summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--controllers/root/login.js1
-rw-r--r--database/users.js3
-rw-r--r--tests/root.spec.js13
3 files changed, 17 insertions, 0 deletions
diff --git a/controllers/root/login.js b/controllers/root/login.js
index 431f7f9..dc506cc 100644
--- a/controllers/root/login.js
+++ b/controllers/root/login.js
@@ -39,5 +39,6 @@ export async function login_post(req, res) {
if (Object.keys(page.errors).length === 0) {
return res.redirect(302, '/games');
}
+ res.status(403);
return res.render('login', page);
}
diff --git a/database/users.js b/database/users.js
index cc50bdc..353b54a 100644
--- a/database/users.js
+++ b/database/users.js
@@ -34,6 +34,9 @@ export async function login(username, password) {
console.log(err);
return null;
}
+ if (user === undefined) {
+ return null;
+ }
const result = await bcrypt.compare(password, user.hash);
if (result === true) {
return {
diff --git a/tests/root.spec.js b/tests/root.spec.js
index 34a8328..e422575 100644
--- a/tests/root.spec.js
+++ b/tests/root.spec.js
@@ -34,4 +34,17 @@ describe.concurrent('Root handlers tests', function() {
});
});
});
+
+ describe.concurrent('With invalid credentials', function() {
+ it('POST /login', async function() {
+ await request.post('/login').send('username=NonExistant&password=Alice42!')
+ .expect('Content-Type', /text\/html/)
+ .expect(403, /erreur de connexion/);
+ });
+ it('POST /login', async function() {
+ await request.post('/login').send('username=Alice&password=Invalid')
+ .expect('Content-Type', /text\/html/)
+ .expect(403, /erreur de connexion/);
+ });
+ });
});