2017-05-16 21:17:46 +00:00
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
import Server from "../../src/server/lib/Server";
|
|
|
|
|
import LdapClient = require("../../src/server/lib/LdapClient");
|
2017-06-14 22:22:16 +00:00
|
|
|
import { LdapjsClientMock } from "./mocks/ldapjs";
|
2017-05-16 21:17:46 +00:00
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
import BluebirdPromise = require("bluebird");
|
2017-05-20 17:16:57 +00:00
|
|
|
import speakeasy = require("speakeasy");
|
|
|
|
|
import request = require("request");
|
|
|
|
|
import nedb = require("nedb");
|
2017-06-29 17:41:05 +00:00
|
|
|
import { GlobalDependencies } from "../../src/types/Dependencies";
|
2017-05-20 17:16:57 +00:00
|
|
|
import { TOTPSecret } from "../../src/types/TOTPSecret";
|
2017-05-25 13:09:29 +00:00
|
|
|
import U2FMock = require("./mocks/u2f");
|
|
|
|
|
import Endpoints = require("../../src/server/endpoints");
|
2017-05-16 21:17:46 +00:00
|
|
|
|
|
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
const requestp = BluebirdPromise.promisifyAll(request) as typeof request;
|
2017-05-16 21:17:46 +00:00
|
|
|
const assert = require("assert");
|
|
|
|
|
const sinon = require("sinon");
|
|
|
|
|
const MockDate = require("mockdate");
|
|
|
|
|
const session = require("express-session");
|
|
|
|
|
const winston = require("winston");
|
|
|
|
|
const ldapjs = require("ldapjs");
|
|
|
|
|
|
|
|
|
|
const PORT = 8090;
|
|
|
|
|
const BASE_URL = "http://localhost:" + PORT;
|
|
|
|
|
const requests = require("./requests")(PORT);
|
|
|
|
|
|
|
|
|
|
describe("test the server", function () {
|
|
|
|
|
let server: Server;
|
|
|
|
|
let transporter: object;
|
2017-05-25 13:09:29 +00:00
|
|
|
let u2f: U2FMock.U2FMock;
|
2017-05-16 21:17:46 +00:00
|
|
|
|
|
|
|
|
beforeEach(function () {
|
|
|
|
|
const config = {
|
|
|
|
|
port: PORT,
|
|
|
|
|
ldap: {
|
|
|
|
|
url: "ldap://127.0.0.1:389",
|
|
|
|
|
base_dn: "ou=users,dc=example,dc=com",
|
|
|
|
|
user_name_attribute: "cn",
|
|
|
|
|
user: "cn=admin,dc=example,dc=com",
|
|
|
|
|
password: "password",
|
|
|
|
|
},
|
|
|
|
|
session: {
|
|
|
|
|
secret: "session_secret",
|
|
|
|
|
expiration: 50000,
|
|
|
|
|
},
|
|
|
|
|
store_in_memory: true,
|
|
|
|
|
notifier: {
|
|
|
|
|
gmail: {
|
2017-05-20 07:49:05 +00:00
|
|
|
username: "user@example.com",
|
|
|
|
|
password: "password"
|
2017-05-16 21:17:46 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2017-06-14 22:22:16 +00:00
|
|
|
const ldapClient = LdapjsClientMock();
|
2017-05-16 21:17:46 +00:00
|
|
|
const ldap = {
|
|
|
|
|
Change: sinon.spy(),
|
|
|
|
|
createClient: sinon.spy(function () {
|
2017-06-14 22:22:16 +00:00
|
|
|
return ldapClient;
|
2017-05-16 21:17:46 +00:00
|
|
|
})
|
|
|
|
|
};
|
|
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
u2f = U2FMock.U2FMock();
|
2017-05-16 21:17:46 +00:00
|
|
|
|
|
|
|
|
transporter = {
|
|
|
|
|
sendMail: sinon.stub().yields()
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const nodemailer = {
|
|
|
|
|
createTransport: sinon.spy(function () {
|
|
|
|
|
return transporter;
|
|
|
|
|
})
|
|
|
|
|
};
|
|
|
|
|
|
2017-06-14 22:22:16 +00:00
|
|
|
const ldapDocument = {
|
2017-05-16 21:17:46 +00:00
|
|
|
object: {
|
|
|
|
|
mail: "test_ok@example.com",
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const search_res = {
|
|
|
|
|
on: sinon.spy(function (event: string, fn: (s: any) => void) {
|
2017-06-14 22:22:16 +00:00
|
|
|
if (event != "error") fn(ldapDocument);
|
2017-05-16 21:17:46 +00:00
|
|
|
})
|
|
|
|
|
};
|
|
|
|
|
|
2017-06-14 22:22:16 +00:00
|
|
|
