mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
206 lines
6.3 KiB
JavaScript
206 lines
6.3 KiB
JavaScript
|
|
var sinon = require('sinon');
|
|
var identity_check = require('../../src/lib/identity_check');
|
|
var exceptions = require('../../src/lib/Exceptions');
|
|
var assert = require('assert');
|
|
var winston = require('winston');
|
|
var Promise = require('bluebird');
|
|
|
|
describe('test identity check process', function() {
|
|
var req, res, app, icheck_interface;
|
|
var user_data_store;
|
|
var notifier;
|
|
|
|
beforeEach(function() {
|
|
req = {};
|
|
res = {};
|
|
|
|
app = {};
|
|
icheck_interface = {};
|
|
icheck_interface.pre_check_callback = sinon.stub();
|
|
|
|
user_data_store = {};
|
|
user_data_store.issue_identity_check_token = sinon.stub();
|
|
user_data_store.issue_identity_check_token.returns(Promise.resolve());
|
|
user_data_store.consume_identity_check_token = sinon.stub();
|
|
user_data_store.consume_identity_check_token.returns(Promise.resolve({ userid: 'user' }));
|
|
|
|
notifier = {};
|
|
notifier.notify = sinon.stub().returns(Promise.resolve());
|
|
|
|
req.headers = {};
|
|
req.session = {};
|
|
req.session.auth_session = {};
|
|
|
|
req.query = {};
|
|
req.app = {};
|
|
req.app.get = sinon.stub();
|
|
req.app.get.withArgs('logger').returns(winston);
|
|
req.app.get.withArgs('user data store').returns(user_data_store);
|
|
req.app.get.withArgs('notifier').returns(notifier);
|
|
|
|
res.status = sinon.spy();
|
|
res.send = sinon.spy();
|
|
res.redirect = sinon.spy();
|
|
res.render = sinon.spy();
|
|
|
|
app.get = sinon.spy();
|
|
app.post = sinon.spy();
|
|
});
|
|
|
|
it('should register a POST and GET endpoint', function() {
|
|
var app = {};
|
|
app.get = sinon.spy();
|
|
app.post = sinon.spy();
|
|
var endpoint = '/test';
|
|
var icheck_interface = {};
|
|
|
|
identity_check(app, endpoint, icheck_interface);
|
|
|
|
assert(app.get.calledOnce);
|
|
assert(app.get.calledWith(endpoint));
|
|
|
|
assert(app.post.calledOnce);
|
|
assert(app.post.calledWith(endpoint));
|
|
});
|
|
|
|
describe('test POST', test_post_handler);
|
|
describe('test GET', test_get_handler);
|
|
|
|
function test_post_handler() {
|
|
it('should send 403 if pre check rejects', function(done) {
|
|
var endpoint = '/protected';
|
|
|
|
icheck_interface.pre_check_callback.returns(Promise.reject('No access'));
|
|
identity_check(app, endpoint, icheck_interface);
|
|
|
|
res.send = sinon.spy(function() {
|
|
assert.equal(res.status.getCall(0).args[0], 403);
|
|
done();
|
|
});
|
|
|
|
var handler = app.post.getCall(0).args[1];
|
|
handler(req, res);
|
|
});
|
|
|
|
it('should send 400 if email is missing in provided identity', function(done) {
|
|
var endpoint = '/protected';
|
|
var identity = { userid: 'abc' };
|
|
|
|
icheck_interface.pre_check_callback.returns(Promise.resolve(identity));
|
|
identity_check(app, endpoint, icheck_interface);
|
|
|
|
res.send = sinon.spy(function() {
|
|
assert.equal(res.status.getCall(0).args[0], 400);
|
|
done();
|
|
});
|
|
|
|
var handler = app.post.getCall(0).args[1];
|
|
handler(req, res);
|
|
});
|
|
|
|
it('should send 400 if userid is missing in provided identity', function(done) {
|
|
var endpoint = '/protected';
|
|
var identity = { email: 'abc@example.com' };
