Server re-build with latest AdonisJS framework & Typescript (#47)

* chore: setup first basis structure

* chore: ensure styling is loaded correctly

* chore: comply to new routing syntax by replace . with / in routes/resource locations

* chore: add login controller

* chore: correctly use views with slash instead of dot

* chore: working login + tests

* chore: clean up tests

* chore: add password-forgot endpoint and matching test

* chore: add delete page test

* chore: add logout test

* chore: add reset-password route and tests

* chore: remove obsolete comment

* chore: add account-page and tests

* chore: add data page & first step of the test

* chore: add transfer/import data feature and tests

* chore: add export and basic test

* chore: add all static api routes with tests

* Regenerate 'pnpm-lock.json' and fix bad merge conflict

WIP:
- Tests have been commented out since they dont work
- Server doesn't start

* easier dev and test runs

* - remove --require-pragma from reformat-files so formatting works properly
- run pnpm reformat-files over codebase
- remove .json files from .eslintignore
- add invalid.json file to .eslintignore
- configure prettier properly in eslint config
- add type jsdoc to prettier config
- run adonis generate:manifest command to regenerate ace-manifest.json
- specify volta in package.json
- introduce typecheck npm script
- remove unused .mjs extension from npm scripts
- install missing type definition dependencies
- add pnpm.allowedDeprecatedVersions to package.json
- fix invalid extends in tsconfig.json causing TS issues throughout codebase
- remove @ts-ignore throughout codebase which is not relevant anymore
- enable some of the tsconfig options
- remove outdated eslint-disable from codebase
- change deprecated faker.company.companyName() to faker.company.name()
- fix TS issues inside transfer.spec.ts

* - update to latest node and pnpm versions
- upgrade all non-major dependencies to latest
- install missing @types/luxon dependency
- add cuid to pnpm.allowedDeprecatedVersions
- add esModuleInterop config option to tsconfig
- migrate more deprecated faker methods to new ones
- add more temporary ts-ignore to code

* - update eslint config
- remove trailingComma: all since default in prettier v3
- add typecheck command to prepare-code npm script
- upgrade various dependencies to latest major version
- update tsconfig to include only useful config options
- disable some lint issues and fix others

* - add test command to prepare-code
- disable strictPropertyInitialization flag in tsconfig which creates issues with adonis models
- update precommit hook to excute pnpm prepare-code
- remove ts-ignore statements from all models

* fix node and pnpm dependency update

* add cross env (so that we can develop on windows)

* add signup endpoint (TODO: JWT auth)

* Add login endpoint

* Add me and updateMe endpoints

* Add service endpoint

* refactor: change endpoints to use jwt

* add recipes endpoint

* add workspaces endpoint

* fix web controllors for login and post import

* Update node deps

* Change auth middleware (for web) and exempt api from CSRF

* Add import endpoint (franz import)

* Fix export/import logic

* Fix service and workspace data in user/data

* Fix partial lint

* chore: workaround lint issues

* fix: migration naming had two .

* Sync back node with recipes repo

* Temporarily ignore typescript

* Fix adonisrc to handle public folder static assets

* Fix issue with production database

* add Legacy Password Provider

* Fix lint errors

* Fix issue on login errors frontend

* add Legacy Password Provider

* Fix issue with customIcons

* Fix issue with auth tokens

* Update 'node' to '18.18.0'

* make docker work

* improve docker entrypoint (test api performance)

* Add migration database script

* NODE_ENV on recipes

* prefer @ts-expect-error over @ts-ignore

* small fixes

* Update 'pnpm' to '8.7.6'

* fix error catch

* Automatically generate JWT Public and Private keys

* Use custom Adonis5-jwt

* Update code to use secret (old way, no breaking changes)

* Normalize appKey

* Trick to make JWT tokens on client work with new version

* Fix error with new JWT logic

* Change migration and how we store JWT

* Fix 500 response code (needs to be 401)

* Improve logic and fix bugs

* Fix build and entrypoint logic

* Catch error if appKey changes

* Add newToken logic

* Fix lint (ignore any errors)

* Add build for PRs

* pnpm reformat-files result

* Fix some tests

* Fix reset password not working (test failing)

* Restore csrfTokens (disabled by accident)

* Fix pnpm start command with .env

* Disable failing tests on the transfer endpoint (TODO)

* Add tests to PR build

* Fix build

* Remove unnecessary assertStatus

* Add typecheck

* hash password on UserFactory (fix build)

