Accueil Explorer Aide
S'inscrire Connexion
Code_Uwe
/
rhl-lieferscheine
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: a73576484c
Branches Tags
rhl-lieferschei...
/
lib
/
frontend
/
auth
/
mustChangePasswordGate.test.js

mustChangePasswordGate.test.js 4.3 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163 
  1. /* @vitest-environment node */
    2. 

  2. 

  3. import { describe, it, expect } from "vitest";
    4. 

  4. 

  5. import {
    6. 

  6. 	MUST_CHANGE_PASSWORD_GATE_PARAM,
    7. 

  7. 	MUST_CHANGE_PASSWORD_GATE_VALUE,
    8. 

  8. 	isProfilePath,
    9. 

  9. 	sanitizeMustChangePasswordNext,
    10. 

  10. 	shouldRedirectToProfileForPasswordChange,
    11. 

  11. 	buildMustChangePasswordRedirectUrl,
    12. 

  12. 	parseMustChangePasswordGateParams,
    13. 

  13. 	resolveMustChangePasswordResumePath,
    14. 

  14. } from "./mustChangePasswordGate.js";
    15. 

  15. 

  16. describe("lib/frontend/auth/mustChangePasswordGate", () => {
    17. 

  17. 	describe("isProfilePath", () => {
    18. 

  18. 		it("returns true for /profile and profile subpaths", () => {
    19. 

  19. 			expect(isProfilePath("/profile")).toBe(true);
    20. 

  20. 			expect(isProfilePath("/profile/security")).toBe(true);
    21. 

  21. 		});
    22. 

  22. 

  23. 		it("returns false for non-profile routes", () => {
    24. 

  24. 			expect(isProfilePath("/")).toBe(false);
    25. 

  25. 			expect(isProfilePath("/NL01")).toBe(false);
    26. 

  26. 			expect(isProfilePath("/NL01/search")).toBe(false);
    27. 

  27. 		});
    28. 

  28. 	});
    29. 

  29. 

  30. 	describe("sanitizeMustChangePasswordNext", () => {
    31. 

  31. 		it("accepts safe internal non-profile targets", () => {
    32. 

  32. 			expect(sanitizeMustChangePasswordNext("/NL01")).toBe("/NL01");
    33. 

  33. 			expect(sanitizeMustChangePasswordNext("/NL01/search?scope=all")).toBe(
    34. 

  34. 				"/NL01/search?scope=all"
    35. 

  35. 			);
    36. 

  36. 		});
    37. 

  37. 

  38. 		it("rejects unsafe or profile targets", () => {
    39. 

  39. 			expect(sanitizeMustChangePasswordNext("//evil.com")).toBe(null);
    40. 

  40. 			expect(sanitizeMustChangePasswordNext("https://evil.com")).toBe(null);
    41. 

  41. 			expect(sanitizeMustChangePasswordNext("/profile")).toBe(null);
    42. 

  42. 			expect(sanitizeMustChangePasswordNext("/profile?x=1")).toBe(null);
    43. 

  43. 		});
    44. 

  44. 	});
    45. 

  45. 

  46. 	describe("shouldRedirectToProfileForPasswordChange", () => {
    47. 

  47. 		it("forces redirect for non-profile routes while flag is true", () => {
    48. 

  48. 			expect(
    49. 

  49. 				shouldRedirectToProfileForPasswordChange({
    50. 

  50. 					pathname: "/NL01",
    51. 

  51. 					mustChangePassword: true,
    52. 

  52. 				})
    53. 

  53. 			).toBe(true);
    54. 

  54. 		});
    55. 

  55. 

  56. 		it("does not force redirect when already on profile or flag is false", () => {
    57. 

  57. 			expect(
    58. 

  58. 				shouldRedirectToProfileForPasswordChange({
    59. 

  59. 					pathname: "/profile",
    60. 

  60. 					mustChangePassword: true,
    61. 

  61. 				})
    62. 

  62. 			).toBe(false);
    63. 

  63. 

  64. 			expect(
    65. 

  65. 				shouldRedirectToProfileForPasswordChange({
    66. 

  66. 					pathname: "/NL01",
    67. 

  67. 					mustChangePassword: false,
    68. 

  68. 				})
    69. 

  69. 			).toBe(false);
    70. 

  70. 		});
    71. 

  71. 	});
    72. 

  72. 

  73. 	describe("buildMustChangePasswordRedirectUrl", () => {
    74. 

