authelia/test/suites/Basic/scenarii/ResetPassword.ts
Clement Michaud a991379a74 Declare suites as Go structs and bootstrap e2e test framework in Go.
Some tests are not fully rewritten in Go, a typescript wrapper is called
instead until we remove the remaining TS tests and dependencies.

Also, dockerize every components (mainly Authelia backend, frontend and kind)
so that the project does not interfere with user host anymore (open ports for instance).
The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts.
It will soon be avoided using authelia.com domain that I own.
2019-11-15 20:23:06 +01:00

65 lines
3.0 KiB
TypeScript

import SeleniumWebDriver from 'selenium-webdriver';
import ClickOnLink from '../../../helpers/ClickOnLink';
import ClickOn from '../../../helpers/ClickOn';
import FillField from "../../../helpers/FillField";
import {GetLinkFromEmail} from "../../../helpers/GetIdentityLink";
import FillLoginPageAndClick from "../../../helpers/FillLoginPageAndClick";
import IsSecondFactorStage from "../../../helpers/assertions/VerifyIsSecondFactorStage";
import VisitPageAndWaitUrlIs from '../../../helpers/behaviors/VisitPageAndWaitUrlIs';
import VerifyNotificationDisplayed from '../../../helpers/assertions/VerifyNotificationDisplayed';
import VerifyUrlIs from '../../../helpers/assertions/VerifyUrlIs';
import { StartDriver, StopDriver } from '../../../helpers/context/WithDriver';
import ResetPassword from '../../../helpers/behaviors/ResetPassword';
export default function() {
beforeEach(async function() {
this.driver = await StartDriver();
});
afterEach(async function() {
await StopDriver(this.driver);
})
it("should reset password for john", async function() {
await ResetPassword(this.driver, "john", "newpass");
await VerifyUrlIs(this.driver, "https://login.example.com:8080/#/");
await FillLoginPageAndClick(this.driver, "john", "newpass");
// The user reaches the second factor page using the new password.
await IsSecondFactorStage(this.driver);
// restore password
await ClickOnLink(this.driver, "Logout");
await ResetPassword(this.driver, "john", "password");
});
it("should make attacker think reset password is initiated", async function() {
await VisitPageAndWaitUrlIs(this.driver, "https://login.example.com:8080/#/");
await ClickOnLink(this.driver, "Forgot password\?");
await VerifyUrlIs(this.driver, "https://login.example.com:8080/#/forgot-password");
await FillField(this.driver, "username", "unknown");
await ClickOn(this.driver, SeleniumWebDriver.By.id('next-button'));
// The malicious user thinks the confirmation has been sent.
await VerifyUrlIs(this.driver, 'https://login.example.com:8080/#/confirmation-sent');
});
it("should notify passwords are different in reset form", async function() {
await VisitPageAndWaitUrlIs(this.driver, "https://login.example.com:8080/#/");
await ClickOnLink(this.driver, "Forgot password\?");
await VerifyUrlIs(this.driver, "https://login.example.com:8080/#/forgot-password");
await FillField(this.driver, "username", "john");
await ClickOn(this.driver, SeleniumWebDriver.By.id('next-button'));
await VerifyUrlIs(this.driver, 'https://login.example.com:8080/#/confirmation-sent');
await this.driver.sleep(500); // Simulate the time it takes to receive the e-mail.
const link = await GetLinkFromEmail();
await VisitPageAndWaitUrlIs(this.driver, link);
await FillField(this.driver, "password1", "newpass");
await FillField(this.driver, "password2", "badpass");
await ClickOn(this.driver, SeleniumWebDriver.By.id('reset-button'));
await VerifyNotificationDisplayed(this.driver, "The passwords are different.");
});
}