|
|
|
|
icheck_interface.pre_check_callback.returns(Promise.resolve(identity));
|
|
identity_check(app, endpoint, icheck_interface);
|
|
|
|
res.send = sinon.spy(function() {
|
|
assert.equal(res.status.getCall(0).args[0], 400);
|
|
done();
|
|
});
|
|
var handler = app.post.getCall(0).args[1];
|
|
handler(req, res);
|
|
});
|
|
|
|
it('should issue a token, send an email and return 204', function(done) {
|
|
var endpoint = '/protected';
|
|
var identity = { userid: 'user', email: 'abc@example.com' };
|
|
req.headers.host = 'localhost';
|
|
req.headers['x-original-uri'] = '/auth/test';
|
|
|
|
icheck_interface.pre_check_callback.returns(Promise.resolve(identity));
|
|
identity_check(app, endpoint, icheck_interface);
|
|
|
|
res.send = sinon.spy(function() {
|
|
assert.equal(res.status.getCall(0).args[0], 204);
|
|
assert(notifier.notify.calledOnce);
|
|
assert(user_data_store.issue_identity_check_token.calledOnce);
|
|
assert.equal(user_data_store.issue_identity_check_token.getCall(0).args[0], 'user');
|
|
assert.equal(user_data_store.issue_identity_check_token.getCall(0).args[3], 240000);
|
|
done();
|
|
});
|
|
var handler = app.post.getCall(0).args[1];
|
|
handler(req, res);
|
|
});
|
|
}
|
|
|
|
function test_get_handler() {
|
|
it('should send 403 if no identity_token is provided', function(done) {
|
|
var endpoint = '/protected';
|
|
|
|
identity_check(app, endpoint, icheck_interface);
|
|
|
|
res.send = sinon.spy(function() {
|
|
assert.equal(res.status.getCall(0).args[0], 403);
|
|
done();
|
|
});
|
|
var handler = app.get.getCall(0).args[1];
|
|
handler(req, res);
|
|
});
|
|
|
|
it('should render template if identity_token is provided and still valid', function(done) {
|
|
req.query.identity_token = 'token';
|
|
var endpoint = '/protected';
|
|
|
|
icheck_interface.render_template = 'template';
|
|
|
|
identity_check(app, endpoint, icheck_interface);
|
|
|
|
res.render = sinon.spy(function(template) {
|
|
assert.equal(template, 'template');
|
|
done();
|
|
});
|
|
var handler = app.get.getCall(0).args[1];
|
|
handler(req, res);
|
|
});
|
|
|
|
it('should return 403 if identity_token is provided but invalid', function(done) {
|
|
req.query.identity_token = 'token';
|
|
var endpoint = '/protected';
|
|
|
|
icheck_interface.render_template = 'template';
|
|
user_data_store.consume_identity_check_token
|
|
.returns(Promise.reject('Invalid token'));
|
|
|
|
identity_check(app, endpoint, icheck_interface);
|
|
|
|
res.send = sinon.spy(function(template) {
|
|
assert.equal(res.status.getCall(0).args[0], 403);
|
|
done();
|
|
});
|
|
var handler = app.get.getCall(0).args[1];
|
|
handler(req, res);
|
|
});
|
|
|
|
it('should set the identity_check session object even if session does not exist yet', function(done) {
|
|
req.query.identity_token = 'token';
|
|
var endpoint = '/protected';
|
|
|
|
req.session = {};
|
|
icheck_interface.render_template = 'template';
|
|
|
|
identity_check(app, endpoint, icheck_interface);
|
|
|
|
res.render = sinon.spy(function(template) {
|
|
assert.equal(req.session.auth_session.identity_check.userid, 'user');
|
|
assert.equal(template, 'template');
|
|
done();
|
|
});
|
|
var handler = app.get.getCall(0).args[1];
|
|
handler(req, res);
|
|
});
|
|
}
|
|
});
|