ldapClient.bind.withArgs("cn=test_ok,ou=users,dc=example,dc=com",
|
|
|
|
|
"password").yields();
|
|
|
|
|
ldapClient.bind.withArgs("cn=admin,dc=example,dc=com",
|
|
|
|
|
"password").yields();
|
2017-05-16 21:17:46 +00:00
|
|
|
|
2017-06-14 22:22:16 +00:00
|
|
|
ldapClient.bind.withArgs("cn=test_nok,ou=users,dc=example,dc=com",
|
2017-05-16 21:17:46 +00:00
|
|
|
"password").yields("error");
|
|
|
|
|
|
2017-06-14 22:22:16 +00:00
|
|
|
ldapClient.unbind.yields();
|
|
|
|
|
ldapClient.modify.yields();
|
|
|
|
|
ldapClient.search.yields(undefined, search_res);
|
2017-05-16 21:17:46 +00:00
|
|
|
|
2017-06-29 17:41:05 +00:00
|
|
|
const deps: GlobalDependencies = {
|
2017-05-16 21:17:46 +00:00
|
|
|
u2f: u2f,
|
|
|
|
|
nedb: nedb,
|
|
|
|
|
nodemailer: nodemailer,
|
|
|
|
|
ldapjs: ldap,
|
|
|
|
|
session: session,
|
|
|
|
|
winston: winston,
|
2017-06-29 17:41:05 +00:00
|
|
|
speakeasy: speakeasy,
|
|
|
|
|
ConnectRedis: sinon.spy()
|
2017-05-16 21:17:46 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
server = new Server();
|
|
|
|
|
return server.start(config, deps);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
afterEach(function () {
|
|
|
|
|
server.stop();
|
|
|
|
|
});
|
|
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
describe("test GET " + Endpoints.FIRST_FACTOR_GET, function () {
|
2017-05-16 21:17:46 +00:00
|
|
|
test_login();
|
|
|
|
|
});
|
|
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
describe("test GET " + Endpoints.LOGOUT_GET, function () {
|
2017-05-16 21:17:46 +00:00
|
|
|
test_logout();
|
|
|
|
|
});
|
|
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
describe("test GET" + Endpoints.RESET_PASSWORD_REQUEST_GET, function () {
|
2017-05-16 21:17:46 +00:00
|
|
|
test_reset_password_form();
|
|
|
|
|
});
|
|
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
describe("Second factor endpoints must be protected if first factor is not validated", function () {
|
|
|
|
|
function should_post_and_reply_with(url: string, status_code: number): BluebirdPromise<void> {
|
2017-05-16 21:17:46 +00:00
|
|
|
return requestp.postAsync(url).then(function (response: request.RequestResponse) {
|
|
|
|
|
assert.equal(response.statusCode, status_code);
|
2017-05-25 13:09:29 +00:00
|
|
|
return BluebirdPromise.resolve();
|
2017-05-16 21:17:46 +00:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
function should_get_and_reply_with(url: string, status_code: number): BluebirdPromise<void> {
|
2017-05-16 21:17:46 +00:00
|
|
|
return requestp.getAsync(url).then(function (response: request.RequestResponse) {
|
|
|
|
|
assert.equal(response.statusCode, status_code);
|
2017-05-25 13:09:29 +00:00
|
|
|
return BluebirdPromise.resolve();
|
2017-05-16 21:17:46 +00:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
function should_post_and_reply_with_401(url: string): BluebirdPromise<void> {
|
2017-05-16 21:17:46 +00:00
|
|
|
return should_post_and_reply_with(url, 401);
|
|
|
|
|
}
|
2017-05-25 13:09:29 +00:00
|
|
|
function should_get_and_reply_with_401(url: string): BluebirdPromise<void> {
|
2017-05-16 21:17:46 +00:00
|
|
|
return should_get_and_reply_with(url, 401);
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
it("should block " + Endpoints.SECOND_FACTOR_GET, function () {
|
|
|
|
|
return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_GET);
|
|
|
|
|
});
|
2017-05-16 21:17:46 +00:00
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
it("should block " + Endpoints.SECOND_FACTOR_U2F_IDENTITY_START_GET, function () {
|
|
|
|
|
return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_IDENTITY_START_GET);
|
2017-05-16 21:17:46 +00:00
