Jackie/rentall-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

text changes and remove infra folder

Browse Source
This commit is contained in:
jackiettran
2026-01-21 19:00:55 -05:00
parent 23ca97cea9
commit 420e0efeb4
39 changed files with 1170 additions and 3640 deletions
Download Patch File Download Diff File Expand all files Collapse all files

333
backend/tests/unit/services/TwoFactorService.test.js
View File

@@ -1,10 +1,10 @@
const crypto = require('crypto');
const bcrypt = require('bcryptjs');
const { authenticator } = require('otplib');
const QRCode = require('qrcode');
const crypto = require("crypto");
const bcrypt = require("bcryptjs");
const { authenticator } = require("otplib");
const QRCode = require("qrcode");
// Mock dependencies
jest.mock('otplib', () => ({
jest.mock("otplib", () => ({
authenticator: {
generateSecret: jest.fn(),
keyuri: jest.fn(),
@@ -12,34 +12,34 @@ jest.mock('otplib', () => ({
},
}));
jest.mock('qrcode', () => ({
jest.mock("qrcode", () => ({
toDataURL: jest.fn(),
}));
jest.mock('bcryptjs', () => ({
jest.mock("bcryptjs", () => ({
hash: jest.fn(),
compare: jest.fn(),
}));
jest.mock('../../../utils/logger', () => ({
jest.mock("../../../utils/logger", () => ({
info: jest.fn(),
error: jest.fn(),
warn: jest.fn(),
}));
const TwoFactorService = require('../../../services/TwoFactorService');
const TwoFactorService = require("../../../services/TwoFactorService");
describe('TwoFactorService', () => {
describe("TwoFactorService", () => {
const originalEnv = process.env;
beforeEach(() => {
jest.clearAllMocks();
process.env = {
...originalEnv,
TOTP_ENCRYPTION_KEY: 'a'.repeat(64), // 64 hex chars = 32 bytes
TOTP_ISSUER: 'TestApp',
TWO_FACTOR_EMAIL_OTP_EXPIRY_MINUTES: '10',
TWO_FACTOR_STEP_UP_VALIDITY_MINUTES: '5',
TOTP_ENCRYPTION_KEY: "a".repeat(64),
TOTP_ISSUER: "TestApp",
TWO_FACTOR_EMAIL_OTP_EXPIRY_MINUTES: "10",
TWO_FACTOR_STEP_UP_VALIDITY_MINUTES: "5",
};
});
@@ -47,91 +47,117 @@ describe('TwoFactorService', () => {
process.env = originalEnv;
});
describe('generateTotpSecret', () => {
it('should generate TOTP secret with QR code', async () => {
authenticator.generateSecret.mockReturnValue('test-secret');
authenticator.keyuri.mockReturnValue('otpauth://totp/VillageShare:test@example.com?secret=test-secret');
QRCode.toDataURL.mockResolvedValue('data:image/png;base64,qrcode');
describe("generateTotpSecret", () => {
it("should generate TOTP secret with QR code", async () => {
authenticator.generateSecret.mockReturnValue("test-secret");
authenticator.keyuri.mockReturnValue(
"otpauth://totp/VillageShare:test@example.com?secret=test-secret",
);
QRCode.toDataURL.mockResolvedValue("data:image/png;base64,qrcode");
const result = await TwoFactorService.generateTotpSecret('test@example.com');
const result =
await TwoFactorService.generateTotpSecret("test@example.com");
expect(result.qrCodeDataUrl).toBe('data:image/png;base64,qrcode');
expect(result.qrCodeDataUrl).toBe("data:image/png;base64,qrcode");
expect(result.encryptedSecret).toBeDefined();
expect(result.encryptedSecretIv).toBeDefined();
// The issuer is loaded at module load time, so it uses the default 'VillageShare'
expect(authenticator.keyuri).toHaveBeenCalledWith('test@example.com', 'VillageShare', 'test-secret');
expect(authenticator.keyuri).toHaveBeenCalledWith(
"test@example.com",
"VillageShare",
"test-secret",
);
});
it('should use issuer from environment', async () => {
authenticator.generateSecret.mockReturnValue('test-secret');
