From c86bb2adbd906f0a01f8dfcf87eaa3cacf3aa6d4 Mon Sep 17 00:00:00 2001 From: Julien Dessaux Date: Sat, 29 Apr 2023 15:39:25 +0200 Subject: Fixed invalid username handling --- controllers/root/login.js | 1 + database/users.js | 3 +++ tests/root.spec.js | 13 +++++++++++++ 3 files changed, 17 insertions(+) diff --git a/controllers/root/login.js b/controllers/root/login.js index 431f7f9..dc506cc 100644 --- a/controllers/root/login.js +++ b/controllers/root/login.js @@ -39,5 +39,6 @@ export async function login_post(req, res) { if (Object.keys(page.errors).length === 0) { return res.redirect(302, '/games'); } + res.status(403); return res.render('login', page); } diff --git a/database/users.js b/database/users.js index cc50bdc..353b54a 100644 --- a/database/users.js +++ b/database/users.js @@ -34,6 +34,9 @@ export async function login(username, password) { console.log(err); return null; } + if (user === undefined) { + return null; + } const result = await bcrypt.compare(password, user.hash); if (result === true) { return { diff --git a/tests/root.spec.js b/tests/root.spec.js index 34a8328..e422575 100644 --- a/tests/root.spec.js +++ b/tests/root.spec.js @@ -34,4 +34,17 @@ describe.concurrent('Root handlers tests', function() { }); }); }); + + describe.concurrent('With invalid credentials', function() { + it('POST /login', async function() { + await request.post('/login').send('username=NonExistant&password=Alice42!') + .expect('Content-Type', /text\/html/) + .expect(403, /erreur de connexion/); + }); + it('POST /login', async function() { + await request.post('/login').send('username=Alice&password=Invalid') + .expect('Content-Type', /text\/html/) + .expect(403, /erreur de connexion/); + }); + }); }); -- cgit v1.2.3