|
|
|
});
|
|
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
it("should block " + Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_GET, function () {
|
|
|
|
|
return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_GET + "?identity_token=dummy");
|
2017-05-16 21:17:46 +00:00
|
|
|
});
|
|
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
it("should block " + Endpoints.SECOND_FACTOR_U2F_REGISTER_REQUEST_GET, function () {
|
|
|
|
|
return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_REGISTER_REQUEST_GET);
|
2017-05-16 21:17:46 +00:00
|
|
|
});
|
|
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
it("should block " + Endpoints.SECOND_FACTOR_U2F_REGISTER_POST, function () {
|
|
|
|
|
return should_post_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_REGISTER_POST);
|
2017-05-16 21:17:46 +00:00
|
|
|
});
|
|
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
it("should block " + Endpoints.SECOND_FACTOR_U2F_SIGN_REQUEST_GET, function () {
|
|
|
|
|
return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_SIGN_REQUEST_GET);
|
2017-05-16 21:17:46 +00:00
|
|
|
});
|
|
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
it("should block " + Endpoints.SECOND_FACTOR_U2F_SIGN_POST, function () {
|
|
|
|
|
return should_post_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_SIGN_POST);
|
2017-05-16 21:17:46 +00:00
|
|
|
});
|
|
|
|
|
|
2017-05-25 13:09:29 +00:00
|
|
|
it("should block " + Endpoints.SECOND_FACTOR_TOTP_POST, function () {
|
|
|
|
|
return should_post_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_TOTP_POST);
|
2017-05-16 21:17:46 +00:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe("test authentication and verification", function () {
|
|
|
|
|
test_authentication();
|
|
|
|
|
test_reset_password();
|
|
|
|
|
test_regulation();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
function test_reset_password_form() {
|
|
|
|
|
it("should serve the reset password form page", function (done) {
|
2017-05-25 13:09:29 +00:00
|
|
|
requestp.getAsync(BASE_URL + Endpoints.RESET_PASSWORD_REQUEST_GET)
|
2017-05-16 21:17:46 +00:00
|
|
|
.then(function (response: request.RequestResponse) {
|
|
|
|
|
assert.equal(response.statusCode, 200);
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function test_login() {
|
|
|
|
|
it("should serve the login page", function (done) {
|
2017-05-25 13:09:29 +00:00
|
|
|
requestp.getAsync(BASE_URL + Endpoints.FIRST_FACTOR_GET)
|
2017-05-16 21:17:46 +00:00
|
|
|
.then(function (response: request.RequestResponse) {
|
|
|
|
|
assert.equal(response.statusCode, 200);
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function test_logout() {
|
|
|
|
|
it("should logout and redirect to /", function (done) {
|
2017-05-25 13:09:29 +00:00
|
|
|
requestp.getAsync(BASE_URL + Endpoints.LOGOUT_GET)
|
2017-05-16 21:17:46 +00:00
|
|
|
.then(function (response: any) {
|
|
|
|
|
assert.equal(response.req.path, "/");
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function test_authentication() {
|
|
|
|
|
it("should return status code 401 when user is not authenticated", function () {
|
2017-05-25 13:09:29 +00:00
|
|
|
return requestp.getAsync({ url: BASE_URL + Endpoints.VERIFY_GET })
|
2017-05-16 21:17:46 +00:00
|
|
|
.then(function (response: request.RequestResponse) {
|
|
|
|
|
assert.equal(response.statusCode, 401);
|
2017-05-25 13:09:29 +00:00
|
|
|
return BluebirdPromise.resolve();
|
2017-05-16 21:17:46 +00:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("should return status code 204 when user is authenticated using totp", function () {
