { MockDate.set("1/2/2017 00:00:00"); return requests.login(j) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 200, "get login page failed"); + Assert.equal(res.statusCode, 200, "get login page failed"); return requests.failing_first_factor(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 401, "first factor failed"); + Assert.equal(res.statusCode, 401, "first factor failed"); return requests.failing_first_factor(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 401, "first factor failed"); + Assert.equal(res.statusCode, 401, "first factor failed"); return requests.failing_first_factor(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 401, "first factor failed"); + Assert.equal(res.statusCode, 401, "first factor failed"); return requests.failing_first_factor(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 403, "first factor failed"); + Assert.equal(res.statusCode, 403, "first factor failed"); MockDate.set("1/2/2017 00:30:00"); return requests.failing_first_factor(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 401, "first factor failed"); + Assert.equal(res.statusCode, 401, "first factor failed"); return BluebirdPromise.resolve(); }); });