IT4Change/Ocelot-Social
3
0
Fork 0
mirror of https://github.com/IT4Change/Ocelot-Social.git synced 2025-12-13 07:45:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check invalid email

Browse Source 
Sending a mail with further instructions even if the email is invalid
seems to be a good practice: A potential attacker will not now if a user
has an account under that email address. If a user does not remember the
email address, but has control over the other mail account, she will get
feedback that this mail account is incorrect.
This commit is contained in:
Robert Schäfer 2019-06-15 23:01:22 +02:00
parent c7ee0c8121
commit 145a8d8bf6
1 changed files with 39 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
backend/src/schema/resolvers/passwordReset.spec.js
View File

@ -30,9 +30,25 @@ describe('passwordReset', () => {
}) })
describe('requestPasswordReset', () => { describe('requestPasswordReset', () => {
const variables = { email: 'user@example.org' }
const mutation = `mutation($email: String!) { requestPasswordReset(email: $email) }` const mutation = `mutation($email: String!) { requestPasswordReset(email: $email) }`
describe('with invalid email', () => {
const variables = { email: 'non-existent@example.org' }
it('resolves anyways', async () => {
await expect(client.request(mutation, variables)).resolves.toEqual({"requestPasswordReset": true})
})
it('creates no node', async () => {
await client.request(mutation, variables)
const resets = await getAllPasswordResets()
expect(resets).toHaveLength(0)
})
})
describe('with a valid email', () => {
const variables = { email: 'user@example.org' }
it('resolves', async () => { it('resolves', async () => {
await expect(client.request(mutation, variables)).resolves.toEqual({"requestPasswordReset": true}) await expect(client.request(mutation, variables)).resolves.toEqual({"requestPasswordReset": true})
}) })
@ -61,3 +77,4 @@ describe('passwordReset', () => {
}) })
}) })
}) })
})