authenticator.keyuri.mockReturnValue('otpauth://totp/VillageShare:test@example.com');
QRCode.toDataURL.mockResolvedValue('data:image/png;base64,qrcode');
it("should use issuer from environment", async () => {
authenticator.generateSecret.mockReturnValue("test-secret");
authenticator.keyuri.mockReturnValue(
"otpauth://totp/VillageShare:test@example.com",
);
QRCode.toDataURL.mockResolvedValue("data:image/png;base64,qrcode");
const result = await TwoFactorService.generateTotpSecret('test@example.com');
const result =
await TwoFactorService.generateTotpSecret("test@example.com");
expect(result.qrCodeDataUrl).toBeDefined();
expect(authenticator.keyuri).toHaveBeenCalled();
});
});
describe('verifyTotpCode', () => {
it('should return true for valid code', () => {
describe("verifyTotpCode", () => {
it("should return true for valid code", () => {
authenticator.verify.mockReturnValue(true);
// Use actual encryption
const { encrypted, iv } = TwoFactorService._encryptSecret('test-secret');
const result = TwoFactorService.verifyTotpCode(encrypted, iv, '123456');
const { encrypted, iv } = TwoFactorService._encryptSecret("test-secret");
const result = TwoFactorService.verifyTotpCode(encrypted, iv, "123456");
expect(result).toBe(true);
});
it('should return false for invalid code', () => {
it("should return false for invalid code", () => {
authenticator.verify.mockReturnValue(false);
const { encrypted, iv } = TwoFactorService._encryptSecret('test-secret');
const result = TwoFactorService.verifyTotpCode(encrypted, iv, '654321');
const { encrypted, iv } = TwoFactorService._encryptSecret("test-secret");
const result = TwoFactorService.verifyTotpCode(encrypted, iv, "654321");
expect(result).toBe(false);
});
it('should return false for non-6-digit code', () => {
const result = TwoFactorService.verifyTotpCode('encrypted', 'iv', '12345');
it("should return false for non-6-digit code", () => {
const result = TwoFactorService.verifyTotpCode(
"encrypted",
"iv",
"12345",
);
expect(result).toBe(false);
const result2 = TwoFactorService.verifyTotpCode('encrypted', 'iv', '1234567');
const result2 = TwoFactorService.verifyTotpCode(
"encrypted",
"iv",
"1234567",
);
expect(result2).toBe(false);
const result3 = TwoFactorService.verifyTotpCode('encrypted', 'iv', 'abcdef');
const result3 = TwoFactorService.verifyTotpCode(
"encrypted",
"iv",
"abcdef",
);
expect(result3).toBe(false);
});
it('should return false when decryption fails', () => {
const result = TwoFactorService.verifyTotpCode('invalid-encrypted', 'invalid-iv', '123456');
it("should return false when decryption fails", () => {
const result = TwoFactorService.verifyTotpCode(
"invalid-encrypted",
"invalid-iv",
"123456",
);
expect(result).toBe(false);
});
});
describe('generateEmailOtp', () => {
it('should generate 6-digit code', () => {
describe("generateEmailOtp", () => {
it("should generate 6-digit code", () => {
const result = TwoFactorService.generateEmailOtp();
expect(result.code).toMatch(/^\d{6}$/);
});
it('should return hashed code', () => {
it("should return hashed code", () => {
const result = TwoFactorService.generateEmailOtp();
expect(result.hashedCode).toHaveLength(64); // SHA-256 hex
});
it('should set expiry in the future', () => {
it("should set expiry in the future", () => {
const result = TwoFactorService.generateEmailOtp();
const now = new Date();
expect(result.expiry.getTime()).toBeGreaterThan(now.getTime());
});
it('should generate different codes each time', () => {
it("should generate different codes each time", () => {
