authelia/test/suites/basic/scenarii/ResetPassword.ts

65 lines
3.0 KiB
TypeScript
Raw Normal View History

import SeleniumWebDriver from 'selenium-webdriver';
import ClickOnLink from '../../../helpers/ClickOnLink';
import ClickOn from '../../../helpers/ClickOn';
import FillField from "../../../helpers/FillField";
import {GetLinkFromEmail} from "../../../helpers/GetIdentityLink";
import FillLoginPageAndClick from "../../../helpers/FillLoginPageAndClick";
import IsSecondFactorStage from "../../../helpers/assertions/VerifyIsSecondFactorStage";
import VisitPageAndWaitUrlIs from '../../../helpers/behaviors/VisitPageAndWaitUrlIs';
import VerifyNotificationDisplayed from '../../../helpers/assertions/VerifyNotificationDisplayed';
import VerifyUrlIs from '../../../helpers/assertions/VerifyUrlIs';
2019-02-13 22:31:12 +00:00
import { StartDriver, StopDriver } from '../../../helpers/context/WithDriver';
import ResetPassword from '../../../helpers/behaviors/ResetPassword';
export default function() {
2019-02-13 22:31:12 +00:00
beforeEach(async function() {
this.driver = await StartDriver();
});
afterEach(async function() {
await StopDriver(this.driver);
})
it("should reset password for john", async function() {
await ResetPassword(this.driver, "john", "newpass");
await VerifyUrlIs(this.driver, "https://login.example.com:8080/#/");
await FillLoginPageAndClick(this.driver, "john", "newpass");
2019-02-09 22:20:37 +00:00
// The user reaches the second factor page using the new password.
await IsSecondFactorStage(this.driver);
// restore password
await ClickOnLink(this.driver, "Logout");
await ResetPassword(this.driver, "john", "password");
});
2019-02-09 22:20:37 +00:00
it("should make attacker think reset password is initiated", async function() {
await VisitPageAndWaitUrlIs(this.driver, "https://login.example.com:8080/#/");
2019-02-09 22:20:37 +00:00
await ClickOnLink(this.driver, "Forgot password\?");
await VerifyUrlIs(this.driver, "https://login.example.com:8080/#/forgot-password");
2019-02-09 22:20:37 +00:00
await FillField(this.driver, "username", "unknown");
await ClickOn(this.driver, SeleniumWebDriver.By.id('next-button'));
// The malicious user thinks the confirmation has been sent.
await VerifyUrlIs(this.driver, 'https://login.example.com:8080/#/confirmation-sent');
2019-02-09 22:20:37 +00:00
});
it("should notify passwords are different in reset form", async function() {
await VisitPageAndWaitUrlIs(this.driver, "https://login.example.com:8080/#/");
2019-02-09 22:20:37 +00:00
await ClickOnLink(this.driver, "Forgot password\?");
await VerifyUrlIs(this.driver, "https://login.example.com:8080/#/forgot-password");
2019-02-09 22:20:37 +00:00
await FillField(this.driver, "username", "john");
await ClickOn(this.driver, SeleniumWebDriver.By.id('next-button'));
await VerifyUrlIs(this.driver, 'https://login.example.com:8080/#/confirmation-sent');
2019-02-09 22:20:37 +00:00
await this.driver.sleep(500); // Simulate the time it takes to receive the e-mail.
const link = await GetLinkFromEmail();
await VisitPageAndWaitUrlIs(this.driver, link);
2019-02-09 22:20:37 +00:00
await FillField(this.driver, "password1", "newpass");
await FillField(this.driver, "password2", "badpass");
await ClickOn(this.driver, SeleniumWebDriver.By.id('reset-button'));
await VerifyNotificationDisplayed(this.driver, "The passwords are different.");
2019-02-09 22:20:37 +00:00
});
}