Skip to content

Commit

Permalink
test fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@niftyvictor
niftyvictor committed Feb 6, 2025
1 parent 9508175 commit 4e04c20
Showing 1 changed file with 202 additions and 0 deletions.
202 changes: 202 additions & 0 deletions test/webauthn/apis.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -740,5 +740,207 @@ describe(`apisFunctions: ${printPath("[test/webauthn/apis.test.js]")}`, function
);
assert(recoverAccountResponse.status === "RECOVER_ACCOUNT_TOKEN_INVALID_ERROR");
});

it("should return the correct error if the credential is invalid", async function () {
await initST();

const app = express();
app.use(middleware());
app.use(errorHandler());

const { email, signUpResponse } = await createUser(rpId, rpName, origin);

const generateRecoverAccountTokenResponse = await getWebAuthnRecipe().recipeInterfaceImpl.generateRecoverAccountToken(
{
userId: signUpResponse.user.id,
email,
tenantId: "public",
userContext: {},
}
);
const token = generateRecoverAccountTokenResponse.token;

let registerOptionsResponse = await new Promise((resolve, reject) =>
request(app)
.post("/auth/webauthn/options/register")
.send({
email,
})
.expect(200)
.end((err, res) => {
if (err) {
reject(err);
} else {
resolve(JSON.parse(res.text));
}
})
);
const webauthnGeneratedOptionsId = registerOptionsResponse.webauthnGeneratedOptionsId;

const { createCredential } = await getWebauthnLib();
const credential = createCredential(registerOptionsResponse, {
rpId,
rpName,
origin,
userNotPresent: false,
userNotVerified: false,
});

let recoverAccountResponse = await new Promise((resolve, reject) =>
request(app)
.post("/auth/user/webauthn/reset")
.send({
token,
credential: {
...credential,
id: "invalid",
response: {
...credential.response,
clientDataJSON: "invalid",
},
},
webauthnGeneratedOptionsId,
})
.expect(200)
.end((err, res) => {
if (err) {
reject(err);
} else {
resolve(JSON.parse(res.text));
}
})
);
assert(recoverAccountResponse.status === "INVALID_CREDENTIALS_ERROR");
});

it("should return the correct error if the register options id is wrong", async function () {
await initST();

const app = express();
app.use(middleware());
app.use(errorHandler());

const { email, signUpResponse } = await createUser(rpId, rpName, origin);

const generateRecoverAccountTokenResponse = await getWebAuthnRecipe().recipeInterfaceImpl.generateRecoverAccountToken(
{
userId: signUpResponse.user.id,
email,
tenantId: "public",
userContext: {},
}
);
const token = generateRecoverAccountTokenResponse.token;

let registerOptionsResponse = await new Promise((resolve, reject) =>
request(app)
.post("/auth/webauthn/options/register")
.send({
email,
})
.expect(200)
.end((err, res) => {
if (err) {
reject(err);
} else {
resolve(JSON.parse(res.text));
}
})
);
const webauthnGeneratedOptionsId = registerOptionsResponse.webauthnGeneratedOptionsId;

const { createCredential } = await getWebauthnLib();
const credential = createCredential(registerOptionsResponse, {
rpId,
rpName,
origin,
userNotPresent: false,
userNotVerified: false,
});

let recoverAccountResponse = await new Promise((resolve, reject) =>
request(app)
.post("/auth/user/webauthn/reset")
.send({
token,
credential,
webauthnGeneratedOptionsId: "invalid",
})
.expect(200)
.end((err, res) => {
if (err) {
reject(err);
} else {
resolve(JSON.parse(res.text));
}
})
);
assert(recoverAccountResponse.status === "INVALID_GENERATED_OPTIONS_ERROR");
});

it("should return the correct error if the register options are wrong", async function () {
await initST();

const app = express();
app.use(middleware());
app.use(errorHandler());

const { email, signUpResponse } = await createUser(rpId, rpName, origin);

const generateRecoverAccountTokenResponse = await getWebAuthnRecipe().recipeInterfaceImpl.generateRecoverAccountToken(
{
userId: signUpResponse.user.id,
email,
tenantId: "public",
userContext: {},
}
);
const token = generateRecoverAccountTokenResponse.token;

let registerOptionsResponse = await new Promise((resolve, reject) =>
request(app)
.post("/auth/webauthn/options/register")
.send({
email,
})
.expect(200)
.end((err, res) => {
if (err) {
reject(err);
} else {
resolve(JSON.parse(res.text));
}
})
);
const webauthnGeneratedOptionsId = registerOptionsResponse.webauthnGeneratedOptionsId;

const { createCredential } = await getWebauthnLib();
const credential = createCredential(registerOptionsResponse, {
rpId: rpId + ".co",
rpName,
origin: origin + ".co",
userNotPresent: false,
userNotVerified: false,
});

let recoverAccountResponse = await new Promise((resolve, reject) =>
request(app)
.post("/auth/user/webauthn/reset")
.send({
token,
credential,
webauthnGeneratedOptionsId,
})
.expect(200)
.end((err, res) => {
if (err) {
reject(err);
} else {
resolve(JSON.parse(res.text));
}
})
);
assert(recoverAccountResponse.status === "INVALID_GENERATED_OPTIONS_ERROR");
});
});
});

0 comments on commit 4e04c20

Please sign in to comment.