const result1 = TwoFactorService.generateEmailOtp();
const result2 = TwoFactorService.generateEmailOtp();
@@ -140,10 +166,10 @@ describe('TwoFactorService', () => {
});
});
describe('verifyEmailOtp', () => {
it('should return true for valid code', () => {
const code = '123456';
const hashedCode = crypto.createHash('sha256').update(code).digest('hex');
describe("verifyEmailOtp", () => {
it("should return true for valid code", () => {
const code = "123456";
const hashedCode = crypto.createHash("sha256").update(code).digest("hex");
const expiry = new Date(Date.now() + 600000); // 10 minutes from now
const result = TwoFactorService.verifyEmailOtp(code, hashedCode, expiry);
@@ -151,18 +177,25 @@ describe('TwoFactorService', () => {
expect(result).toBe(true);
});
it('should return false for invalid code', () => {
const correctHash = crypto.createHash('sha256').update('123456').digest('hex');
it("should return false for invalid code", () => {
const correctHash = crypto
.createHash("sha256")
.update("123456")
.digest("hex");
const expiry = new Date(Date.now() + 600000);
const result = TwoFactorService.verifyEmailOtp('654321', correctHash, expiry);
const result = TwoFactorService.verifyEmailOtp(
"654321",
correctHash,
expiry,
);
expect(result).toBe(false);
});
it('should return false for expired code', () => {
const code = '123456';
const hashedCode = crypto.createHash('sha256').update(code).digest('hex');
it("should return false for expired code", () => {
const code = "123456";
const hashedCode = crypto.createHash("sha256").update(code).digest("hex");
const expiry = new Date(Date.now() - 60000); // 1 minute ago
const result = TwoFactorService.verifyEmailOtp(code, hashedCode, expiry);
@@ -170,18 +203,27 @@ describe('TwoFactorService', () => {
expect(result).toBe(false);
});
it('should return false for non-6-digit code', () => {
const hashedCode = crypto.createHash('sha256').update('123456').digest('hex');
it("should return false for non-6-digit code", () => {
const hashedCode = crypto
.createHash("sha256")
.update("123456")
.digest("hex");
const expiry = new Date(Date.now() + 600000);
expect(TwoFactorService.verifyEmailOtp('12345', hashedCode, expiry)).toBe(false);
expect(TwoFactorService.verifyEmailOtp('1234567', hashedCode, expiry)).toBe(false);
expect(TwoFactorService.verifyEmailOtp('abcdef', hashedCode, expiry)).toBe(false);
expect(TwoFactorService.verifyEmailOtp("12345", hashedCode, expiry)).toBe(
false,
);
expect(
TwoFactorService.verifyEmailOtp("1234567", hashedCode, expiry),
).toBe(false);
expect(
TwoFactorService.verifyEmailOtp("abcdef", hashedCode, expiry),
).toBe(false);
});
it('should return false when no expiry provided', () => {
const code = '123456';
const hashedCode = crypto.createHash('sha256').update(code).digest('hex');
it("should return false when no expiry provided", () => {
const code = "123456";
const hashedCode = crypto.createHash("sha256").update(code).digest("hex");
const result = TwoFactorService.verifyEmailOtp(code, hashedCode, null);
@@ -189,9 +231,9 @@ describe('TwoFactorService', () => {
});
});
describe('generateRecoveryCodes', () => {
it('should generate 10 recovery codes', async () => {
bcrypt.hash.mockResolvedValue('hashed-code');
describe("generateRecoveryCodes", () => {
it("should generate 10 recovery codes", async () => {
bcrypt.hash.mockResolvedValue("hashed-code");
const result = await TwoFactorService.generateRecoveryCodes();
@@ -199,31 +241,31 @@ describe('TwoFactorService', () => {