  74. 		it("builds profile URL with marker and safe next", () => {
    75. 

  75. 			expect(buildMustChangePasswordRedirectUrl("/NL01/search")).toBe(
    76. 

  76. 				"/profile?mustChangePasswordGate=1&next=%2FNL01%2Fsearch"
    77. 

  77. 			);
    78. 

  78. 		});
    79. 

  79. 

  80. 		it("always includes gate marker and drops invalid next", () => {
    81. 

  81. 			expect(buildMustChangePasswordRedirectUrl("//evil.com")).toBe(
    82. 

  82. 				`/profile?${MUST_CHANGE_PASSWORD_GATE_PARAM}=${MUST_CHANGE_PASSWORD_GATE_VALUE}`
    83. 

  83. 			);
    84. 

  84. 		});
    85. 

  85. 	});
    86. 

  86. 

  87. 	describe("parseMustChangePasswordGateParams", () => {
    88. 

  88. 		it("parses marker and next from URLSearchParams", () => {
    89. 

  89. 			const sp = new URLSearchParams({
    90. 

  90. 				mustChangePasswordGate: "1",
    91. 

  91. 				next: "/NL01",
    92. 

  92. 			});
    93. 

  93. 

  94. 			expect(parseMustChangePasswordGateParams(sp)).toEqual({
    95. 

  95. 				isGateMarker: true,
    96. 

  96. 				next: "/NL01",
    97. 

  97. 			});
    98. 

  98. 		});
    99. 

  99. 

  100. 		it("normalizes invalid input", () => {
    101. 

  101. 			const sp = new URLSearchParams({
    102. 

  102. 				mustChangePasswordGate: "yes",
    103. 

  103. 				next: "/profile",
    104. 

  104. 			});
    105. 

  105. 

  106. 			expect(parseMustChangePasswordGateParams(sp)).toEqual({
    107. 

  107. 				isGateMarker: false,
    108. 

  108. 				next: null,
    109. 

  109. 			});
    110. 

  110. 		});
    111. 

  111. 	});
    112. 

  112. 

  113. 	describe("resolveMustChangePasswordResumePath", () => {
    114. 

  114. 		it("returns next only when marker is set, route is profile, and flag is false", () => {
    115. 

  115. 			const sp = new URLSearchParams({
    116. 

  116. 				mustChangePasswordGate: "1",
    117. 

  117. 				next: "/NL01/search",
    118. 

  118. 			});
    119. 

  119. 

  120. 			expect(
    121. 

  121. 				resolveMustChangePasswordResumePath({
    122. 

  122. 					pathname: "/profile",
    123. 

  123. 					searchParams: sp,
    124. 

  124. 					mustChangePassword: false,
    125. 

  125. 				})
    126. 

  126. 			).toBe("/NL01/search");
    127. 

  127. 		});
    128. 

  128. 

  129. 		it("returns null when any resume condition is not satisfied", () => {
    130. 

  130. 			const sp = new URLSearchParams({
    131. 

  131. 				mustChangePasswordGate: "1",
    132. 

  132. 				next: "/NL01/search",
    133. 

  133. 			});
    134. 

  134. 

  135. 			expect(
    136. 

  136. 				resolveMustChangePasswordResumePath({
    137. 

  137. 					pathname: "/profile",
    138. 

  138. 					searchParams: sp,
    139. 

  139. 					mustChangePassword: true,
    140. 

  140. 				})
    141. 

  141. 			).toBe(null);
    142. 

  142. 

  143. 			expect(
    144. 

  144. 				resolveMustChangePasswordResumePath({
    145. 

  145. 					pathname: "/NL01",
    146. 

  146. 					searchParams: sp,
    147. 

  147. 					mustChangePassword: false,
    148. 

  148. 				})
    149. 

  149. 			).toBe(null);
    150. 

  150. 

  151. 			expect(
    152. 

  152. 				resolveMustChangePasswordResumePath({
    153. 

  153. 					pathname: "/profile",
    154. 

  154. 					searchParams: new URLSearchParams({
    155. 

  155. 						mustChangePasswordGate: "0",
    156. 

  156. 						next: "/NL01/search",
    157. 

  157. 					}),
    158. 

  158. 					mustChangePassword: false,
    159. 

  159. 				})
    160. 

  160. 			).toBe(null);
    161. 

  161. 		});
    162. 

  162. 	});
    163. 

  163. });
    164.