mirror of
https://github.com/Termix-SSH/Termix.git
synced 2026-07-16 21:33:41 +00:00
a2f6c90eae
Password resets no longer destroy user data: the DEK is system-wrapped, so forgot-password and admin resets are just a hash update plus session revoke. The wipe branch survives only for accounts that never logged in since the encryption upgrade and now requires explicit confirmDataWipe (surfaced as a 409 DATA_WIPE_REQUIRED; the reset UI asks for confirmation). Adds POST /users/admin/reset-password and removes the dead re-encryption paths.
124 lines
3.8 KiB
TypeScript
124 lines
3.8 KiB
TypeScript
import { beforeEach, describe, expect, it, vi } from "vitest";
|
|
import type { AuthManager } from "../../utils/auth-manager.js";
|
|
|
|
const calls = vi.hoisted(() => ({
|
|
userUpdates: [] as Array<[string, Record<string, unknown>]>,
|
|
deletedFor: [] as string[],
|
|
rotatedFor: [] as string[],
|
|
legacyWrapsDeletedFor: [] as string[],
|
|
}));
|
|
|
|
function deletingRepo(label: string) {
|
|
return () => ({
|
|
deleteByUserId: async (userId: string) => {
|
|
calls.deletedFor.push(`${label}:${userId}`);
|
|
return 0;
|
|
},
|
|
});
|
|
}
|
|
|
|
vi.mock("../repositories/factory.js", () => ({
|
|
createCurrentUserRepository: () => ({
|
|
update: async (userId: string, update: Record<string, unknown>) => {
|
|
calls.userUpdates.push([userId, update]);
|
|
return { id: userId };
|
|
},
|
|
}),
|
|
createCurrentSettingsRepository: () => ({}),
|
|
createCurrentSshCredentialUsageRepository: deletingRepo("usage"),
|
|
createCurrentFileManagerBookmarkRepository: deletingRepo("bookmarks"),
|
|
createCurrentRecentActivityRepository: deletingRepo("activity"),
|
|
createCurrentDismissedAlertRepository: deletingRepo("alerts"),
|
|
createCurrentSnippetRepository: deletingRepo("snippets"),
|
|
createCurrentHostRepository: deletingRepo("hosts"),
|
|
createCurrentCredentialRepository: deletingRepo("credentials"),
|
|
}));
|
|
|
|
vi.mock("../../utils/user-keys.js", () => ({
|
|
UserKeyManager: {
|
|
getInstance: () => ({
|
|
rotateUserDEK: async (userId: string) => {
|
|
calls.rotatedFor.push(userId);
|
|
return Buffer.alloc(32);
|
|
},
|
|
}),
|
|
},
|
|
}));
|
|
|
|
vi.mock("../../utils/crypto-migration/dek-migration.js", () => ({
|
|
deleteLegacyWraps: async (userId: string) => {
|
|
calls.legacyWrapsDeletedFor.push(userId);
|
|
},
|
|
}));
|
|
|
|
import { resetUserPassword } from "./user-password-reset-routes.js";
|
|
|
|
function fakeAuthManager(unlocked: boolean): AuthManager {
|
|
return {
|
|
isUserUnlocked: () => unlocked,
|
|
logoutUser: vi.fn(async () => {}),
|
|
} as unknown as AuthManager;
|
|
}
|
|
|
|
beforeEach(() => {
|
|
calls.userUpdates = [];
|
|
calls.deletedFor = [];
|
|
calls.rotatedFor = [];
|
|
calls.legacyWrapsDeletedFor = [];
|
|
});
|
|
|
|
describe("resetUserPassword", () => {
|
|
it("preserves data for users with a server-wrapped key", async () => {
|
|
const outcome = await resetUserPassword(fakeAuthManager(true), {
|
|
userId: "user-1",
|
|
username: "alice",
|
|
newPassword: "new-password",
|
|
confirmDataWipe: false,
|
|
});
|
|
|
|
expect(outcome).toEqual({ status: "reset", dataWiped: false });
|
|
expect(calls.userUpdates).toHaveLength(1);
|
|
expect(calls.userUpdates[0][1]).toHaveProperty("passwordHash");
|
|
expect(calls.deletedFor).toEqual([]);
|
|
expect(calls.rotatedFor).toEqual([]);
|
|
});
|
|
|
|
it("requires explicit consent before wiping an unmigrated user", async () => {
|
|
const outcome = await resetUserPassword(fakeAuthManager(false), {
|
|
userId: "user-1",
|
|
username: "alice",
|
|
newPassword: "new-password",
|
|
confirmDataWipe: false,
|
|
});
|
|
|
|
expect(outcome).toEqual({ status: "wipe_confirmation_required" });
|
|
expect(calls.userUpdates).toEqual([]);
|
|
expect(calls.deletedFor).toEqual([]);
|
|
});
|
|
|
|
it("wipes data and rotates the key when consent is given", async () => {
|
|
const outcome = await resetUserPassword(fakeAuthManager(false), {
|
|
userId: "user-1",
|
|
username: "alice",
|
|
newPassword: "new-password",
|
|
confirmDataWipe: true,
|
|
});
|
|
|
|
expect(outcome).toEqual({ status: "reset", dataWiped: true });
|
|
expect(calls.deletedFor).toEqual([
|
|
"usage:user-1",
|
|
"bookmarks:user-1",
|
|
"activity:user-1",
|
|
"alerts:user-1",
|
|
"snippets:user-1",
|
|
"hosts:user-1",
|
|
"credentials:user-1",
|
|
]);
|
|
expect(calls.rotatedFor).toEqual(["user-1"]);
|
|
expect(calls.legacyWrapsDeletedFor).toEqual(["user-1"]);
|
|
expect(
|
|
calls.userUpdates.some(([, update]) => update.totpEnabled === false),
|
|
).toBe(true);
|
|
});
|
|
});
|