expect(result.hashedCodes).toHaveLength(10);
});
it('should generate codes in XXXX-XXXX format', async () => {
bcrypt.hash.mockResolvedValue('hashed-code');
it("should generate codes in XXXX-XXXX format", async () => {
bcrypt.hash.mockResolvedValue("hashed-code");
const result = await TwoFactorService.generateRecoveryCodes();
result.codes.forEach(code => {
result.codes.forEach((code) => {
expect(code).toMatch(/^[A-Z0-9]{4}-[A-Z0-9]{4}$/);
});
});
it('should exclude confusing characters', async () => {
bcrypt.hash.mockResolvedValue('hashed-code');
it("should exclude confusing characters", async () => {
bcrypt.hash.mockResolvedValue("hashed-code");
const result = await TwoFactorService.generateRecoveryCodes();
const confusingChars = ['0', 'O', '1', 'I', 'L'];
result.codes.forEach(code => {
confusingChars.forEach(char => {
const confusingChars = ["0", "O", "1", "I", "L"];
result.codes.forEach((code) => {
confusingChars.forEach((char) => {
expect(code).not.toContain(char);
});
});
});
it('should hash each code with bcrypt', async () => {
bcrypt.hash.mockResolvedValue('hashed-code');
it("should hash each code with bcrypt", async () => {
bcrypt.hash.mockResolvedValue("hashed-code");
await TwoFactorService.generateRecoveryCodes();
@@ -231,104 +273,114 @@ describe('TwoFactorService', () => {
});
});
describe('verifyRecoveryCode', () => {
it('should return valid for correct code (new format)', async () => {
describe("verifyRecoveryCode", () => {
it("should return valid for correct code (new format)", async () => {
bcrypt.compare.mockResolvedValueOnce(false).mockResolvedValueOnce(true);
const recoveryData = {
version: 1,
codes: [
{ hash: 'hash1', used: false, index: 0 },
{ hash: 'hash2', used: false, index: 1 },
{ hash: "hash1", used: false, index: 0 },
{ hash: "hash2", used: false, index: 1 },
],
};
const result = await TwoFactorService.verifyRecoveryCode('XXXX-YYYY', recoveryData);
const result = await TwoFactorService.verifyRecoveryCode(
"XXXX-YYYY",
recoveryData,
);
expect(result.valid).toBe(true);
expect(result.index).toBe(1);
});
it('should return invalid for incorrect code', async () => {
it("should return invalid for incorrect code", async () => {
bcrypt.compare.mockResolvedValue(false);
const recoveryData = {
version: 1,
codes: [
{ hash: 'hash1', used: false, index: 0 },
],
codes: [{ hash: "hash1", used: false, index: 0 }],
};
const result = await TwoFactorService.verifyRecoveryCode('XXXX-YYYY', recoveryData);
const result = await TwoFactorService.verifyRecoveryCode(
"XXXX-YYYY",
recoveryData,
);
expect(result.valid).toBe(false);
expect(result.index).toBe(-1);
});
it('should skip used codes', async () => {
it("should skip used codes", async () => {
bcrypt.compare.mockResolvedValue(true);
const recoveryData = {
version: 1,
codes: [
{ hash: 'hash1', used: true, index: 0 },
{ hash: 'hash2', used: false, index: 1 },
{ hash: "hash1", used: true, index: 0 },
{ hash: "hash2", used: false, index: 1 },
],
};
await TwoFactorService.verifyRecoveryCode('XXXX-YYYY', recoveryData);
await TwoFactorService.verifyRecoveryCode("XXXX-YYYY", recoveryData);
// Should only check the unused code
expect(bcrypt.compare).toHaveBeenCalledTimes(1);
});
it('should normalize input code to uppercase', async () => {
it("should normalize input code to uppercase", async () => {
bcrypt.compare.mockResolvedValue(true);
const recoveryData = {
version: 1,
codes: [{ hash: 'hash1', used: false, index: 0 }],
codes: [{ hash: "hash1", used: false, index: 0 }],
};