|
|
|
|
|
const j = requestp.jar();
|
|
|
|
|
return requests.login(j)
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
|
|
|
|
assert.equal(res.statusCode, 200, "get login page failed");
|
|
|
|
|
return requests.first_factor(j);
|
|
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
2017-05-25 13:09:29 +00:00
|
|
|
assert.equal(res.statusCode, 302, "first factor failed");
|
2017-05-16 21:17:46 +00:00
|
|
|
return requests.register_totp(j, transporter);
|
|
|
|
|
})
|
2017-05-25 13:09:29 +00:00
|
|
|
.then(function (base32_secret: string) {
|
2017-06-14 22:22:16 +00:00
|
|
|
const realToken = speakeasy.totp({
|
2017-05-25 13:09:29 +00:00
|
|
|
secret: base32_secret,
|
2017-05-16 21:17:46 +00:00
|
|
|
encoding: "base32"
|
|
|
|
|
});
|
2017-06-14 22:22:16 +00:00
|
|
|
return requests.totp(j, realToken);
|
2017-05-16 21:17:46 +00:00
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
2017-05-25 13:09:29 +00:00
|
|
|
assert.equal(res.statusCode, 200, "second factor failed");
|
2017-05-16 21:17:46 +00:00
|
|
|
return requests.verify(j);
|
|
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
|
|
|
|
assert.equal(res.statusCode, 204, "verify failed");
|
2017-05-25 13:09:29 +00:00
|
|
|
return BluebirdPromise.resolve();
|
2017-06-14 22:22:16 +00:00
|
|
|
})
|
|
|
|
|
.catch(function (err: Error) { return BluebirdPromise.reject(err); });
|
2017-05-16 21:17:46 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("should keep session variables when login page is reloaded", function () {
|
|
|
|
|
const j = requestp.jar();
|
|
|
|
|
return requests.login(j)
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
|
|
|
|
assert.equal(res.statusCode, 200, "get login page failed");
|
|
|
|
|
return requests.first_factor(j);
|
|
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
2017-06-14 22:22:16 +00:00
|
|
|
assert.equal(res.statusCode, 302, "first factor failed");
|
|
|
|
|
return requests.register_totp(j, transporter);
|
|
|
|
|
})
|
|
|
|
|
.then(function (base32_secret: string) {
|
|
|
|
|
const realToken = speakeasy.totp({
|
|
|
|
|
secret: base32_secret,
|
|
|
|
|
encoding: "base32"
|
|
|
|
|
});
|
|
|
|
|
return requests.totp(j, realToken);
|
2017-05-16 21:17:46 +00:00
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
2017-06-14 22:22:16 +00:00
|
|
|
assert.equal(res.statusCode, 200, "second factor failed");
|
2017-05-16 21:17:46 +00:00
|
|
|
return requests.login(j);
|
|
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
|
|
|
|
assert.equal(res.statusCode, 200, "login page loading failed");
|
|
|
|
|
return requests.verify(j);
|
|
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
|
|
|
|
assert.equal(res.statusCode, 204, "verify failed");
|
2017-05-25 13:09:29 +00:00
|
|
|
return BluebirdPromise.resolve();
|
2017-05-16 21:17:46 +00:00
|
|
|
})
|
2017-06-14 22:22:16 +00:00
|
|
|
.catch(function (err: Error) { return BluebirdPromise.reject(err); });
|
2017-05-16 21:17:46 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("should return status code 204 when user is authenticated using u2f", function () {
|
|
|
|
|
const sign_request = {};
|
|
|
|
|
const sign_status = {};
|
|
|
|
|
const registration_request = {};
|
|
|
|
|
const registration_status = {};
|
2017-05-25 13:09:29 +00:00
|
|
|
u2f.request.returns(BluebirdPromise.resolve(sign_request));
|
|
|
|
|
u2f.checkRegistration.returns(BluebirdPromise.resolve(sign_status));
|
|
|
|
|
u2f.checkSignature.returns(BluebirdPromise.resolve(registration_status));
|
2017-05-16 21:17:46 +00:00
|
|
|
|
|
|
|
|
const j = requestp.jar();
|
|
|
|
|
return requests.login(j)
