/api/user/create-reset-code (POST)
Account information like email addresses is generated with faker-js it is not real user information.
await global.api.user.CreateResetCode.post(req)Returns object
{
"codeid": "code_da9e9a8a9d57b500",
"object": "resetCode",
"appid": "tests_1656038576",
"accountid": "acct_ec38f4a04c1a9023",
"createdAt": "2022-06-24T02:42:56.822Z",
"updatedAt": "2022-06-24T02:42:56.822Z"
}Exceptions
These exceptions are thrown (NodeJS) or returned as JSON (HTTP) if you provide incorrect data or do not meet the requirements:
| Exception | Circumstances |
|---|---|
| invalid-accountid | missing querystring accountid |
| invalid querystring accountid | |
| ineligible accessing account | |
| invalid-secret-code | missing posted secret-code |
| invalid posted secret-code is not alphanumeric | |
| invalid-secret-code-length | posted secret code too short |
| posted secret code too long |
NodeJS source (view on github)
const dashboard = require('../../../../index.js')
module.exports = {
post: async (req) => {
if (!req.query || !req.query.accountid) {
throw new Error('invalid-accountid')
}
const account = await global.api.user.Account.get(req)
if (!account) {
throw new Error('invalid-accountid')
}
if (!req.body || !req.body['secret-code']) {
throw new Error('invalid-secret-code')
}
if (req.body['secret-code'].match(/^[a-z0-9]+$/i) === null) {
throw new Error('invalid-secret-code')
}
if (global.minimumResetCodeLength > req.body['secret-code'].length ||
global.maximumResetCodeLength < req.body['secret-code'].length) {
throw new Error('invalid-secret-code-length')
}
let dashboardEncryptionKey = global.dashboardEncryptionKey
if (req.server) {
dashboardEncryptionKey = req.server.dashboardEncryptionKey || dashboardEncryptionKey
}
const secretCodeHash = await dashboard.Hash.sha512Hash(req.body['secret-code'], dashboardEncryptionKey)
const resetCodeInfo = {
accountid: req.query.accountid,
secretCodeHash,
appid: req.appid || global.appid
}
const resetCode = await dashboard.Storage.ResetCode.create(resetCodeInfo)
await dashboard.Storage.Account.update({
resetCodeLastCreatedAt: new Date()
}, {
where: {
accountid: req.query.accountid,
appid: req.appid || global.appid
}
})
req.query.codeid = resetCode.codeid
const code = await global.api.user.ResetCode.get(req)
return code
}
}
Test source (view on github)
/* eslint-env mocha */
const assert = require('assert')
const TestHelper = require('../../../../test-helper.js')
describe('/api/user/create-reset-code', () => {
describe('exceptions', () => {
describe('invalid-accountid', () => {
it('missing querystring accountid', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest('/api/user/create-reset-code')
req.account = user.account
req.session = user.session
let errorMessage
try {
await req.post()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-accountid')
})
it('invalid querystring accountid', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest('/api/user/create-reset-code?accountid=invalid')
req.account = user.account
req.session = user.session
let errorMessage
try {
await req.post()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-accountid')
})
})
describe('invalid-accountid', () => {
it('ineligible accessing account', async () => {
const user = await TestHelper.createUser()
const user2 = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/create-reset-code?accountid=${user2.account.accountid}`)
req.account = user.account
req.session = user.session
let errorMessage
try {
await req.post()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-account')
})
})
describe('invalid-secret-code', () => {
it('missing posted secret-code', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/create-reset-code?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.body = {
}
let errorMessage
try {
await req.post()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-secret-code')
})
it('invalid posted secret-code is not alphanumeric', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/create-reset-code?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.body = {
'secret-code': 'this has spaces'
}
let errorMessage
try {
await req.post()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-secret-code')
})
})
describe('invalid-secret-code-length', () => {
it('posted secret code too short', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/create-reset-code?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.body = {
'secret-code': '1'
}
global.minimumResetCodeLength = 100
let errorMessage
try {
await req.post()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-secret-code-length')
})
it('posted secret code too long', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/create-reset-code?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.body = {
'secret-code': 'adsf'
}
global.maximumResetCodeLength = 1
let errorMessage
try {
await req.post()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-secret-code-length')
})
})
})
describe('returns', () => {
it('object', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/create-reset-code?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.filename = __filename
req.saveResponse = true
req.body = {
'secret-code': 'secret000'
}
const code = await req.post()
assert.strictEqual(code.object, 'resetCode')
})
})
})