ChatGPT/FastGPT
1
0
Fork 0
mirror of https://github.com/labring/FastGPT.git synced 2026-05-02 01:02:05 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
03dd9c00a83ee6557524f160462abcffceab1d71
FastGPT/projects/app/test/api/support/user/account/resetExpiredPsw.test.ts
T
Archer bd966d479f fix: login secret (#6635) 
* fix: login secret

* lock

* env template

* fix: ts

* fix: ts

* fix: ts
2026-03-25 14:45:38 +08:00

186 lines
5.8 KiB
TypeScript
Raw Blame History

import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
import * as resetExpiredPswApi from '@/pages/api/support/user/account/resetExpiredPsw';
import { MongoUser } from '@fastgpt/service/support/user/schema';
import { MongoTeam } from '@fastgpt/service/support/user/team/teamSchema';
import { MongoTeamMember } from '@fastgpt/service/support/user/team/teamMemberSchema';
import { UserStatusEnum } from '@fastgpt/global/support/user/constant';
import { initTeamFreePlan } from '@fastgpt/service/support/wallet/sub/utils';
import type { ResetExpiredPswBodyType } from '@fastgpt/global/openapi/support/user/account/password/api';
import { Call } from '@test/utils/request';
describe('resetExpiredPsw API', () => {
let testUser: any;
let testTeam: any;
let testTmb: any;
const originalEnv = process.env.PASSWORD_EXPIRED_MONTH;
beforeEach(async () => {
testUser = await MongoUser.create({
username: 'testuser',
password: 'oldpassword',
status: UserStatusEnum.active
});
testTeam = await MongoTeam.create({
name: 'Test Team',
ownerId: testUser._id
});
await initTeamFreePlan({ teamId: String(testTeam._id) });
testTmb = await MongoTeamMember.create({
teamId: testTeam._id,
userId: testUser._id,
status: 'active',
role: 'owner'
});
vi.clearAllMocks();
});
afterEach(() => {
process.env.PASSWORD_EXPIRED_MONTH = originalEnv;
});
it('should successfully reset password when expired', async () => {
process.env.PASSWORD_EXPIRED_MONTH = '1';
// Set password update time to 2 months ago (expired)
const twoMonthsAgo = new Date();
twoMonthsAgo.setMonth(twoMonthsAgo.getMonth() - 2);
await MongoUser.findByIdAndUpdate(testUser._id, {
passwordUpdateTime: twoMonthsAgo
});
const res = await Call<ResetExpiredPswBodyType, {}, any>(resetExpiredPswApi.default, {
body: { newPsw: 'newhashedpassword' },
auth: {
userId: String(testUser._id),
teamId: String(testTeam._id),
tmbId: String(testTmb._id),
isRoot: false,
sessionId: 'session123'
} as any
});
expect(res.code).toBe(200);
// Verify password was updated
const updatedUser = await MongoUser.findById(testUser._id).select(
'+password +passwordUpdateTime'
);
expect(updatedUser?.password).toBeDefined();
expect(updatedUser?.passwordUpdateTime).toBeDefined();
const newUpdateTime = new Date(updatedUser!.passwordUpdateTime!).getTime();
expect(newUpdateTime).toBeGreaterThan(twoMonthsAgo.getTime());
});
it('should reject when password is not expired (PASSWORD_EXPIRED_MONTH not set)', async () => {
delete process.env.PASSWORD_EXPIRED_MONTH;
await MongoUser.findByIdAndUpdate(testUser._id, {
passwordUpdateTime: new Date()
});
const res = await Call<ResetExpiredPswBodyType, {}, any>(resetExpiredPswApi.default, {
body: { newPsw: 'newhashedpassword' },
auth: {
userId: String(testUser._id),
teamId: String(testTeam._id),
tmbId: String(testTmb._id),
isRoot: false,
sessionId: 'session123'
} as any
});
expect(res.code).toBe(500);
expect(res.error).toBeDefined();
});
it('should reject when password is not expired (still within expiry period)', async () => {
process.env.PASSWORD_EXPIRED_MONTH = '3';
// Update password just now — not expired
await MongoUser.findByIdAndUpdate(testUser._id, {
passwordUpdateTime: new Date()
});
const res = await Call<ResetExpiredPswBodyType, {}, any>(resetExpiredPswApi.default, {
body: { newPsw: 'newhashedpassword' },
auth: {
userId: String(testUser._id),
teamId: String(testTeam._id),
tmbId: String(testTmb._id),
isRoot: false,
sessionId: 'session123'
} as any
});
expect(res.code).toBe(500);
});
it('should reject when newPsw is missing', async () => {
process.env.PASSWORD_EXPIRED_MONTH = '1';
const res = await Call<any, {}, any>(resetExpiredPswApi.default, {
body: {},
auth: {
userId: String(testUser._id),
teamId: String(testTeam._id),
tmbId: String(testTmb._id),
isRoot: false,
sessionId: 'session123'
} as any
});
expect(res.code).toBe(500);
});
it('should reject when user is not found', async () => {
process.env.PASSWORD_EXPIRED_MONTH = '1';
const nonExistentId = '000000000000000000000001';
const res = await Call<ResetExpiredPswBodyType, {}, any>(resetExpiredPswApi.default, {
body: { newPsw: 'newhashedpassword' },
auth: {
userId: nonExistentId,
teamId: String(testTeam._id),
tmbId: String(testTmb._id),
isRoot: false,
sessionId: 'session123'
} as any
});
expect(res.code).toBe(500);
expect(res.error).toBe('The password has not expired');
});
it('should reject request without authentication', async () => {
const res = await Call<ResetExpiredPswBodyType, {}, any>(resetExpiredPswApi.default, {
body: { newPsw: 'newhashedpassword' }
});
expect(res.code).toBe(500);
});
it('should reject newPsw as non-string (injection guard)', async () => {
process.env.PASSWORD_EXPIRED_MONTH = '1';
const twoMonthsAgo = new Date();
twoMonthsAgo.setMonth(twoMonthsAgo.getMonth() - 2);
await MongoUser.findByIdAndUpdate(testUser._id, {
passwordUpdateTime: twoMonthsAgo
});
const res = await Call<any, {}, any>(resetExpiredPswApi.default, {
body: { newPsw: { $ne: '' } },
auth: {
userId: String(testUser._id),
teamId: String(testTeam._id),
tmbId: String(testTmb._id),
isRoot: false,
sessionId: 'session123'
} as any
});
expect(res.code).toBe(500);
});
});
Reference in New Issue View Git Blame Copy Permalink