246 lines
8.0 KiB
JavaScript
246 lines
8.0 KiB
JavaScript
var chai = require('chai')
|
|
, Strategy = require('../lib/strategy')
|
|
, test_data = require('./testdata')
|
|
, sinon = require('sinon')
|
|
, verify = require('../lib/verify_jwt')
|
|
, extract_jwt = require('../lib/extract_jwt');
|
|
|
|
|
|
describe('Strategy', function() {
|
|
|
|
before(function() {
|
|
Strategy.JwtVerifier = sinon.stub();
|
|
Strategy.JwtVerifier.callsArgWith(3, null, test_data.valid_jwt.payload);
|
|
});
|
|
|
|
describe('Handling a request with a valid JWT and succesful verification', function() {
|
|
|
|
var strategy, user, info;
|
|
|
|
before(function(done) {
|
|
strategy = new Strategy({jwtFromRequest:extract_jwt.fromAuthHeaderAsBearerToken(), secretOrKey: 'secret'}, function(jwt_paylod, next) {
|
|
return next(null, {user_id: 1234567890}, {foo:'bar'});
|
|
});
|
|
|
|
chai.passport.use(strategy)
|
|
.success(function(u, i) {
|
|
user = u;
|
|
info = i;
|
|
done();
|
|
})
|
|
.req(function(req) {
|
|
req.headers['authorization'] = "bearer " + test_data.valid_jwt.token;
|
|
})
|
|
.authenticate();
|
|
});
|
|
|
|
|
|
it('should provide a user', function() {
|
|
expect(user).to.be.an.object;
|
|
expect(user.user_id).to.equal(1234567890);
|
|
});
|
|
|
|
|
|
it('should forward info', function() {
|
|
expect(info).to.be.an.object;
|
|
expect(info.foo).to.equal('bar');
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
describe('handling a request with valid jwt and failed verification', function() {
|
|
|
|
var strategy, info;
|
|
|
|
before(function(done) {
|
|
strategy = new Strategy({jwtFromRequest: extract_jwt.fromAuthHeaderAsBearerToken(), secretOrKey: 'secret'}, function(jwt_payload, next) {
|
|
return next(null, false, {message: 'invalid user'});
|
|
});
|
|
|
|
chai.passport.use(strategy)
|
|
.fail(function(i) {
|
|
info = i;
|
|
done();
|
|
})
|
|
.req(function(req) {
|
|
req.headers['authorization'] = "bearer " + test_data.valid_jwt.token;
|
|
})
|
|
.authenticate();
|
|
});
|
|
|
|
|
|
it('should fail with info', function() {
|
|
expect(info).to.be.an.object;
|
|
expect(info.message).to.equal('invalid user');
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
describe('handling a request with a valid jwt and an error during verification', function() {
|
|
|
|
var strategy, err;
|
|
|
|
before(function(done) {
|
|
strategy = new Strategy({jwtFromRequest: extract_jwt.fromAuthHeaderAsBearerToken(), secretOrKey: 'secrety'}, function(jwt_payload, next) {
|
|
return next(new Error("ERROR"), false, {message: 'invalid user'});
|
|
});
|
|
|
|
chai.passport.use(strategy)
|
|
.error(function(e) {
|
|
err = e;
|
|
done();
|
|
})
|
|
.req(function(req) {
|
|
req.headers['authorization'] = "bearer " + test_data.valid_jwt.token;
|
|
})
|
|
.authenticate();
|
|
});
|
|
|
|
|
|
it('should error', function() {
|
|
expect(err).to.be.an.instanceof(Error);
|
|
expect(err.message).to.equal('ERROR');
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
describe('handling a request with a valid jwt and an exception during verification', function() {
|
|
var strategy, err;
|
|
|
|
before(function(done) {
|
|
strategy = new Strategy({jwtFromRequest: extract_jwt.fromAuthHeaderAsBearerToken(), secretOrKey: 'secret'}, function(jwt_payload, next) {
|
|
throw new Error("EXCEPTION");
|
|
});
|
|
|
|
chai.passport.use(strategy)
|
|
.error(function(e) {
|
|
err = e;
|
|
done();
|
|
})
|
|
.req(function(req) {
|
|
req.headers['authorization'] = "bearer " + test_data.valid_jwt.token;
|
|
})