await TwoFactorService.verifyRecoveryCode('xxxx-yyyy', recoveryData);
await TwoFactorService.verifyRecoveryCode("xxxx-yyyy", recoveryData);
expect(bcrypt.compare).toHaveBeenCalledWith('XXXX-YYYY', 'hash1');
expect(bcrypt.compare).toHaveBeenCalledWith("XXXX-YYYY", "hash1");
});
it('should return invalid for wrong format', async () => {
it("should return invalid for wrong format", async () => {
const recoveryData = {
version: 1,
codes: [{ hash: 'hash1', used: false, index: 0 }],
codes: [{ hash: "hash1", used: false, index: 0 }],
};
const result = await TwoFactorService.verifyRecoveryCode('INVALID', recoveryData);
const result = await TwoFactorService.verifyRecoveryCode(
"INVALID",
recoveryData,
);
expect(result.valid).toBe(false);
});
it('should handle legacy array format', async () => {
it("should handle legacy array format", async () => {
bcrypt.compare.mockResolvedValueOnce(false).mockResolvedValueOnce(true);
const recoveryData = ['hash1', 'hash2', 'hash3'];
const recoveryData = ["hash1", "hash2", "hash3"];
const result = await TwoFactorService.verifyRecoveryCode('XXXX-YYYY', recoveryData);
const result = await TwoFactorService.verifyRecoveryCode(
"XXXX-YYYY",
recoveryData,
);
expect(result.valid).toBe(true);
});
it('should skip null entries in legacy format', async () => {
it("should skip null entries in legacy format", async () => {
bcrypt.compare.mockResolvedValue(true);
const recoveryData = [null, 'hash2'];
const recoveryData = [null, "hash2"];
await TwoFactorService.verifyRecoveryCode('XXXX-YYYY', recoveryData);
await TwoFactorService.verifyRecoveryCode("XXXX-YYYY", recoveryData);
expect(bcrypt.compare).toHaveBeenCalledTimes(1);
});
});
describe('validateStepUpSession', () => {
it('should return true for valid session', () => {
describe("validateStepUpSession", () => {
it("should return true for valid session", () => {
const user = {
twoFactorVerifiedAt: new Date(Date.now() - 60000), // 1 minute ago
};
@@ -338,7 +390,7 @@ describe('TwoFactorService', () => {
expect(result).toBe(true);
});
it('should return false for expired session', () => {
it("should return false for expired session", () => {
const user = {
twoFactorVerifiedAt: new Date(Date.now() - 600000), // 10 minutes ago
};
@@ -348,7 +400,7 @@ describe('TwoFactorService', () => {
expect(result).toBe(false);
});
it('should return false when no verification timestamp', () => {
it("should return false when no verification timestamp", () => {
const user = {
twoFactorVerifiedAt: null,
};
@@ -358,7 +410,7 @@ describe('TwoFactorService', () => {
expect(result).toBe(false);
});
it('should use custom max age when provided', () => {
it("should use custom max age when provided", () => {
const user = {
twoFactorVerifiedAt: new Date(Date.now() - 1200000), // 20 minutes ago
};
@@ -369,85 +421,88 @@ describe('TwoFactorService', () => {
});
});
describe('getRemainingRecoveryCodesCount', () => {
it('should return count for new format', () => {
describe("getRemainingRecoveryCodesCount", () => {
it("should return count for new format", () => {
const recoveryData = {
version: 1,
codes: [
{ hash: 'hash1', used: false },
{ hash: 'hash2', used: true },
{ hash: 'hash3', used: false },
{ hash: "hash1", used: false },
{ hash: "hash2", used: true },
{ hash: "hash3", used: false },
],
};
const result = TwoFactorService.getRemainingRecoveryCodesCount(recoveryData);
const result =
TwoFactorService.getRemainingRecoveryCodesCount(recoveryData);
expect(result).toBe(2);
});
it('should return count for legacy array format', () => {
