authelia/client/test/firstfactor/FirstFactorValidator.test.ts
Clement Michaud 56fdc40290 Every public endpoints return 200 with harmonized error messages or 401
Now, /verify can return 401 or 403 depending on the user authentication.
Every public API endpoints and pages return 200 with error message in
JSON body or 401 if the user is not authorized.

This policy makes it complicated for an attacker to know what is the source of
the failure and hide server-side bugs (not returning 500), bugs being potential
threats.
2017-10-14 11:57:38 +02:00

44 lines
1.8 KiB
TypeScript

import FirstFactorValidator = require("../../src/lib/firstfactor/FirstFactorValidator");
import JQueryMock = require("../mocks/jquery");
import BluebirdPromise = require("bluebird");
import Assert = require("assert");
describe("test FirstFactorValidator", function () {
it("should validate first factor successfully", () => {
const postPromise = JQueryMock.JQueryDeferredMock();
postPromise.done.yields({ redirect: "http://redirect" });
postPromise.done.returns(postPromise);
const jqueryMock = JQueryMock.JQueryMock();
jqueryMock.jquery.ajax.returns(postPromise);
return FirstFactorValidator.validate("username", "password", "http://redirect", jqueryMock.jquery as any);
});
function should_fail_first_factor_validation(errorMessage: string) {
const xhr = {
status: 401
};
const postPromise = JQueryMock.JQueryDeferredMock();
postPromise.fail.yields(xhr, errorMessage);
postPromise.done.returns(postPromise);
const jqueryMock = JQueryMock.JQueryMock();
jqueryMock.jquery.ajax.returns(postPromise);
return FirstFactorValidator.validate("username", "password", "http://redirect", jqueryMock.jquery as any)
.then(function () {
return BluebirdPromise.reject(new Error("First factor validation successfully finished while it should have not."));
}, function (err: Error) {
Assert.equal(errorMessage, err.message);
return BluebirdPromise.resolve();
});
}
describe("should fail first factor validation", () => {
it("should fail with error", () => {
return should_fail_first_factor_validation("Authentication failed. Please check your credentials.");
});
});
});