2019-01-30 15:47:03 +00:00
|
|
|
import SeleniumWebDriver from 'selenium-webdriver';
|
2019-01-30 15:50:49 +00:00
|
|
|
|
|
|
|
import ClickOnLink from '../../../helpers/ClickOnLink';
|
|
|
|
import ClickOn from '../../../helpers/ClickOn';
|
|
|
|
import FillField from "../../../helpers/FillField";
|
|
|
|
import {GetLinkFromEmail} from "../../../helpers/GetIdentityLink";
|
|
|
|
import FillLoginPageAndClick from "../../../helpers/FillLoginPageAndClick";
|
2019-02-12 22:23:43 +00:00
|
|
|
import IsSecondFactorStage from "../../../helpers/assertions/VerifyIsSecondFactorStage";
|
2019-02-12 22:41:19 +00:00
|
|
|
import VisitPageAndWaitUrlIs from '../../../helpers/behaviors/VisitPageAndWaitUrlIs';
|
2019-02-13 22:08:28 +00:00
|
|
|
import VerifyNotificationDisplayed from '../../../helpers/assertions/VerifyNotificationDisplayed';
|
2019-02-13 22:10:00 +00:00
|
|
|
import VerifyUrlIs from '../../../helpers/assertions/VerifyUrlIs';
|
2019-02-13 22:31:12 +00:00
|
|
|
import { StartDriver, StopDriver } from '../../../helpers/context/WithDriver';
|
2019-04-24 21:52:08 +00:00
|
|
|
import ResetPassword from '../../../helpers/behaviors/ResetPassword';
|
2019-01-30 15:47:03 +00:00
|
|
|
|
|
|
|
export default function() {
|
2019-02-13 22:31:12 +00:00
|
|
|
beforeEach(async function() {
|
|
|
|
this.driver = await StartDriver();
|
|
|
|
});
|
|
|
|
|
|
|
|
afterEach(async function() {
|
|
|
|
await StopDriver(this.driver);
|
|
|
|
})
|
|
|
|
|
2019-01-30 15:47:03 +00:00
|
|
|
it("should reset password for john", async function() {
|
2019-04-24 21:52:08 +00:00
|
|
|
await ResetPassword(this.driver, "john", "newpass");
|
2019-03-03 22:51:52 +00:00
|
|
|
await VerifyUrlIs(this.driver, "https://login.example.com:8080/#/");
|
2019-01-30 15:47:03 +00:00
|
|
|
await FillLoginPageAndClick(this.driver, "john", "newpass");
|
2019-02-09 22:20:37 +00:00
|
|
|
|
|
|
|
// The user reaches the second factor page using the new password.
|
2019-01-30 15:47:03 +00:00
|
|
|
await IsSecondFactorStage(this.driver);
|
2019-04-24 21:52:08 +00:00
|
|
|
|
|
|
|
// restore password
|
|
|
|
await ClickOnLink(this.driver, "Logout");
|
|
|
|
await ResetPassword(this.driver, "john", "password");
|
2019-01-30 15:47:03 +00:00
|
|
|
});
|
2019-02-09 22:20:37 +00:00
|
|
|
|
2019-04-24 21:52:08 +00:00
|
|
|
it("should make attacker think reset password is initiated", async function() {
|
2019-03-03 22:51:52 +00:00
|
|
|
await VisitPageAndWaitUrlIs(this.driver, "https://login.example.com:8080/#/");
|
2019-02-09 22:20:37 +00:00
|
|
|
await ClickOnLink(this.driver, "Forgot password\?");
|
2019-03-03 22:51:52 +00:00
|
|
|
await VerifyUrlIs(this.driver, "https://login.example.com:8080/#/forgot-password");
|
2019-02-09 22:20:37 +00:00
|
|
|
await FillField(this.driver, "username", "unknown");
|
|
|
|
await ClickOn(this.driver, SeleniumWebDriver.By.id('next-button'));
|
|
|
|
|
|
|
|
// The malicious user thinks the confirmation has been sent.
|
2019-03-03 22:51:52 +00:00
|
|
|
await VerifyUrlIs(this.driver, 'https://login.example.com:8080/#/confirmation-sent');
|
2019-02-09 22:20:37 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
it("should notify passwords are different in reset form", async function() {
|
2019-03-03 22:51:52 +00:00
|
|
|
await VisitPageAndWaitUrlIs(this.driver, "https://login.example.com:8080/#/");
|
2019-02-09 22:20:37 +00:00
|
|
|
await ClickOnLink(this.driver, "Forgot password\?");
|
2019-03-03 22:51:52 +00:00
|
|
|
await VerifyUrlIs(this.driver, "https://login.example.com:8080/#/forgot-password");
|
2019-02-09 22:20:37 +00:00
|
|
|
await FillField(this.driver, "username", "john");
|
|
|
|
await ClickOn(this.driver, SeleniumWebDriver.By.id('next-button'));
|
2019-03-03 22:51:52 +00:00
|
|
|
await VerifyUrlIs(this.driver, 'https://login.example.com:8080/#/confirmation-sent');
|
2019-02-09 22:20:37 +00:00
|
|
|
|
|
|
|
await this.driver.sleep(500); // Simulate the time it takes to receive the e-mail.
|
|
|
|
const link = await GetLinkFromEmail();
|
2019-02-12 22:41:19 +00:00
|
|
|
await VisitPageAndWaitUrlIs(this.driver, link);
|
2019-02-09 22:20:37 +00:00
|
|
|
await FillField(this.driver, "password1", "newpass");
|
|
|
|
await FillField(this.driver, "password2", "badpass");
|
|
|
|
await ClickOn(this.driver, SeleniumWebDriver.By.id('reset-button'));
|
2019-02-13 22:08:28 +00:00
|
|
|
await VerifyNotificationDisplayed(this.driver, "The passwords are different.");
|
2019-02-09 22:20:37 +00:00
|
|
|
});
|
2019-01-30 15:47:03 +00:00
|
|
|
}
|