const recoveryData = ['hash1', null, 'hash3', 'hash4', null];
it("should return count for legacy array format", () => {
const recoveryData = ["hash1", null, "hash3", "hash4", null];
const result = TwoFactorService.getRemainingRecoveryCodesCount(recoveryData);
const result =
TwoFactorService.getRemainingRecoveryCodesCount(recoveryData);
expect(result).toBe(3);
});
it('should return 0 for null data', () => {
it("should return 0 for null data", () => {
const result = TwoFactorService.getRemainingRecoveryCodesCount(null);
expect(result).toBe(0);
});
it('should return 0 for undefined data', () => {
it("should return 0 for undefined data", () => {
const result = TwoFactorService.getRemainingRecoveryCodesCount(undefined);
expect(result).toBe(0);
});
it('should handle empty array', () => {
it("should handle empty array", () => {
const result = TwoFactorService.getRemainingRecoveryCodesCount([]);
expect(result).toBe(0);
});
it('should handle all used codes', () => {
it("should handle all used codes", () => {
const recoveryData = {
version: 1,
codes: [
{ hash: 'hash1', used: true },
{ hash: 'hash2', used: true },
{ hash: "hash1", used: true },
{ hash: "hash2", used: true },
],
};
const result = TwoFactorService.getRemainingRecoveryCodesCount(recoveryData);
const result =
TwoFactorService.getRemainingRecoveryCodesCount(recoveryData);
expect(result).toBe(0);
});
});
describe('isEmailOtpLocked', () => {
it('should return true when max attempts reached', () => {
describe("isEmailOtpLocked", () => {
it("should return true when max attempts reached", () => {
const result = TwoFactorService.isEmailOtpLocked(3);
expect(result).toBe(true);
});
it('should return true when over max attempts', () => {
it("should return true when over max attempts", () => {
const result = TwoFactorService.isEmailOtpLocked(5);
expect(result).toBe(true);
});
it('should return false when under max attempts', () => {
it("should return false when under max attempts", () => {
const result = TwoFactorService.isEmailOtpLocked(2);
expect(result).toBe(false);
});
it('should return false for zero attempts', () => {
it("should return false for zero attempts", () => {
const result = TwoFactorService.isEmailOtpLocked(0);
expect(result).toBe(false);
});
});
describe('_encryptSecret / _decryptSecret', () => {
it('should encrypt and decrypt correctly', () => {
const secret = 'my-test-secret';
describe("_encryptSecret / _decryptSecret", () => {
it("should encrypt and decrypt correctly", () => {
const secret = "my-test-secret";
const { encrypted, iv } = TwoFactorService._encryptSecret(secret);
const decrypted = TwoFactorService._decryptSecret(encrypted, iv);
@@ -455,16 +510,20 @@ describe('TwoFactorService', () => {
expect(decrypted).toBe(secret);
});
it('should throw error when encryption key is missing', () => {
it("should throw error when encryption key is missing", () => {
delete process.env.TOTP_ENCRYPTION_KEY;
expect(() => TwoFactorService._encryptSecret('test')).toThrow('TOTP_ENCRYPTION_KEY');
expect(() => TwoFactorService._encryptSecret("test")).toThrow(
"TOTP_ENCRYPTION_KEY",
);
});
it('should throw error when encryption key is wrong length', () => {
process.env.TOTP_ENCRYPTION_KEY = 'short';
it("should throw error when encryption key is wrong length", () => {
process.env.TOTP_ENCRYPTION_KEY = "short";
expect(() => TwoFactorService._encryptSecret('test')).toThrow('64-character hex string');
expect(() => TwoFactorService._encryptSecret("test")).toThrow(
"64-character hex string",
);
});
});
});