deleting otp upon success is important

devsoc-unsw · Dec 14, 2024 · 1a063c6 · 1a063c6
1 parent 4c09494
commit 1a063c6
Show file tree

Hide file tree

Showing 2 changed files with 89 additions and 94 deletions.
diff --git a/backend/src/index.ts b/backend/src/index.ts
@@ -257,6 +257,8 @@ app.post('/auth/password/forgot', async (req: Request, res: Response) => {
 
     await updateUserPasswordFromEmail(email, password, SALT_ROUNDS);
 
+    await redisClient.del(email);
+
     return res.status(200).json({ message: 'ok' });
   } catch (error) {
     return res.status(400).json({

diff --git a/backend/tests/otp.test.ts b/backend/tests/otp.test.ts
@@ -1,204 +1,197 @@
 //test/sample.test.ts
-import { expect, test, vi, describe } from 'vitest'; // 👈🏻 Added the `vi` import
-import request from 'supertest';
-import app from '../src/index';
-import { createClient } from 'redis';
-import prisma from '../src/prisma';
-
-describe.skip('Password change', () => {
-  test('Forgot password OTP', async () => {
+import { expect, test, vi, describe } from "vitest"; // 👈🏻 Added the `vi` import
+import request from "supertest";
+import app from "../src/index";
+import { createClient } from "redis";
+import prisma from "../src/prisma";
+
+describe("Password change", () => {
+  test("Forgot password OTP", async () => {
     const redisClient = createClient({
-      url: `redis://localhost:${process.env['REDIS_PORT']}`,
+      url: `redis://localhost:${process.env["REDIS_PORT"]}`,
     });
     await redisClient.connect().catch(console.error);
 
     expect(redisClient).not.toBeUndefined();
-
-    const { status, body } = await request(app).post('/auth/register').send({
-      username: 'richard grayson',
-      password: 'iheartkori',
-      email: '[email protected]',
+    
+    const { status, body } = await request(app).post("/auth/register").send({
+      username: "richard grayson",
+      password: "iheartkori",
+      email: "[email protected]"
     });
 
     const newUser = await prisma.user.findFirst({
       where: {
         id: body.newUser.id,
       },
     });
-
+    
     expect(status).toBe(201);
     expect(newUser).not.toBeNull();
     expect(body.newUser).toStrictEqual({
-      username: 'richard grayson',
+      username: "richard grayson",
       id: newUser?.id,
     });
 
-    if (newUser) {
+    if(newUser) {
+
       //testing token expiration
-      const expRes = await request(app).post('/auth/otp/generate').send({
-        email: '[email protected]',
+      const expRes = await request(app).post("/auth/otp/generate").send({
+          email: "[email protected]"
       });
       const expResToken = expRes.body.message;
       expect(expRes.status).toBe(200);
       expect(expResToken).not.toBeUndefined();
 
-      const expToken = await redisClient.get(newUser.email);
+      const expToken  = await redisClient.get(newUser.email);
 
       expect(expToken).not.toBeNull();
       expect(expToken).toEqual(expResToken);
 
-      await new Promise((resolve) => setTimeout(resolve, 1000));
+      await new Promise(resolve => setTimeout(resolve, 1000));
 
       const checkGenTokens = await redisClient.get(newUser.email);
       expect(checkGenTokens).toBeNull();
 
       //verification
-      const genRes = await request(app).post('/auth/otp/generate').send({
-        email: '[email protected]',
+      const genRes = await request(app).post("/auth/otp/generate").send({
+        email: "[email protected]"
       });
       const resToken = genRes.body.message;
 
-      let verToken = await redisClient.get(newUser.email);
+      let verToken  = await redisClient.get(newUser.email);
       expect(verToken).not.toBeNull();
       expect(verToken).toEqual(resToken);
-
-      const verRes = await request(app).post('/auth/otp/verify').send({
-        email: '[email protected]',
-        token: resToken,
+      
+      const verRes = await request(app).post("/auth/otp/verify").send({
+        email: "[email protected]",
+        token: resToken
       });
 
       expect(verRes.status).toBe(200);
 
-      verToken = await redisClient.get(newUser.email);
+      verToken  = await redisClient.get(newUser.email);
       expect(verToken).not.toBeNull();
 
-      await new Promise((resolve) => setTimeout(resolve, 1000));
+      await new Promise(resolve => setTimeout(resolve, 1000));
 
       const checkVerTokens = await redisClient.get(newUser.email);
       expect(checkVerTokens).toBeNull();
 
       //forgot password
-      const oldPassRes = await request(app).post('/auth/login').send({
-        username: 'richard grayson',
-        password: 'iheartkori',
+      const oldPassRes = await request(app).post("/auth/login").send({
+        username: "richard grayson",
+        password: "iheartkori"
       });
       expect(oldPassRes.status).toBe(200);
 
-      const fGenRes = await request(app).post('/auth/otp/generate').send({
-        email: '[email protected]',
+      const fGenRes = await request(app).post("/auth/otp/generate").send({
+        email: "[email protected]"
       });
       const fResToken = fGenRes.body.message;
 
