-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathauth.server.test.ts
More file actions
109 lines (94 loc) · 3.49 KB
/
auth.server.test.ts
File metadata and controls
109 lines (94 loc) · 3.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
import { http, HttpResponse } from 'msw'
import { describe, expect, test } from 'vitest'
import { server } from '#tests/mocks'
import { consoleWarn } from '#tests/setup/setup-test-env.ts'
import { checkIsCommonPassword, getPasswordHashParts } from './auth.server.ts'
test('checkIsCommonPassword returns true when password is found in breach database', async () => {
const password = 'testpassword'
const [prefix, suffix] = getPasswordHashParts(password)
server.use(
http.get(`https://api.pwnedpasswords.com/range/${prefix}`, () => {
// Include the actual suffix in the response with another realistic suffix
return new HttpResponse(
`1234567890123456789012345678901234A:1\n${suffix}:1234`,
{ status: 200 },
)
}),
)
const result = await checkIsCommonPassword(password)
expect(result).toBe(true)
})
test('checkIsCommonPassword returns false when password is not found in breach database', async () => {
const password = 'sup3r-dup3r-s3cret'
const [prefix] = getPasswordHashParts(password)
server.use(
http.get(`https://api.pwnedpasswords.com/range/${prefix}`, () => {
// Response with realistic suffixes that won't match
return new HttpResponse(
'1234567890123456789012345678901234A:1\n' +
'1234567890123456789012345678901234B:2',
{ status: 200 },
)
}),
)
const result = await checkIsCommonPassword(password)
expect(result).toBe(false)
})
// Error cases
test('checkIsCommonPassword returns false when API returns 500', async () => {
const password = 'testpassword'
const [prefix] = getPasswordHashParts(password)
server.use(
http.get(`https://api.pwnedpasswords.com/range/${prefix}`, () => {
return new HttpResponse(null, { status: 500 })
}),
)
const result = await checkIsCommonPassword(password)
expect(result).toBe(false)
})
test('checkIsCommonPassword returns false when response has invalid format', async () => {
consoleWarn.mockImplementation(() => {})
const password = 'testpassword'
const [prefix] = getPasswordHashParts(password)
server.use(
http.get(`https://api.pwnedpasswords.com/range/${prefix}`, () => {
// Create a response that will cause a TypeError when text() is called
const response = new Response()
Object.defineProperty(response, 'text', {
value: () => Promise.resolve(null),
})
return response
}),
)
const result = await checkIsCommonPassword(password)
expect(result).toBe(false)
expect(consoleWarn).toHaveBeenCalledWith(
'Unknown error during password check',
expect.any(TypeError),
)
})
describe('timeout handling', () => {
// normally we'd use fake timers for a test like this, but there's an issue
// with AbortSignal.timeout() and fake timers: https://github.com/sinonjs/fake-timers/issues/418
// beforeEach(() => vi.useFakeTimers())
// afterEach(() => vi.useRealTimers())
test('checkIsCommonPassword times out after 1 second', async () => {
consoleWarn.mockImplementation(() => {})
server.use(
http.get('https://api.pwnedpasswords.com/range/:prefix', async () => {
const twoSecondDelay = 2000
await new Promise((resolve) => setTimeout(resolve, twoSecondDelay))
// swap to this when we can use fake timers:
// await vi.advanceTimersByTimeAsync(twoSecondDelay)
return new HttpResponse(
'1234567890123456789012345678901234A:1\n' +
'1234567890123456789012345678901234B:2',
{ status: 200 },
)
}),
)
const result = await checkIsCommonPassword('testpassword')
expect(result).toBe(false)
expect(consoleWarn).toHaveBeenCalledWith('Password check timed out')
})
})