diff --git a/package.json b/package.json index 980241f..fdbe613 100644 --- a/package.json +++ b/package.json @@ -5,9 +5,10 @@ "main": "app.js", "license": "AGPL-3.0", "scripts": { - "test": "npm run-script eslint && npm run-script jsonlint && mocha", + "test": "npm run-script eslint && npm run-script jsonlint && npm run-script mocha-suite", "eslint": "node_modules/.bin/eslint lib public test app.js", "jsonlint": "find . -not -path './node_modules/*' -type f -name '*.json' -o -type f -name '*.json.example' | while read json; do echo $json ; jq . $json; done", + "mocha-suite": "NODE_ENV=test CMD_DB_URL=\"sqlite::memory:\" mocha --exit", "standard": "echo 'standard is no longer being used, use `npm run eslint` instead!' && exit 1", "dev": "webpack --config webpack.dev.js --progress --colors --watch", "heroku-prebuild": "bin/heroku", diff --git a/test/user.js b/test/user.js new file mode 100644 index 0000000..6159ebf --- /dev/null +++ b/test/user.js @@ -0,0 +1,37 @@ +/* eslint-env node, mocha */ + +'use strict' + +const assert = require('assert') + +const models = require('../lib/models') +const User = models.User + +describe('User Sequelize model', function () { + beforeEach(() => { + return models.sequelize.sync({ force: true }) + }) + + it('stores a password hash on creation and verifies that password', function () { + const userData = { + password: 'test123' + } + const intentionallyInvalidPassword = 'stuff' + + return User.create(userData).then(u => { + assert(u.verifyPassword(userData.password)) + assert(!u.verifyPassword(intentionallyInvalidPassword)) + }) + }) + + it('can cope with password stored in standard scrypt header format', function () { + const testKey = '736372797074000e00000008000000018c7b8c1ac273fd339badde759b3efc418bc61b776debd02dfe95989383cf9980ad21d2403dce33f4b551f5e98ce84edb792aee62600b1303ab8d4e6f0a53b0746e73193dbf557b888efc83a2d6a055a9' + const validPassword = 'test' + const intentionallyInvalidPassword = 'stuff' + + const u = User.build() + u.setDataValue('password', testKey) // this circumvents the setter - which we don't need in this case! + assert(u.verifyPassword(validPassword)) + assert(!u.verifyPassword(intentionallyInvalidPassword)) + }) +})