-      let fVerToken = await redisClient.get(newUser.email);
+      let fVerToken  = await redisClient.get(newUser.email);
       expect(fVerToken).not.toBeNull();
       expect(fVerToken).toEqual(fResToken);
-
-      const fVerRes = await request(app).post('/auth/otp/verify').send({
-        email: '[email protected]',
-        token: fResToken,
+      
+      const fVerRes = await request(app).post("/auth/otp/verify").send({
+        email: "[email protected]",
+        token: fResToken
       });
 
       expect(fVerRes.status).toBe(200);
 
-      fVerToken = await redisClient.get(newUser.email);
+      fVerToken  = await redisClient.get(newUser.email);
       expect(fVerToken).not.toBeNull();
 
-      const forgotRes = await request(app).post('/auth/password/forgot').send({
-        email: '[email protected]',
+      const forgotRes = await request(app).post("/auth/password/forgot").send({
+        email: "[email protected]",
         token: fResToken,
-        newPassword: 'oraclefan1',
+        newPassword: "oraclefan1"
       });
 
       //console.log(forgotRes.error.text);
       expect(forgotRes.status).toBe(200);
-
-      await new Promise((resolve) => setTimeout(resolve, 1000));
-
+
       const fCheckVerTokens = await redisClient.get(newUser.email);
       expect(fCheckVerTokens).toBeNull();
 
-      const oldPassFailRes = await request(app).post('/auth/login').send({
-        username: 'richard grayson',
-        password: 'iheartkori',
+      const oldPassFailRes = await request(app).post("/auth/login").send({
+        username: "richard grayson",
+        password: "iheartkori"
       });
       expect(oldPassFailRes.status).toBe(400);
-      expect(oldPassFailRes.body.error).toBe('Invalid password');
+      expect(oldPassFailRes.body.error).toBe("Invalid password");
 
-      const loginRes = await request(app).post('/auth/login').send({
-        username: 'richard grayson',
-        password: 'oraclefan1',
+      const loginRes = await request(app).post("/auth/login").send({
+        username: "richard grayson",
+        password: "oraclefan1",
       });
-
+      
       expect(loginRes.status).toBe(200);
     }
   }, 200000);
 
-  test('Update password', async () => {
+  test("Update password", async () => {
     const redisClient = createClient({
-      url: `redis://localhost:${process.env['REDIS_PORT']}`,
+      url: `redis://localhost:${process.env["REDIS_PORT"]}`,
     });
     await redisClient.connect().catch(console.error);
 
     expect(redisClient).not.toBeUndefined();
-
-    const { status, body } = await request(app).post('/auth/register').send({
-      username: 'richard grayson',
-      password: 'iheartkori',
-      email: '[email protected]',
+    
+    const { status, body } = await request(app).post("/auth/register").send({
+      username: "richard grayson",
+      password: "iheartkori",
+      email: "[email protected]"
     });
 
     const newUser = await prisma.user.findFirst({
       where: {
         id: body.newUser.id,
       },
     });
-
+    
     expect(status).toBe(201);
     expect(newUser).not.toBeNull();
     expect(body.newUser).toStrictEqual({
-      username: 'richard grayson',
+      username: "richard grayson",
       id: newUser?.id,
     });
 
-    if (newUser) {
-      const oldPassRes = await request(app).post('/auth/login').send({
-        username: 'richard grayson',
-        password: 'iheartkori',
+    if(newUser) {
+      const oldPassRes = await request(app).post("/auth/login").send({
+        username: "richard grayson",
+        password: "iheartkori"
       });
       expect(oldPassRes.status).toBe(200);
 
-      const sessionID = oldPassRes.headers['set-cookie'];
+      const sessionID = oldPassRes.headers["set-cookie"];
 
-      const updateResFail = await request(app)
-        .post('/auth/password/update')
-        .set('Cookie', sessionID)
-        .send({
-          oldPassword: '1234',
-          newPassword: 'newPassword',
-        });
+      const updateResFail = await request(app).post("/auth/password/update")
+      .set("Cookie", sessionID).send({
+        oldPassword: "1234",
+        newPassword: "newPassword"
+      });
       expect(updateResFail.status).toBe(400);
-      expect(updateResFail.body.message).toBe(
-        'Unable to update password. Current password is incorrect.'
-      );
-
-      const updateRes = await request(app)
-        .post('/auth/password/update')
-        .set('Cookie', sessionID)
-        .send({
-          oldPassword: 'iheartkori',
-          newPassword: 'batgirlfan123',
-        });
+      expect(updateResFail.body.message).toBe("Unable to update password. Current password is incorrect.");
+
+      const updateRes = await request(app).post("/auth/password/update")
+      .set("Cookie", sessionID).send({
+        oldPassword: "iheartkori",
+        newPassword: "batgirlfan123"
+      });
       expect(updateRes.status).toBe(200);
 
-      const oldPassResFail = await request(app).post('/auth/login').send({
-        username: 'richard grayson',
-        password: 'iheartkori',
+      const oldPassResFail = await request(app).post("/auth/login").send({
+        username: "richard grayson",
+        password: "iheartkori"
       });
-      expect(updateResFail.status).toBe(400);
+      expect(oldPassResFail.status).toBe(400);
 
-      const newPassRes = await request(app).post('/auth/login').send({
-        username: 'richard grayson',
-        password: 'batgirlfan123',
+      const newPassRes = await request(app).post("/auth/login").send({
+        username: "richard grayson",
+        password: "batgirlfan123"
       });
       expect(newPassRes.status).toBe(200);
     }