juice-shop
85 строк · 3.1 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import { HttpClientTestingModule, HttpTestingController } from '@angular/common/http/testing'
7import { fakeAsync, inject, TestBed, tick } from '@angular/core/testing'
8
9import { TwoFactorAuthService } from './two-factor-auth-service'
10
11describe('TwoFactorAuthServiceService', () => {
12beforeEach(() => TestBed.configureTestingModule({
13imports: [HttpClientTestingModule],
14providers: [TwoFactorAuthService]
15}))
16
17it('should be created', inject([TwoFactorAuthService], (service: TwoFactorAuthService) => {
18expect(service).toBeTruthy()
19}))
20
21it('should verify TOTP token directly via the rest api', inject([TwoFactorAuthService, HttpTestingController],
22fakeAsync((service: TwoFactorAuthService, httpMock: HttpTestingController) => {
23localStorage.setItem('totp_tmp_token', '000000')
24let res: any
25service.verify('123456').subscribe((data) => (res = data))
26
27const req = httpMock.expectOne('http://localhost:3000/rest/2fa/verify')
28req.flush({ authentication: 'apiResponse' })
29tick()
30
31expect(req.request.method).toBe('POST')
32expect(req.request.body).toEqual({ tmpToken: '000000', totpToken: '123456' })
33expect(res).toBe('apiResponse')
34httpMock.verify()
35})
36))
37
38it('should retrieve 2FA status directly via the rest api', inject([TwoFactorAuthService, HttpTestingController],
39fakeAsync((service: TwoFactorAuthService, httpMock: HttpTestingController) => {
40let res: any
41service.status().subscribe((data) => (res = data))
42
43const req = httpMock.expectOne('http://localhost:3000/rest/2fa/status')
44req.flush({ setup: false })
45tick()
46
47expect(req.request.method).toBe('GET')
48expect(req.request.params.toString()).toBeFalsy()
49expect(res).toEqual({ setup: false })
50httpMock.verify()
51})
52))
53
54it('should set up 2FA directly via the rest api', inject([TwoFactorAuthService, HttpTestingController],
55fakeAsync((service: TwoFactorAuthService, httpMock: HttpTestingController) => {
56let res: any
57service.setup('s3cr3t!', 'initialToken', 'setupToken').subscribe((data) => (res = data))
58
59const req = httpMock.expectOne('http://localhost:3000/rest/2fa/setup')
60req.flush({})
61tick()
62
63expect(req.request.method).toBe('POST')
64expect(req.request.body).toEqual({ password: 's3cr3t!', initialToken: 'initialToken', setupToken: 'setupToken' })
65expect(res).toBe(undefined)
66httpMock.verify()
67})
68))
69
70it('should disable 2FA directly via the rest api', inject([TwoFactorAuthService, HttpTestingController],
71fakeAsync((service: TwoFactorAuthService, httpMock: HttpTestingController) => {
72let res: any
73service.disable('s3cr3t!').subscribe((data) => (res = data))
74
75const req = httpMock.expectOne('http://localhost:3000/rest/2fa/disable')
76req.flush({})
77tick()
78
79expect(req.request.method).toBe('POST')
80expect(req.request.body).toEqual({ password: 's3cr3t!' })
81expect(res).toBe(undefined)
82httpMock.verify()
83})
84))
85})
86