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
|
|
|
|
assert.equal(res.statusCode, 200, "get login page failed");
|
|
|
|
|
return requests.first_factor(j);
|
|
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
2017-05-25 13:09:29 +00:00
|
|
|
// console.log(res);
|
|
|
|
|
assert.equal(res.headers.location, Endpoints.SECOND_FACTOR_GET);
|
|
|
|
|
assert.equal(res.statusCode, 302, "first factor failed");
|
2017-05-16 21:17:46 +00:00
|
|
|
return requests.u2f_registration(j, transporter);
|
|
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
2017-05-25 13:09:29 +00:00
|
|
|
assert.equal(res.statusCode, 200, "second factor, finish register failed");
|
2017-05-16 21:17:46 +00:00
|
|
|
return requests.u2f_authentication(j);
|
|
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
2017-05-25 13:09:29 +00:00
|
|
|
assert.equal(res.statusCode, 200, "second factor, finish sign failed");
|
2017-05-16 21:17:46 +00:00
|
|
|
return requests.verify(j);
|
|
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
|
|
|
|
assert.equal(res.statusCode, 204, "verify failed");
|
2017-05-25 13:09:29 +00:00
|
|
|
return BluebirdPromise.resolve();
|
2017-05-16 21:17:46 +00:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function test_reset_password() {
|
|
|
|
|
it("should reset the password", function () {
|
|
|
|
|
const j = requestp.jar();
|
|
|
|
|
return requests.login(j)
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
|
|
|
|
assert.equal(res.statusCode, 200, "get login page failed");
|
|
|
|
|
return requests.first_factor(j);
|
|
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
2017-05-25 13:09:29 +00:00
|
|
|
assert.equal(res.headers.location, Endpoints.SECOND_FACTOR_GET);
|
|
|
|
|
assert.equal(res.statusCode, 302, "first factor failed");
|
2017-05-16 21:17:46 +00:00
|
|
|
return requests.reset_password(j, transporter, "user", "new-password");
|
|
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
|
|
|
|
assert.equal(res.statusCode, 204, "second factor, finish register failed");
|
2017-05-25 13:09:29 +00:00
|
|
|
return BluebirdPromise.resolve();
|
2017-05-16 21:17:46 +00:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function test_regulation() {
|
|
|
|
|
it("should regulate authentication", function () {
|
|
|
|
|
const j = requestp.jar();
|
|
|
|
|
MockDate.set("1/2/2017 00:00:00");
|
|
|
|
|
return requests.login(j)
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
|
|
|
|
assert.equal(res.statusCode, 200, "get login page failed");
|
|
|
|
|
return requests.failing_first_factor(j);
|
|
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
|
|
|
|
assert.equal(res.statusCode, 401, "first factor failed");
|
|
|
|
|
return requests.failing_first_factor(j);
|
|
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
|
|
|
|
assert.equal(res.statusCode, 401, "first factor failed");
|
|
|
|
|
return requests.failing_first_factor(j);
|
|
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
|
|
|
|
assert.equal(res.statusCode, 401, "first factor failed");
|
|
|
|
|
return requests.failing_first_factor(j);
|
|
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
|
|
|
|
assert.equal(res.statusCode, 403, "first factor failed");
|
|
|
|
|
MockDate.set("1/2/2017 00:30:00");
|
|
|
|
|
return requests.failing_first_factor(j);
|
|
|
|
|
})
|
|
|
|
|
.then(function (res: request.RequestResponse) {
|
|
|
|
|
assert.equal(res.statusCode, 401, "first factor failed");
|
2017-05-25 13:09:29 +00:00
|
|
|
return BluebirdPromise.resolve();
|
2017-05-16 21:17:46 +00:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
