juice-shop

two-factor-auth-service.spec.ts
85 строк · 3.1 Кб
Перенос по словам
1
/*
2
 * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3
 * SPDX-License-Identifier: MIT
4
 */
5

6
import { HttpClientTestingModule, HttpTestingController } from '@angular/common/http/testing'
7
import { fakeAsync, inject, TestBed, tick } from '@angular/core/testing'
8

9
import { TwoFactorAuthService } from './two-factor-auth-service'
10

11
describe('TwoFactorAuthServiceService', () => {
12
  beforeEach(() => TestBed.configureTestingModule({
13
    imports: [HttpClientTestingModule],
14
    providers: [TwoFactorAuthService]
15
  }))
16

17
  it('should be created', inject([TwoFactorAuthService], (service: TwoFactorAuthService) => {
18
    expect(service).toBeTruthy()
19
  }))
20

21
  it('should verify TOTP token directly via the rest api', inject([TwoFactorAuthService, HttpTestingController],
22
    fakeAsync((service: TwoFactorAuthService, httpMock: HttpTestingController) => {
23
      localStorage.setItem('totp_tmp_token', '000000')
24
      let res: any
25
      service.verify('123456').subscribe((data) => (res = data))
26

27
      const req = httpMock.expectOne('http://localhost:3000/rest/2fa/verify')
28
      req.flush({ authentication: 'apiResponse' })
29
      tick()
30

31
      expect(req.request.method).toBe('POST')
32
      expect(req.request.body).toEqual({ tmpToken: '000000', totpToken: '123456' })
33
      expect(res).toBe('apiResponse')
34
      httpMock.verify()
35
    })
36
  ))
37

38
  it('should retrieve 2FA status directly via the rest api', inject([TwoFactorAuthService, HttpTestingController],
39
    fakeAsync((service: TwoFactorAuthService, httpMock: HttpTestingController) => {
40
      let res: any
41
      service.status().subscribe((data) => (res = data))
42

43
      const req = httpMock.expectOne('http://localhost:3000/rest/2fa/status')
44
      req.flush({ setup: false })
45
      tick()
46

47
      expect(req.request.method).toBe('GET')
48
      expect(req.request.params.toString()).toBeFalsy()
49
      expect(res).toEqual({ setup: false })
50
      httpMock.verify()
51
    })
52
  ))
53

54
  it('should set up 2FA directly via the rest api', inject([TwoFactorAuthService, HttpTestingController],
55
    fakeAsync((service: TwoFactorAuthService, httpMock: HttpTestingController) => {
56
      let res: any
57
      service.setup('s3cr3t!', 'initialToken', 'setupToken').subscribe((data) => (res = data))
58

59
      const req = httpMock.expectOne('http://localhost:3000/rest/2fa/setup')
60
      req.flush({})
61
      tick()
62

63
      expect(req.request.method).toBe('POST')
64
      expect(req.request.body).toEqual({ password: 's3cr3t!', initialToken: 'initialToken', setupToken: 'setupToken' })
65
      expect(res).toBe(undefined)
66
      httpMock.verify()
67
    })
68
  ))
69

70
  it('should disable 2FA directly via the rest api', inject([TwoFactorAuthService, HttpTestingController],
71
    fakeAsync((service: TwoFactorAuthService, httpMock: HttpTestingController) => {
72
      let res: any
73
      service.disable('s3cr3t!').subscribe((data) => (res = data))
74

75
      const req = httpMock.expectOne('http://localhost:3000/rest/2fa/disable')
76
      req.flush({})
77
      tick()
78

79
      expect(req.request.method).toBe('POST')
80
      expect(req.request.body).toEqual({ password: 's3cr3t!' })
81
      expect(res).toBe(undefined)
82
      httpMock.verify()
83
    })
84
  ))
85
})
86
juice-shop

Использование cookies
