116 lines
3.0 KiB
Go
116 lines
3.0 KiB
Go
package suites
|
|
|
|
import (
|
|
"context"
|
|
"log"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/suite"
|
|
)
|
|
|
|
type ResetPasswordScenario struct {
|
|
*RodSuite
|
|
}
|
|
|
|
func NewResetPasswordScenario() *ResetPasswordScenario {
|
|
return &ResetPasswordScenario{RodSuite: NewRodSuite("")}
|
|
}
|
|
|
|
func (s *ResetPasswordScenario) SetupSuite() {
|
|
browser, err := StartRod()
|
|
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
|
|
s.RodSession = browser
|
|
}
|
|
|
|
func (s *ResetPasswordScenario) TearDownSuite() {
|
|
err := s.RodSession.Stop()
|
|
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func (s *ResetPasswordScenario) SetupTest() {
|
|
s.Page = s.doCreateTab(s.T(), HomeBaseURL)
|
|
s.verifyIsHome(s.T(), s.Page)
|
|
}
|
|
|
|
func (s *ResetPasswordScenario) TearDownTest() {
|
|
s.collectCoverage(s.Page)
|
|
s.MustClose()
|
|
}
|
|
|
|
func (s *ResetPasswordScenario) TestShouldResetPassword() {
|
|
ctx, cancel := context.WithTimeout(context.Background(), 45*time.Second)
|
|
defer func() {
|
|
cancel()
|
|
s.collectScreenshot(ctx.Err(), s.Page)
|
|
}()
|
|
|
|
s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL(BaseDomain))
|
|
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
|
|
|
|
// Reset the password to abc.
|
|
s.doResetPassword(s.T(), s.Context(ctx), "john", "abc", "abc", false)
|
|
|
|
// Try to login with the old password.
|
|
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, BaseDomain, "")
|
|
s.verifyNotificationDisplayed(s.T(), s.Context(ctx), "Incorrect username or password.")
|
|
|
|
// Try to login with the new password.
|
|
s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "abc", false, BaseDomain, "")
|
|
|
|
// Logout.
|
|
s.doLogout(s.T(), s.Context(ctx))
|
|
|
|
// Reset the original password.
|
|
s.doResetPassword(s.T(), s.Context(ctx), "john", "password", "password", false)
|
|
}
|
|
|
|
func (s *ResetPasswordScenario) TestShouldMakeAttackerThinkPasswordResetIsInitiated() {
|
|
ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
|
|
defer func() {
|
|
cancel()
|
|
s.collectScreenshot(ctx.Err(), s.Page)
|
|
}()
|
|
|
|
s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL(BaseDomain))
|
|
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
|
|
|
|
// Try to initiate a password reset of an nonexistent user.
|
|
s.doInitiatePasswordReset(s.T(), s.Context(ctx), "i_dont_exist")
|
|
|
|
// Check that the notification make the attacker thinks the process is initiated.
|
|
s.verifyMailNotificationDisplayed(s.T(), s.Context(ctx))
|
|
}
|
|
|
|
func (s *ResetPasswordScenario) TestShouldLetUserNoticeThereIsAPasswordMismatch() {
|
|
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
|
|
defer func() {
|
|
cancel()
|
|
s.collectScreenshot(ctx.Err(), s.Page)
|
|
}()
|
|
|
|
s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL(BaseDomain))
|
|
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
|
|
|
|
s.doInitiatePasswordReset(s.T(), s.Context(ctx), "john")
|
|
s.verifyMailNotificationDisplayed(s.T(), s.Context(ctx))
|
|
|
|
s.doCompletePasswordReset(s.T(), s.Context(ctx), "password", "another_password")
|
|
s.verifyNotificationDisplayed(s.T(), s.Context(ctx), "Passwords do not match.")
|
|
}
|
|
|
|
func TestRunResetPasswordScenario(t *testing.T) {
|
|
if testing.Short() {
|
|
t.Skip("skipping suite test in short mode")
|
|
}
|
|
|
|
suite.Run(t, NewResetPasswordScenario())
|
|
}
|