diff options
author | Julien Dessaux | 2023-04-29 15:39:25 +0200 |
---|---|---|
committer | Julien Dessaux | 2023-04-29 15:39:57 +0200 |
commit | c86bb2adbd906f0a01f8dfcf87eaa3cacf3aa6d4 (patch) | |
tree | 752b2396be946a0b75553bb3ac5feff4b40f476a | |
parent | Typo (diff) | |
download | jeux-de-mots-c86bb2adbd906f0a01f8dfcf87eaa3cacf3aa6d4.tar.gz jeux-de-mots-c86bb2adbd906f0a01f8dfcf87eaa3cacf3aa6d4.tar.bz2 jeux-de-mots-c86bb2adbd906f0a01f8dfcf87eaa3cacf3aa6d4.zip |
Fixed invalid username handling
Diffstat (limited to '')
-rw-r--r-- | controllers/root/login.js | 1 | ||||
-rw-r--r-- | database/users.js | 3 | ||||
-rw-r--r-- | tests/root.spec.js | 13 |
3 files changed, 17 insertions, 0 deletions
diff --git a/controllers/root/login.js b/controllers/root/login.js index 431f7f9..dc506cc 100644 --- a/controllers/root/login.js +++ b/controllers/root/login.js @@ -39,5 +39,6 @@ export async function login_post(req, res) { if (Object.keys(page.errors).length === 0) { return res.redirect(302, '/games'); } + res.status(403); return res.render('login', page); } diff --git a/database/users.js b/database/users.js index cc50bdc..353b54a 100644 --- a/database/users.js +++ b/database/users.js @@ -34,6 +34,9 @@ export async function login(username, password) { console.log(err); return null; } + if (user === undefined) { + return null; + } const result = await bcrypt.compare(password, user.hash); if (result === true) { return { diff --git a/tests/root.spec.js b/tests/root.spec.js index 34a8328..e422575 100644 --- a/tests/root.spec.js +++ b/tests/root.spec.js @@ -34,4 +34,17 @@ describe.concurrent('Root handlers tests', function() { }); }); }); + + describe.concurrent('With invalid credentials', function() { + it('POST /login', async function() { + await request.post('/login').send('username=NonExistant&password=Alice42!') + .expect('Content-Type', /text\/html/) + .expect(403, /erreur de connexion/); + }); + it('POST /login', async function() { + await request.post('/login').send('username=Alice&password=Invalid') + .expect('Content-Type', /text\/html/) + .expect(403, /erreur de connexion/); + }); + }); }); |