techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity
40574bc8ec
authelia/server/src/lib/routes/verify/CheckInactivity.spec.ts
Clement Michaud 40574bc8ec Fix the bypass strategy. 
Before this fix an anonymous user was not able to access a resource
that were configured with a bypass policy. This was due to a useless
check of the userid in the auth session. Moreover, in the case of an
anonymous user, we should not check the inactivity period since there
is no session.

Also refactor /verify endpoint for better testability and add tests
in a new suite.
2019-03-22 23:51:36 +01:00

60 lines
1.9 KiB
TypeScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

import * as Express from "express";
import * as ExpressMock from "../../stubs/express.spec";
import * as Sinon from "sinon";
import * as Assert from "assert";
import CheckInactivity from "./CheckInactivity";
import { AuthenticationSession } from "../../../../types/AuthenticationSession";
import { Configuration } from "../../configuration/schema/Configuration";
import { RequestLoggerStub } from "../../logging/RequestLoggerStub.spec";
describe('routes/verify/VerifyInactivity', function() {
let req: Express.Request;
let authSession: AuthenticationSession;
let configuration: Configuration;
let logger: RequestLoggerStub;
beforeEach(function() {
req = ExpressMock.RequestMock();
authSession = {} as any;
configuration = {
session: {
domain: 'example.com',
secret: 'abc',
inactivity: 1000,
},
authentication_backend: {
file: {
path: 'abc'
}
}
}
logger = new RequestLoggerStub();
});
it('should not throw if inactivity timeout is disabled', function() {
delete configuration.session.inactivity;
CheckInactivity(req, authSession, configuration, logger);
});
it('should not throw if keep me logged in has been checked', function() {
authSession.keep_me_logged_in = true;
CheckInactivity(req, authSession, configuration, logger);
});
it('should not throw if the inactivity timeout has not timed out', function() {
this.clock = Sinon.useFakeTimers();
authSession.last_activity_datetime = new Date().getTime();
this.clock.tick(200);
CheckInactivity(req, authSession, configuration, logger);
this.clock.restore();
});
it('should throw if the inactivity timeout has timed out', function() {
this.clock = Sinon.useFakeTimers();
authSession.last_activity_datetime = new Date().getTime();
this.clock.tick(2000);
Assert.throws(() => CheckInactivity(req, authSession, configuration, logger));
this.clock.restore();
});
});
Reference in New Issue View Git Blame Copy Permalink