mirror of
https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git
synced 2025-12-18 02:21:13 +00:00
feat(core): Prompt user to confirm password when changing email and mfa is disabled (#19408)
Co-authored-by: Marc Littlemore <MarcL@users.noreply.github.com>
This commit is contained in:
Konstantin Tieber
committed by
GitHub
GitHub
parent
ccee1acf05
commit
f0388aae7e
@@ -27,6 +27,9 @@ beforeEach(async () => {
|
||||
});
|
||||
});
|
||||
|
||||
const ownerPassword = randomValidPassword();
|
||||
const memberPassword = randomValidPassword();
|
||||
|
||||
describe('Owner shell', () => {
|
||||
let ownerShell: User;
|
||||
let authOwnerShellAgent: SuperAgentTest;
|
||||
@@ -132,7 +135,6 @@ describe('Owner shell', () => {
|
||||
});
|
||||
|
||||
describe('Member', () => {
|
||||
const memberPassword = randomValidPassword();
|
||||
let member: User;
|
||||
let authMemberAgent: SuperAgentTest;
|
||||
|
||||
@@ -146,7 +148,7 @@ describe('Member', () => {
|
||||
});
|
||||
|
||||
test('PATCH /me should succeed with valid inputs', async () => {
|
||||
for (const validPayload of VALID_PATCH_ME_PAYLOADS) {
|
||||
for (const validPayload of getValidPatchMePayloads('member')) {
|
||||
const response = await authMemberAgent.patch('/me').send(validPayload).expect(200);
|
||||
|
||||
const { id, email, firstName, lastName, personalizationAnswers, role, password, isPending } =
|
||||
@@ -175,7 +177,7 @@ describe('Member', () => {
|
||||
});
|
||||
|
||||
test('PATCH /me should fail with invalid inputs', async () => {
|
||||
for (const invalidPayload of INVALID_PATCH_ME_PAYLOADS) {
|
||||
for (const invalidPayload of getInvalidPatchMePayloads('member')) {
|
||||
const response = await authMemberAgent.patch('/me').send(invalidPayload);
|
||||
expect(response.statusCode).toBe(400);
|
||||
|
||||
@@ -192,6 +194,39 @@ describe('Member', () => {
|
||||
}
|
||||
});
|
||||
|
||||
test('PATCH /me should fail when changing email without currentPassword', async () => {
|
||||
const payloadWithoutPassword = {
|
||||
email: randomEmail(),
|
||||
firstName: randomName(),
|
||||
lastName: randomName(),
|
||||
};
|
||||
|
||||
const response = await authMemberAgent.patch('/me').send(payloadWithoutPassword);
|
||||
expect(response.statusCode).toBe(400);
|
||||
expect(response.body.message).toContain('Current password is required to change email');
|
||||
|
||||
const storedMember = await Container.get(UserRepository).findOneByOrFail({});
|
||||
expect(storedMember.email).toBe(member.email);
|
||||
});
|
||||
|
||||
test('PATCH /me should fail when changing email with wrong currentPassword', async () => {
|
||||
const payloadWithWrongPassword = {
|
||||
email: randomEmail(),
|
||||
firstName: randomName(),
|
||||
lastName: randomName(),
|
||||
currentPassword: 'WrongPassword123',
|
||||
};
|
||||
|
||||
const response = await authMemberAgent.patch('/me').send(payloadWithWrongPassword);
|
||||
expect(response.statusCode).toBe(400);
|
||||
expect(response.body.message).toContain(
|
||||
'Unable to update profile. Please check your credentials and try again.',
|
||||
);
|
||||
|
||||
const storedMember = await Container.get(UserRepository).findOneByOrFail({});
|
||||
expect(storedMember.email).toBe(member.email);
|
||||
});
|
||||
|
||||
test('PATCH /me/password should succeed with valid inputs', async () => {
|
||||
const validPayload = {
|
||||
currentPassword: memberPassword,
|
||||
@@ -243,10 +278,13 @@ describe('Member', () => {
|
||||
|
||||
describe('Owner', () => {
|
||||
test('PATCH /me should succeed with valid inputs', async () => {
|
||||
const owner = await createUser({ role: GLOBAL_OWNER_ROLE });
|
||||
const owner = await createUser({
|
||||
role: GLOBAL_OWNER_ROLE,
|
||||
password: ownerPassword,
|
||||
});
|
||||
const authOwnerAgent = testServer.authAgentFor(owner);
|
||||
|
||||
for (const validPayload of VALID_PATCH_ME_PAYLOADS) {
|
||||
for (const validPayload of getValidPatchMePayloads('owner')) {
|
||||
const response = await authOwnerAgent.patch('/me').send(validPayload);
|
||||
|
||||
expect(response.statusCode).toBe(200);
|
||||
@@ -314,6 +352,24 @@ const EMPTY_SURVEY: IPersonalizationSurveyAnswersV4 = {
|
||||
personalization_survey_n8n_version: '1.0.0',
|
||||
};
|
||||
|
||||
function getValidPatchMePayloads(userType: 'owner' | 'member') {
|
||||
return VALID_PATCH_ME_PAYLOADS.map((payload) => {
|
||||
if (userType === 'owner') {
|
||||
return { ...payload, currentPassword: ownerPassword };
|
||||
}
|
||||
return { ...payload, currentPassword: memberPassword };
|
||||
});
|
||||
}
|
||||
|
||||
function getInvalidPatchMePayloads(userType: 'owner' | 'member') {
|
||||
return INVALID_PATCH_ME_PAYLOADS.map((payload) => {
|
||||
if (userType === 'owner') {
|
||||
return { ...payload, currentPassword: ownerPassword };
|
||||
}
|
||||
return { ...payload, currentPassword: memberPassword };
|
||||
});
|
||||
}
|
||||
|
||||
const VALID_PATCH_ME_PAYLOADS = [
|
||||
{
|
||||
email: randomEmail(),
|
||||
|
||||
@@ -50,10 +50,9 @@ describe('Instance owner', () => {
|
||||
await authOwnerAgent
|
||||
.patch('/me')
|
||||
.send({
|
||||
email: randomEmail(),
|
||||
email: owner.email,
|
||||
firstName: randomName(),
|
||||
lastName: randomName(),
|
||||
password: randomValidPassword(),
|
||||
})
|
||||
.expect(200);
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user