* Add JWT_USE_PEM true by default (increase security)

* fix name of github action

---------

Co-authored-by: Vijay A <vraravam@users.noreply.github.com>
Co-authored-by: Balaji Vijayakumar <kuttibalaji.v6@gmail.com>
Co-authored-by: MCMXC <16797721+mcmxcdev@users.noreply.github.com>
Co-authored-by: André Oliveira <oliveira.andrerodrigues95@gmail.com>

1 files changed, 122 insertions, 0 deletions

diff --git a/tests/functional/dashboard/reset-password.spec.ts b/tests/functional/dashboard/reset-password.spec.ts
new file mode 100644
index 0000000..e488482
--- /dev/null
+++ b/tests/functional/dashboard/reset-password.spec.ts
@@ -0,0 +1,122 @@
+import { test } from '@japa/runner';
+import Token from 'App/Models/Token';
+import UserFactory from 'Database/factories/UserFactory';
+import TokenFactory from 'Database/factories/TokenFactory';
+
+test.group('Dashboard / Reset password page', () => {
+  test('returns a `Invalid token` message when opening without a token', async ({
+    client,
+  }) => {
+    const response = await client.get('/user/reset');
+
+    response.assertStatus(200);
+    response.assertTextIncludes('Invalid token');
+  });
+
+  test('displays the form when a token is provided', async ({ client }) => {
+    const response = await client.get(
+      '/user/reset?token=randomtokenbutitworks',
+    );
+
+    response.assertStatus(200);
+    response.assertTextIncludes('Reset Your Password');
+  });
+
+  test('returns `passwords do not match` message when passwords do not match', async ({
+    client,
+  }) => {
+    const response = await client.post('/user/reset').fields({
+      token: 'randomnotworkingtoken',
+      password: 'password',
+      password_confirmation: 'not_matching',
+    });
+
+    response.assertTextIncludes('Passwords do not match');
+  });
+
+  test('returns `Cannot reset your password` when token does not exist', async ({
+    client,
+  }) => {
+    const response = await client.post('/user/reset').fields({
+      token: 'randomnotworkingtoken',
+      password: 'password',
+      password_confirmation: 'password',
+    });
+
+    response.assertTextIncludes('Cannot reset your password');
+  });
+
+  test('returns `Cannot reset your password` when token is older than 24 hours', async ({
+    client,
+  }) => {
+    const token = await TokenFactory.merge({
+      // eslint-disable-next-line unicorn/no-await-expression-member
+      user_id: (await UserFactory.create()).id,
+    })
+      .apply('old_token')
+      .create();
+
+    const response = await client.post('/user/reset').fields({
+      token: token.token,
+      password: 'password',
+      password_confirmation: 'password',
+    });
+
+    response.assertTextIncludes('Cannot reset your password');
+  });
+
+  test('returns `Cannot reset your password` when token is revoked', async ({
+    client,
+  }) => {
+    const token = await TokenFactory.merge({
+      // eslint-disable-next-line unicorn/no-await-expression-member
+      user_id: (await UserFactory.create()).id,
+    })
+      .apply('revoked')
+      .create();
+
+    const response = await client.post('/user/reset').fields({
+      token: token.token,
+      password: 'password',
+      password_confirmation: 'password',
+    });
+
+    response.assertTextIncludes('Cannot reset your password');
+  });
+
+  test('correctly resets password and deletes token and able to login with new password', async ({
+    client,
+    assert,
+  }) => {
+    const userEmail = 'working-reset-password-login@ferdium.org';
+    const token = await TokenFactory.merge({
+      user_id:
+        (
+          await UserFactory.merge({
+            email: userEmail,
+          }).create()
+        // prettier-ignore
+        // eslint-disable-next-line unicorn/no-await-expression-member
+        ).id,
+    }).create();
+
+    const response = await client.post('/user/reset').fields({
+      token: token.token,
+      password: 'new_password',
+      password_confirmation: 'new_password',
+    });
+
+    // Assert response is as expected
+    response.assertTextIncludes('Successfully reset your password');
+
+    // Token should be deleted from database
+    assert.isNull(await Token.query().where('token', token.token).first());
+
+    const loginResponse = await client.post('/user/login').fields({
+      mail: userEmail,
+      password: 'new_password',
+    });
+
+    loginResponse.assertRedirectsTo('/user/account');
+  });
+});