2017-05-21 03:55:37 +07:00
|
|
|
|
|
|
|
|
|
import sinon = require("sinon");
|
|
|
|
|
import BluebirdPromise = require("bluebird");
|
|
|
|
|
import assert = require("assert");
|
|
|
|
|
import winston = require("winston");
|
|
|
|
|
|
2017-05-25 20:09:29 +07:00
|
|
|
|
import FirstFactorPost = require("../../../../src/server/lib/routes/firstfactor/post");
|
|
|
|
|
import exceptions = require("../../../../src/server/lib/Exceptions");
|
|
|
|
|
import AuthenticationSession = require("../../../../src/server/lib/AuthenticationSession");
|
|
|
|
|
import Endpoints = require("../../../../src/server/endpoints");
|
|
|
|
|
|
|
|
|
|
import AuthenticationRegulatorMock = require("../../mocks/AuthenticationRegulator");
|
|
|
|
|
import AccessControllerMock = require("../../mocks/AccessController");
|
|
|
|
|
import { LdapClientMock } from "../../mocks/LdapClient";
|
|
|
|
|
import ExpressMock = require("../../mocks/express");
|
|
|
|
|
import ServerVariablesMock = require("../../mocks/ServerVariablesMock");
|
2017-05-21 03:55:37 +07:00
|
|
|
|
|
2017-05-22 04:32:09 +07:00
|
|
|
|
describe("test the first factor validation route", function () {
|
2017-05-21 17:14:59 +07:00
|
|
|
|
let req: ExpressMock.RequestMock;
|
|
|
|
|
let res: ExpressMock.ResponseMock;
|
2017-05-21 03:55:37 +07:00
|
|
|
|
let emails: string[];
|
|
|
|
|
let groups: string[];
|
|
|
|
|
let configuration;
|
2017-05-21 06:15:34 +07:00
|
|
|
|
let ldapMock: LdapClientMock;
|
2017-05-21 17:14:59 +07:00
|
|
|
|
let regulator: AuthenticationRegulatorMock.AuthenticationRegulatorMock;
|
|
|
|
|
let accessController: AccessControllerMock.AccessControllerMock;
|
2017-05-21 03:55:37 +07:00
|
|
|
|
|
2017-05-22 04:32:09 +07:00
|
|
|
|
beforeEach(function () {
|
2017-05-21 03:55:37 +07:00
|
|
|
|
configuration = {
|
|
|
|
|
ldap: {
|
|
|
|
|
base_dn: "ou=users,dc=example,dc=com",
|
|
|
|
|
user_name_attribute: "uid"
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2017-05-22 04:32:09 +07:00
|
|
|
|
emails = ["test_ok@example.com"];
|
|
|
|
|
groups = ["group1", "group2" ];
|
2017-05-21 03:55:37 +07:00
|
|
|
|
|
2017-05-21 06:15:34 +07:00
|
|
|
|
ldapMock = LdapClientMock();
|
2017-05-21 03:55:37 +07:00
|
|
|
|
|
2017-05-21 17:14:59 +07:00
|
|
|
|
accessController = AccessControllerMock.AccessControllerMock();
|
2017-05-21 03:55:37 +07:00
|
|
|
|
accessController.isDomainAllowedForUser.returns(true);
|
|
|
|
|
|
2017-05-21 17:14:59 +07:00
|
|
|
|
regulator = AuthenticationRegulatorMock.AuthenticationRegulatorMock();
|
2017-05-21 03:55:37 +07:00
|
|
|
|
regulator.regulate.returns(BluebirdPromise.resolve());
|
|
|
|
|
regulator.mark.returns(BluebirdPromise.resolve());
|
|
|
|
|
|
|
|
|
|
req = {
|
|
|
|
|
app: {
|
|
|
|
|
},
|
|
|
|
|
body: {
|
|
|
|
|
username: "username",
|
|
|
|
|
password: "password"
|
|
|
|
|
},
|
|
|
|
|
session: {
|
2017-05-22 04:32:09 +07:00
|
|
|
|
},
|
|
|
|
|
headers: {
|
|
|
|
|
host: "home.example.com"
|
2017-05-21 03:55:37 +07:00
|
|
|
|
}
|
|
|
|
|
};
|
2017-05-25 20:09:29 +07:00
|
|
|
|
|
|
|
|
|
AuthenticationSession.reset(req as any);
|
|
|
|
|
|
|
|
|
|
const mocks = ServerVariablesMock.mock(req.app);
|
|
|
|
|
mocks.ldap = ldapMock;
|
|
|
|
|
mocks.config = configuration;
|
|
|
|
|
mocks.logger = winston;
|
|
|
|
|
mocks.regulator = regulator;
|
|
|
|
|
mocks.accessController = accessController;
|
|
|
|
|
|
2017-05-21 06:15:34 +07:00
|
|
|
|
res = ExpressMock.ResponseMock();
|
2017-05-21 03:55:37 +07:00
|
|
|
|
});
|
|
|
|
|
|
2017-05-25 20:09:29 +07:00
|
|
|
|
it("should redirect client to second factor page", function () {
|
|
|
|
|
ldapMock.bind.withArgs("username").returns(BluebirdPromise.resolve());
|
|
|
|
|
