From b5f2cf3711ffcca96603273aec2fdd29595531b3 Mon Sep 17 00:00:00 2001
From: joan <joan@verdnatura.es>
Date: Thu, 13 Apr 2023 11:54:56 +0200
Subject: [PATCH] Added unit test & translation fixes

---
 .../account/specs/validate-auth.spec.js       | 41 +++++++++++++++++++
 back/methods/account/validate-auth.js         |  2 +-
 db/changes/231401/00-department.sql           |  2 +-
 loopback/locale/es.json                       |  2 +-
 4 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 back/methods/account/specs/validate-auth.spec.js

diff --git a/back/methods/account/specs/validate-auth.spec.js b/back/methods/account/specs/validate-auth.spec.js
new file mode 100644
index 000000000..44ea96320
--- /dev/null
+++ b/back/methods/account/specs/validate-auth.spec.js
@@ -0,0 +1,41 @@
+const {models} = require('vn-loopback/server/server');
+
+fdescribe('account validateAuth()', () => {
+    const developerId = 9;
+
+    it('should throw an error for a non existent code', async() => {
+        const ctx = {req: {accessToken: {userId: developerId}}};
+
+        let error;
+        try {
+            await models.Account.validateAuth(ctx, 'developer', 'nightmare', '123456');
+        } catch (e) {
+            error = e;
+        }
+
+        expect(error).toBeDefined();
+        expect(error.statusCode).toBe(400);
+        expect(error.message).toEqual('Invalid or expired verification code');
+    });
+
+    it('should throw an error when a code doesn`t match the login username', async() => {
+        const ctx = {req: {accessToken: {userId: developerId}}};
+
+        let error;
+        try {
+            const authCode = await models.AuthCode.create({
+                userFk: 1,
+                code: '555555',
+                expires: Date.vnNow() + (60 * 1000)
+            });
+            await models.Account.validateAuth(ctx, 'developer', 'nightmare', '555555');
+            await authCode.destroy();
+        } catch (e) {
+            error = e;
+        }
+
+        expect(error).toBeDefined();
+        expect(error.statusCode).toBe(400);
+        expect(error.message).toEqual('Authentication failed');
+    });
+});
diff --git a/back/methods/account/validate-auth.js b/back/methods/account/validate-auth.js
index ba1c6a3bb..6745b8838 100644
--- a/back/methods/account/validate-auth.js
+++ b/back/methods/account/validate-auth.js
@@ -40,7 +40,7 @@ module.exports = Self => {
             }
         });
 
-        const expired = Date.now() > authCode.expires;
+        const expired = authCode && Date.vnNow() > authCode.expires;
         if (!authCode || expired)
             throw new UserError('Invalid or expired verification code');
 
diff --git a/db/changes/231401/00-department.sql b/db/changes/231401/00-department.sql
index ffc3a1622..d9a91ee30 100644
--- a/db/changes/231401/00-department.sql
+++ b/db/changes/231401/00-department.sql
@@ -1,5 +1,5 @@
 alter table `vn`.`department`
-    add `twoFactor` ENUM ('email') null comment 'Default user tow-factor auth type';
+    add `twoFactor` ENUM ('email') null comment 'Default user two-factor auth type';
 
 drop trigger `vn`.`department_afterUpdate`;
 
diff --git a/loopback/locale/es.json b/loopback/locale/es.json
index 70ba15098..be9b0036a 100644
--- a/loopback/locale/es.json
+++ b/loopback/locale/es.json
@@ -275,6 +275,6 @@
 	"Insert a date range": "Inserte un rango de fechas",
 	"Added observation": "{{user}} añadió esta observacion: {{text}}",
 	"Comment added to client": "Observación añadida al cliente {{clientFk}}",
-	"Invalid auth code": "Invalid auth code",
+	"Invalid auth code": "Código de verificación incorrecto",
 	"Invalid or expired verification code": "Invalid or expired verification code"
 }
\ No newline at end of file