Skip to content
Snippets Groups Projects
Commit dc025fbe authored by Shane Tomlinson's avatar Shane Tomlinson
Browse files

Adding test that shows how sync_key can be used to add any email address to any account.

parent 2362aac7
No related branches found
No related tags found
Loading
......@@ -196,4 +196,45 @@ steal.plugins("jquery", "funcunit/qunit").then("/dialog/resources/browserid-iden
stop();
});
test("syncIdentity without first validating email", function() {
BrowserIDNetwork.authenticate("testuser@testuser.com", "testuser", function() {
// First, force removal that way we know it is not part of our list.
BrowserIDIdentities.removeIdentity("unvalidated@unvalidated.com", function() {
clearEmails();
BrowserIDIdentities.syncIdentities(function onSuccess() {
var identities = BrowserIDIdentities.getStoredIdentities();
// Make sure the server has forgotten about this email address.
equal("unvalidated@unvalidated.com" in identities, false, "The removed email should not be on the list.");
// This next call will call /wsapi/set_key on a
// key that has not been validated.
BrowserIDIdentities.syncIdentity("unvalidated@unvalidated.com", "issuer", function(keypair) {
// Clear all the local emails, then refetch the list from the server
// just to be sure we are seeing what the server sees.
clearEmails();
BrowserIDIdentities.syncIdentities(function onSuccess() {
var identities = BrowserIDIdentities.getStoredIdentities();
// woah. Things just went wrong.
equal("unvalidated@unvalidated.com" in identities, false, "The unvalidated email should not be added just through calling sync_key");
start();
}, failure("syncIdentities failure"));
}, failure("syncIdentity failure"));
}, failure("syncIdentities failure"));
}, failure("removeEmail failure"));
}, failure("Authentication failure"));
stop();
});
});
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment