Permalink
Browse files

add wsapi test of attempted login as unknown user, and fix it

  • Loading branch information...
1 parent 1aae669 commit c1f4efb619b66e1eee9199d3026dc47816b9eabc @lloyd lloyd committed Jul 22, 2011
Showing with 13 additions and 1 deletion.
  1. +4 −1 browserid/lib/wsapi.js
  2. +9 −0 browserid/tests/registration-status-wsapi-test.js
View
@@ -147,7 +147,10 @@ function setup(app) {
app.post('/wsapi/authenticate_user', checkParams(["email", "pass"]), function(req, resp) {
db.checkAuth(req.body.email, function(hash) {
- var success = bcrypt.compare_sync(req.body.pass, hash);
+ var success =
+ (typeof hash === 'string' &&
+ typeof req.body.pass === 'string' &&
+ bcrypt.compare_sync(req.body.pass, hash));
if (success) {
if (!req.session) req.session = {};
@@ -28,6 +28,15 @@ suite.addBatch({
}
});
+suite.addBatch({
+ "authentication as an unknown user": {
+ topic: wsapi.post('/wsapi/authenticate_user', { email: 'first@fakeemail.com', pass: 'secondfakepass' }),
+ "fails": function (r, err) {
+ assert.isFalse(JSON.parse(r.body));
+ }
+ }
+});
+
// now start a registration
suite.addBatch({
"start registration": {

0 comments on commit c1f4efb

Please sign in to comment.