ldapMock.get_emails.returns(BluebirdPromise.resolve(emails));
|
|
|
|
|
const authSession = AuthenticationSession.get(req as any);
|
|
|
|
|
return FirstFactorPost.default(req as any, res as any)
|
|
|
|
|
.then(function () {
|
|
|
|
|
assert.equal("username", authSession.userid);
|
|
|
|
|
assert.equal(Endpoints.SECOND_FACTOR_GET, res.redirect.getCall(0).args[0]);
|
2017-05-21 03:55:37 +07:00
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2017-05-22 04:32:09 +07:00
|
|
|
|
it("should retrieve email from LDAP", function (done) {
|
2017-05-25 20:09:29 +07:00
|
|
|
|
res.redirect = sinon.spy(function () { done(); });
|
2017-05-21 03:55:37 +07:00
|
|
|
|
ldapMock.bind.returns(BluebirdPromise.resolve());
|
2017-05-22 04:32:09 +07:00
|
|
|
|
ldapMock.get_emails = sinon.stub().withArgs("username").returns(BluebirdPromise.resolve([{ mail: ["test@example.com"] }]));
|
2017-05-25 20:09:29 +07:00
|
|
|
|
FirstFactorPost.default(req as any, res as any);
|
2017-05-21 03:55:37 +07:00
|
|
|
|
});
|
|
|
|
|
|
2017-05-22 04:32:09 +07:00
|
|
|
|
it("should set email as session variables", function () {
|
2017-05-25 20:09:29 +07:00
|
|
|
|
const emails = ["test_ok@example.com"];
|
|
|
|
|
const authSession = AuthenticationSession.get(req as any);
|
|
|
|
|
ldapMock.bind.returns(BluebirdPromise.resolve());
|
|
|
|
|
ldapMock.get_emails.returns(BluebirdPromise.resolve(emails));
|
|
|
|
|
return FirstFactorPost.default(req as any, res as any)
|
|
|
|
|
.then(function () {
|
|
|
|
|
assert.equal("test_ok@example.com", authSession.email);
|
2017-05-21 03:55:37 +07:00
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2017-05-22 04:32:09 +07:00
|
|
|
|
it("should return status code 401 when LDAP binding throws", function (done) {
|
|
|
|
|
res.send = sinon.spy(function () {
|
2017-05-21 03:55:37 +07:00
|
|
|
|
assert.equal(401, res.status.getCall(0).args[0]);
|
|
|
|
|
assert.equal(regulator.mark.getCall(0).args[0], "username");
|
|
|
|
|
done();
|
|
|
|
|
});
|
2017-05-21 17:14:59 +07:00
|
|
|
|
ldapMock.bind.returns(BluebirdPromise.reject(new exceptions.LdapBindError("Bad credentials")));
|
2017-05-25 20:09:29 +07:00
|
|
|
|
FirstFactorPost.default(req as any, res as any);
|
2017-05-21 03:55:37 +07:00
|
|
|
|
});
|
|
|
|
|
|
2017-05-22 04:32:09 +07:00
|
|
|
|
it("should return status code 500 when LDAP search throws", function (done) {
|
|
|
|
|
res.send = sinon.spy(function () {
|
2017-05-21 03:55:37 +07:00
|
|
|
|
assert.equal(500, res.status.getCall(0).args[0]);
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
ldapMock.bind.returns(BluebirdPromise.resolve());
|
2017-05-25 20:09:29 +07:00
|
|
|
|
ldapMock.get_emails.returns(BluebirdPromise.reject(new exceptions.LdapSearchError("error while retrieving emails")));
|
|
|
|
|
FirstFactorPost.default(req as any, res as any);
|
2017-05-21 03:55:37 +07:00
|
|
|
|
});
|
|
|
|
|
|
2017-05-22 04:32:09 +07:00
|
|
|
|
it("should return status code 403 when regulator rejects authentication", function (done) {
|
2017-05-21 03:55:37 +07:00
|
|
|
|
const err = new exceptions.AuthenticationRegulationError("Authentication regulation...");
|
|
|
|
|
regulator.regulate.returns(BluebirdPromise.reject(err));
|
|
|
|
|
|
2017-05-22 04:32:09 +07:00
|
|
|
|
res.send = sinon.spy(function () {
|
2017-05-21 03:55:37 +07:00
|
|
|
|
assert.equal(403, res.status.getCall(0).args[0]);
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
ldapMock.bind.returns(BluebirdPromise.resolve());
|
|
|
|
|
ldapMock.get_emails.returns(BluebirdPromise.resolve());
|
2017-05-25 20:09:29 +07:00
|
|
|
|
FirstFactorPost.default(req as any, res as any);
|
2017-05-21 03:55:37 +07:00
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|