|
|
.authenticate();
|
|
});
|
|
|
|
|
|
it('should error', function() {
|
|
expect(err).to.be.an.instanceof(Error);
|
|
expect(err.message).to.equal('EXCEPTION');
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
describe('handling a request with a valid jwt and option passReqToCallback is true', function() {
|
|
|
|
var strategy, expected_request, request_arg;
|
|
|
|
before(function(done) {
|
|
opts = { passReqToCallback: true };
|
|
opts.secretOrKey = 'secret';
|
|
opts.jwtFromRequest = extract_jwt.fromAuthHeaderAsBearerToken();
|
|
strategy = new Strategy(opts, function(request, jwt_payload, next) {
|
|
// Capture the value passed in as the request argument
|
|
request_arg = request;
|
|
return next(null, {user_id: 1234567890}, {foo:'bar'});
|
|
});
|
|
|
|
chai.passport.use(strategy)
|
|
.success(function(u, i) {
|
|
done();
|
|
})
|
|
.req(function(req) {
|
|
req.headers['authorization'] = "bearer " + test_data.valid_jwt.token;
|
|
expected_request = req;
|
|
})
|
|
.authenticate();
|
|
});
|
|
|
|
it('will call verify with request as the first argument', function() {
|
|
expect(expected_request).to.equal(request_arg);
|
|
});
|
|
|
|
});
|
|
|
|
|
|
describe('handling a request when constructed with a secretOrKeyProvider function that succeeds', function() {
|
|
|
|
var strategy, fakeSecretOrKeyProvider, expectedReqeust;
|
|
|
|
before(function(done) {
|
|
fakeSecretOrKeyProvider = sinon.spy(function(request, token, done) {
|
|
done(null, 'secret from callback');
|
|
});
|
|
opts = {
|
|
secretOrKeyProvider: fakeSecretOrKeyProvider,
|
|
jwtFromRequest: function(request) {
|
|
return 'an undecoded jwt string';
|
|
}
|
|
}
|
|
strategy = new Strategy(opts, function(jwtPayload, next) {
|
|
return next(null, {user_id: 'dont care'}, {});
|
|
});
|
|
|
|
chai.passport.use(strategy)
|
|
.success(function(u, i) {
|
|
done();
|
|
})
|
|
.req(function(req) {
|
|
expectedReqeust = req;
|
|
})
|
|
.authenticate();
|
|
});
|
|
|
|
it('should call the fake secret or key provider with the reqeust', function() {
|
|
expect(fakeSecretOrKeyProvider.calledWith(expectedReqeust, sinon.match.any, sinon.match.any)).to.be.true;
|
|
});
|
|
|
|
it('should call the secretOrKeyProvider with the undecoded jwt', function() {
|
|
expect(fakeSecretOrKeyProvider.calledWith(sinon.match.any, 'an undecoded jwt string', sinon.match.any)).to.be.true;
|
|
});
|
|
|
|
it('should call JwtVerifier with the value returned from secretOrKeyProvider', function() {
|
|
expect(Strategy.JwtVerifier.calledWith(sinon.match.any, 'secret from callback', sinon.match.any, sinon.match.any)).to.be.true;
|
|
});
|
|
});
|
|
|
|
|
|
describe('handling a request when constructed with a secretOrKeyProvider function that errors', function() {
|
|
var errorMessage;
|
|
|
|
before(function(done) {
|
|
fakeSecretOrKeyProvider = sinon.spy(function(request, token, done) {
|
|
done('Error occurred looking for the secret');
|
|
});
|
|
opts = {
|
|
secretOrKeyProvider: fakeSecretOrKeyProvider,
|
|
jwtFromRequest: function(request) {
|
|
return 'an undecoded jwt string';
|
|
}
|
|
}
|
|
strategy = new Strategy(opts, function(jwtPayload, next) {
|
|
return next(null, {user_id: 'dont care'}, {});
|
|
});
|
|
|
|
chai.passport.use(strategy)
|
|
.fail(function(i) {
|
|
errorMessage = i;
|
|
done();
|
|
})
|
|
.authenticate();
|
|
});
|
|
|
|
it('should fail with the error message from the secretOrKeyProvider', function() {
|
|
expect(errorMessage).to.equal('Error occurred looking for the secret');
|
|
});
|
|
});
|
|
});
|